Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening
Stephen Kent <kent@bbn.com> Thu, 29 March 2012 09:16 UTC
Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDD6221F8A1F for <sidr@ietfa.amsl.com>; Thu, 29 Mar 2012 02:16:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.407
X-Spam-Level:
X-Spam-Status: No, score=-106.407 tagged_above=-999 required=5 tests=[AWL=0.191, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8QoJACrO6lbO for <sidr@ietfa.amsl.com>; Thu, 29 Mar 2012 02:16:20 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 829DE21F8A17 for <sidr@ietf.org>; Thu, 29 Mar 2012 02:16:19 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:51600 helo=[10.108.69.44]) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1SDBSd-000EdZ-5y; Thu, 29 Mar 2012 05:16:03 -0400
Mime-Version: 1.0
Message-Id: <p06240803cb99d283e548@[10.108.69.44]>
In-Reply-To: <64B29EFD-5C6E-4D0C-8E4F-92A2B5A86279@castlepoint.net>
References: <64B29EFD-5C6E-4D0C-8E4F-92A2B5A86279@castlepoint.net>
Date: Thu, 29 Mar 2012 05:07:38 -0400
To: Shane Amante <shane@castlepoint.net>
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-879109920==_ma============"
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 09:16:21 -0000
Shane, >To expand on my comments at the mic earlier today on this draft, I >think there is universal acknowledgment that there should be >statements that attacks involving path shortening should be >acknowledged as a "threat" in this document. Section 4.2, near the top of page 12, addresses this attack, in the BGPSEC context: Secure Path Downgrade: A router might remove signatures from a BGPSEC update that it receives, when forwarding this update to a BGPSEC-enabled neighbor. This behavior violates the BGPSEC spec and thus is considered an attack. This is the path shortening attack, expressed in terms of an attack against a BGPSEC-protected path. >OTOH, with respect to path-lengthening, my comment was NOT aimed at >the normal, operation practice of AS_PATH prepending for the >purposes of Traffic Engineering. Section 4.2, bottom of page 11, says: AS Insertion: A router might insert one or more ASNs, other than its own ASN, into an update message. This violates the BGP spec and thus is considered an attack. This seems to address the K/P attack, in the BGPSEC context. >The larger point here is that documenting, preferably in this I-D, >the Kapela/Pilsov threat and other threats related to >upgrade/downgrade threats discussed at the Prague IETF allows us to >more holistically consider whether, or not, BGPSEC addresses it. So, ignoring the "threat" vs. "attack" terminology issue that we discussed at the mic :-), I could add some text to describe classes of attacks in terms of vanilla BGP, as well as BGPSEC. But, RFC 4272 already did this in a fair level of detail, so I didn't see the need for this doc to include an attack enumeration for BGP. When discussing security, it is generally preferable to define what constitutes secure or "correct" operation for a protocol, rather than trying to enumerate attacks against the protocol. If one wants to be more specific, then one can describe classes of attacks, and provide some illustrative examples. That's what we have tried to do here. Not sure I understand you last comment: >d) Further, what if an attacker did this to valid, BGPSEC-signed >paths that he/she was originating and/or receiving and propagating >downstream toward other ASN's? Steve
- [sidr] draft-ietf-sidr-bgpsec-threats-02: Path sh… Shane Amante
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Stephen Kent
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Shane Amante
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Jakob Heitz
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Andrew Chi
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Shane Amante
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Andrew Chi
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Shane Amante
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Murphy, Sandra
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Andrew Chi
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Andrew Chi
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Sriram, Kotikalapudi
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Robert Raszuk
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Jakob Heitz
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Sriram, Kotikalapudi
- Re: [sidr] [Idr] draft-ietf-sidr-bgpsec-threats-0… Robert Raszuk
- Re: [sidr] [Idr] draft-ietf-sidr-bgpsec-threats-0… Murphy, Sandra
- Re: [sidr] [Idr] draft-ietf-sidr-bgpsec-threats-0… Robert Raszuk
- Re: [sidr] [Idr] draft-ietf-sidr-bgpsec-threats-0… Montgomery, Douglas
- Re: [sidr] [Idr] draft-ietf-sidr-bgpsec-threats-0… Robert Raszuk
- Re: [sidr] [Idr] draft-ietf-sidr-bgpsec-threats-0… Murphy, Sandra
- [sidr] No BGPSEC intradomain ? Robert Raszuk
- Re: [sidr] [Idr] draft-ietf-sidr-bgpsec-threats-0… Stephen Kent
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Stephen Kent
- Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Pat… Stephen Kent
- Re: [sidr] [Idr] No BGPSEC intradomain ? Christopher Morrow
- Re: [sidr] No BGPSEC intradomain ? Warren Kumari
- Re: [sidr] No BGPSEC intradomain ? Robert Raszuk
- Re: [sidr] [Idr] No BGPSEC intradomain ? Christopher Morrow
- Re: [sidr] [Idr] No BGPSEC intradomain ? Robert Raszuk
- Re: [sidr] [Idr] No BGPSEC intradomain ? Warren Kumari
- Re: [sidr] [Idr] No BGPSEC intradomain ? Montgomery, Douglas
- Re: [sidr] [Idr] No BGPSEC intradomain ? Christopher Morrow
- Re: [sidr] [Idr] No BGPSEC intradomain ? Robert Raszuk
- Re: [sidr] [Idr] No BGPSEC intradomain ? Robert Raszuk
- Re: [sidr] [Idr] No BGPSEC intradomain ? Jakob Heitz
- Re: [sidr] [Idr] No BGPSEC intradomain ? Christopher Morrow
- Re: [sidr] [Idr] No BGPSEC intradomain ? Christopher Morrow
- Re: [sidr] [Idr] No BGPSEC intradomain ? Christopher Morrow
- Re: [sidr] [Idr] No BGPSEC intradomain ? Jakob Heitz
- Re: [sidr] [Idr] No BGPSEC intradomain ? Randy Bush
- Re: [sidr] [Idr] No BGPSEC intradomain ? Randy Bush
- Re: [sidr] [Idr] No BGPSEC intradomain ? Robert Raszuk
- Re: [sidr] [Idr] No BGPSEC intradomain ? Paul Jakma
- [sidr] iBGP, BGPSEC and incremental deployment (w… Jeffrey Haas
- Re: [sidr] [Idr] No BGPSEC intradomain ? Christopher Morrow
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… Jakob Heitz
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… Christopher Morrow
- Re: [sidr] [Idr] No BGPSEC intradomain ? Brian Dickson
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… Jeffrey Haas
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… Jeffrey Haas
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… Christopher Morrow
- Re: [sidr] [Idr] No BGPSEC intradomain ? George, Wes
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… George, Wes
- Re: [sidr] [Idr] No BGPSEC intradomain ? George, Wes
- Re: [sidr] [Idr] No BGPSEC intradomain ? Robert Raszuk
- Re: [sidr] [Idr] No BGPSEC intradomain ? Jeffrey Haas
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… Jeffrey Haas
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… Christopher Morrow
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… Jeffrey Haas
- Re: [sidr] [Idr] No BGPSEC intradomain ? George, Wes
- Re: [sidr] [Idr] No BGPSEC intradomain ? Jeffrey Haas
- Re: [sidr] [Idr] No BGPSEC intradomain ? Paul Jakma
- Re: [sidr] iBGP, BGPSEC and incremental deploymen… Jakob Heitz
- Re: [sidr] [Idr] iBGP, BGPSEC and incremental dep… Brian Dickson