Re: [secdir] Review of draft-ietf-opsec-routing-protocols-crypto-issues-04

[Sandra Murphy <Sandra.Murphy@sparta.com>]

On Thu, 27 May 2010, Vishwas Manral wrote:

> Hi Sam/ Sandra,
>
> I agree with what you guys have said, we can work to refine the wording to
> make it clear that there are no known attacks.
>
> There may not be known attacks based on collision, but that does not
> preclude future issues that may result. One thing I can see is if we can
> change the topology field and still have the right/ same hash, it could lead
> to basic issues like traffic redirection, black holes and routing loops. I
> agree the fact that the packet needs to be a valid format packet makes the
> attack considerably harder.

I really did mean what I said - if you can think of cases where routing 
protocols could be damaged by a collision attack, speak up.

Most of the things I could think of were attacks that resulted from a 
legitimate participant behaving badly, and we all know just how much 
risk routing protocols face from legitimate participants behaving badly 
anyway - collisions would be no more risk.

--Sandy


>
> Thanks,
> Vishwas
>
> -----Original Message-----
> From: Sandra Murphy [mailto:Sandra.Murphy@sparta.com]
> Sent: Thursday, May 27, 2010 11:56 AM
> To: Sam Hartman
> Cc: Nicolas Williams; shares@nexthop.com; jjaeggli@checkpoint.com;
> manav.bhatia@alcatel-lucent.com; vishwas@ipinfusion.com; secdir@ietf.org
> Subject: Re: [secdir] Review of
> draft-ietf-opsec-routing-protocols-crypto-issues-04
>
> I was discussing this just this morning with a colleague.
>
> The discussion of pre-image and collision points out that using collisions
> as an attack on a routing protocol is not that easy since routing
> protocols have format requirements - the attacker would have to find a
> collision that is also a validly formatted protocol packet.
>
> Even beyond that, if the authors can point to some damage an attacker
> could do in a routing protocol using a collision, that would be very
> interesting.
>
>
> --Sandy
>
> On Thu, 27 May 2010, Sam Hartman wrote:
>
>>>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@oracle.com> writes:
>>
>>    Nicolas> I have reviewed this document as part of the security
>>    Nicolas> directorate's ongoing effort to review all IETF documents
>>    Nicolas> being processed by the IESG. Document editors and WG chairs
>>    Nicolas> should treat these comments just like any other last call
>>    Nicolas> comments.
>>
>>    Nicolas> This document aims to be an Informational RFC describing
>>    Nicolas> security problems with various routing protocols.
>>
>>    Nicolas> Aside from various spelling and other nits that the
>>    Nicolas> RFC-Editor can easily handle, I have no issues with this
>>    Nicolas> document and it is ready for publication.
>>
>> This document talks a lot about collision attacks against MD5 and then
>> draws the conclusion that MD5 should not be used as part of a MAC.  I
>> agree that it is prudent to provide alternatives to MD5.  However, I
>> think the current text implies that collision attacks against MD5 are
>> applicable to attacks against the use of MD5 in routing protocols.
>>
>> There is an introductory section that describes the difference between
>> pre image and collision attacks, but the rest of the document seems to
>> ignore the advice of that section.
>> _______________________________________________
>> secdir mailing list
>> secdir@ietf.org
>> https://www.ietf.org/mailman/listinfo/secdir
>>
>
>