[secdir] Review of draft-ietf-sidr-rpki-rtr-20
"Hilarie Orman" <hilarie@purplestreak.com> Tue, 13 December 2011 07:29 UTC
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 167E621F86A4 for <secdir@ietfa.amsl.com>; Mon, 12 Dec 2011 23:29:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xo-B6b2w2+lK for <secdir@ietfa.amsl.com>; Mon, 12 Dec 2011 23:29:54 -0800 (PST)
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) by ietfa.amsl.com (Postfix) with ESMTP id 8F0AB21F86A0 for <secdir@ietf.org>; Mon, 12 Dec 2011 23:29:54 -0800 (PST)
Received: from mx03.mta.xmission.com ([166.70.13.213]) by out02.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1RaMoE-0006Vt-4S for secdir@ietf.org; Tue, 13 Dec 2011 00:29:54 -0700
Received: from 166-70-57-249.ip.xmission.com ([166.70.57.249] helo=sylvester.rhmr.com) by mx03.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1RaMoD-0005hI-DD for secdir@ietf.org; Tue, 13 Dec 2011 00:29:54 -0700
Received: from sylvester.rhmr.com (localhost [127.0.0.1]) by sylvester.rhmr.com (8.14.4/8.14.3/Debian-9.1ubuntu1) with ESMTP id pBD7TZOf001426 for <secdir@ietf.org>; Tue, 13 Dec 2011 00:29:35 -0700
Received: (from hilarie@localhost) by sylvester.rhmr.com (8.14.4/8.14.4/Submit) id pBD7TWcU001389; Tue, 13 Dec 2011 00:29:32 -0700
Date: Tue, 13 Dec 2011 00:29:32 -0700
Message-Id: <201112130729.pBD7TWcU001389@sylvester.rhmr.com>
From: Hilarie Orman <hilarie@purplestreak.com>
To: secdir@ietf.org
X-XM-SPF: eid=; ; ; mid=; ; ; hst=mx03.mta.xmission.com; ; ; ip=166.70.57.249; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-DomainKey: sender_domain=purplestreak.com; ; ; sender=hilarie@purplestreak.com; ; ; status=error
X-SA-Exim-Connect-IP: 166.70.57.249
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa02 1397; Body=2 Fuz1=2 Fuz2=2
X-Spam-Combo: ;secdir@ietf.org
X-Spam-Relay-Country:
X-SA-Exim-Version: 4.2.1 (built Fri, 06 Aug 2010 16:31:04 -0600)
X-SA-Exim-Scanned: Yes (on mx03.mta.xmission.com)
Subject: [secdir] Review of draft-ietf-sidr-rpki-rtr-20
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2011 07:29:55 -0000
security review of
The RPKI/Router Protocol, draft-ietf-sidr-rpki-rtr-20
Do not be alarmed. I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG. These comments were written primarily for
the benefit of the security area directors. Document editors and WG
chairs should treat these comments just like any other last call
comments.
The protocol defines the communication between a router and an
Autonomous System (AS) cache validated by public keys. This is part
of a work in progress to secure routing infrastructure. The caches
implement a "resource public key infrastructure (RPKI)".
I'll accept on faith that the records in the cache are secured by
public keys in a reasonable fashion. The problem addressed by the
protocol is: how do routers securely obtain the records, under the
hypothesis that they will not actually carry out validation? The
answer is a simple protocol that concentrates assuring record
freshness and punts security to some preconfigured point-to-point
communication with some kind of transport security. This document
cheerily anticipates the debut of I-cant-Believe-Its-Not-TCPMD5
(TCP-AO).
The draft makes reference to "monkey in the middle attacks". I can't
decide if this is more insulting to men or monkeys, but in any case, it
needs some kind of reference to distinguish it from the more normal
MITM term.
The Security Considerations state:
The identity of the cache server MUST be verified and
authenticated by the router client, and vice versa, before any
data are exchanged.
yet there is no explanation of what this means, in general, because
the protocol has no authentication component. Some of the transports
can do this, but not all. More explanation is needed.
The cache identifies its boot instance via a nonce, and the client
routers are supposed to record the nonce and discard all records if
the nonce changes. The nonce is only 16 bits, though, and the
probability of two boot instances choosing the same nonce is too high,
in my opinion.
"Commensurate" is an odd term. It simply means "don't use the serial
number if the nonce doesn't match."
Hilarie
- [secdir] Review of draft-ietf-sidr-rpki-rtr-20 Hilarie Orman