[secdir] Secdir review of draft-ietf-idr-error-handling

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 02 March 2015 20:18 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 7736A1A897A for <secdir@ietfa.amsl.com>; Mon, 2 Mar 2015 12:18:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.552
X-Spam-Status: No, score=0.552 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id JTGT_r8wiTFq for <secdir@ietfa.amsl.com>; Mon, 2 Mar 2015 12:18:43 -0800 (PST)
Received: from proper.com (Opus1.Proper.COM []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C51A91A8981 for <secdir@ietf.org>; Mon, 2 Mar 2015 12:18:43 -0800 (PST)
Received: from [] (142-254-17-245.dsl.dynamic.fusionbroadband.com []) (authenticated bits=0) by proper.com (8.15.1/8.14.9) with ESMTPSA id t22KIgwC002338 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <secdir@ietf.org>; Mon, 2 Mar 2015 13:18:43 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 142-254-17-245.dsl.dynamic.fusionbroadband.com [] claimed to be []
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <14C0D5BD-5063-4B8F-B17F-80C9A832AC75@vpnc.org>
Date: Mon, 02 Mar 2015 12:18:42 -0800
To: secdir <secdir@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Y_X943DLc3FOrUiwBwBq-4bbm2w>
Subject: [secdir] Secdir review of draft-ietf-idr-error-handling
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2015 20:18:44 -0000

Greetings again. This document updates the error handling of a bunch of BGP protocol documents to deal with the fact that they (inadvertently) allow a remote attacker to cause BGP sessions to be reset when they probably shouldn't be. The problem being solved is that BGP says that if an UPDATE message with a malformed attribute is received, the current spec says the entire session in which that message was received is reset, even parts that are valid. However, UPDATE messages might be propagated through intermediate routers that don't check the attribute validity, so that an attacker can possibly make a hard-to-trace and expanding attack.

The draft says, in essence, "limit the damage of the malformed attribute to only the part of the session that are directly related to it". It also updates the similar error handing for a bunch of other BGP attributes. Overall, the draft is clear, and the Security Considerations section is concise and easy to understand.

--Paul Hoffman