[secdir] Review of draft-ietf-sidr-rpki-rtr-20
"Hilarie Orman" <hilarie@purplestreak.com> Tue, 13 December 2011 07:29 UTC
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 167E621F86A4 for <secdir@ietfa.amsl.com>; Mon, 12 Dec 2011 23:29:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xo-B6b2w2+lK for <secdir@ietfa.amsl.com>; Mon, 12 Dec 2011 23:29:54 -0800 (PST)
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) by ietfa.amsl.com (Postfix) with ESMTP id 8F0AB21F86A0 for <secdir@ietf.org>; Mon, 12 Dec 2011 23:29:54 -0800 (PST)
Received: from mx03.mta.xmission.com ([166.70.13.213]) by out02.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1RaMoE-0006Vt-4S for secdir@ietf.org; Tue, 13 Dec 2011 00:29:54 -0700
Received: from 166-70-57-249.ip.xmission.com ([166.70.57.249] helo=sylvester.rhmr.com) by mx03.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1RaMoD-0005hI-DD for secdir@ietf.org; Tue, 13 Dec 2011 00:29:54 -0700
Received: from sylvester.rhmr.com (localhost [127.0.0.1]) by sylvester.rhmr.com (8.14.4/8.14.3/Debian-9.1ubuntu1) with ESMTP id pBD7TZOf001426 for <secdir@ietf.org>; Tue, 13 Dec 2011 00:29:35 -0700
Received: (from hilarie@localhost) by sylvester.rhmr.com (8.14.4/8.14.4/Submit) id pBD7TWcU001389; Tue, 13 Dec 2011 00:29:32 -0700
Date: Tue, 13 Dec 2011 00:29:32 -0700
Message-Id: <201112130729.pBD7TWcU001389@sylvester.rhmr.com>
From: Hilarie Orman <hilarie@purplestreak.com>
To: secdir@ietf.org
X-XM-SPF: eid=; ; ; mid=; ; ; hst=mx03.mta.xmission.com; ; ; ip=166.70.57.249; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-DomainKey: sender_domain=purplestreak.com; ; ; sender=hilarie@purplestreak.com; ; ; status=error
X-SA-Exim-Connect-IP: 166.70.57.249
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa02 1397; Body=2 Fuz1=2 Fuz2=2
X-Spam-Combo: ;secdir@ietf.org
X-Spam-Relay-Country:
X-SA-Exim-Version: 4.2.1 (built Fri, 06 Aug 2010 16:31:04 -0600)
X-SA-Exim-Scanned: Yes (on mx03.mta.xmission.com)
Subject: [secdir] Review of draft-ietf-sidr-rpki-rtr-20
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2011 07:29:55 -0000
security review of The RPKI/Router Protocol, draft-ietf-sidr-rpki-rtr-20 Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The protocol defines the communication between a router and an Autonomous System (AS) cache validated by public keys. This is part of a work in progress to secure routing infrastructure. The caches implement a "resource public key infrastructure (RPKI)". I'll accept on faith that the records in the cache are secured by public keys in a reasonable fashion. The problem addressed by the protocol is: how do routers securely obtain the records, under the hypothesis that they will not actually carry out validation? The answer is a simple protocol that concentrates assuring record freshness and punts security to some preconfigured point-to-point communication with some kind of transport security. This document cheerily anticipates the debut of I-cant-Believe-Its-Not-TCPMD5 (TCP-AO). The draft makes reference to "monkey in the middle attacks". I can't decide if this is more insulting to men or monkeys, but in any case, it needs some kind of reference to distinguish it from the more normal MITM term. The Security Considerations state: The identity of the cache server MUST be verified and authenticated by the router client, and vice versa, before any data are exchanged. yet there is no explanation of what this means, in general, because the protocol has no authentication component. Some of the transports can do this, but not all. More explanation is needed. The cache identifies its boot instance via a nonce, and the client routers are supposed to record the nonce and discard all records if the nonce changes. The nonce is only 16 bits, though, and the probability of two boot instances choosing the same nonce is too high, in my opinion. "Commensurate" is an odd term. It simply means "don't use the serial number if the nonce doesn't match." Hilarie
- [secdir] Review of draft-ietf-sidr-rpki-rtr-20 Hilarie Orman