IETF Logo Mail Archive

Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?

Christopher Morrow <morrowc.lists@gmail.com> Sun, 05 June 2011 00:56 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C014B11E8072 for <sidr@ietfa.amsl.com>; Sat, 4 Jun 2011 17:56:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101
X-Spam-Level:
X-Spam-Status: No, score=-101 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wgPyQ8b-97Hp for <sidr@ietfa.amsl.com>; Sat, 4 Jun 2011 17:56:38 -0700 (PDT)
Received: from mail-px0-f170.google.com (mail-px0-f170.google.com [209.85.212.170]) by ietfa.amsl.com (Postfix) with ESMTP id 335BC11E8071 for <sidr@ietf.org>; Sat, 4 Jun 2011 17:56:38 -0700 (PDT)
Received: by pxi19 with SMTP id 19so1879930pxi.15 for <sidr@ietf.org>; Sat, 04 Jun 2011 17:56:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Xr8F0TtWRYbf8uxKkd4r3bHy4x25UgZeBz7XKm016oE=; b=ewiP79vtf522sPWxuKntEs5runwxVLouKjU4FKMHkpUpsY7xj8ToDt6hctcaPPs8E7 WqZ1Cfs3T5cFRDPlYDvLdLx5RPf/0NUAm+jcPdSKzI9TkNIfn+88VV4nOc2Sey0Me8Gl P0BiBbQdWjN+ZQWQTYPPisv/WybSTqjlyVk6s=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=VAOCiXFz7qbfmcm03yBmyQaJ+jI3DdwyhJbtju5+qJbiDVfmAmbt1Oi4g4MI4W/b4O K3U/cas7E3qTn29FOnsPSWXuKcNCweL/Jz2E/u6ZIgsIdvTYu47E6F2j5Qaez1BIHrYh KCAlu18RYRVFgllvPmsHWfYkBjIrNZlP0I/kQ=
MIME-Version: 1.0
Received: by 10.68.35.102 with SMTP id g6mr1312102pbj.16.1307235397541; Sat, 04 Jun 2011 17:56:37 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.68.44.106 with HTTP; Sat, 4 Jun 2011 17:56:37 -0700 (PDT)
In-Reply-To: <1F1804CA-BC0D-4231-B83B-1F3DAE29CDC1@isi.edu>
References: <4DAF44AC.8060408@isi.edu> <E3076C4C-F27C-40A8-A033-2EBB8C39A3D2@cisco.com> <4DAF796C.7010807@isi.edu> <BANLkTi=Oc-fEKOYCRQqM97wPxSSXjrdTRw@mail.gmail.com> <409BDC5C-FE86-444A-BC0D-6DA00E7BF0F3@isi.edu> <BANLkTikLi2p7UipJ!TRSQqVOL6GkLn=j9iA@mail.gmail.com> <F0FABE61-FC1D-45ED-A21D-ED7A1228A997@isi.edu> <01eb01cc0325$6e4fd260$4001a8c0@gateway.2wire.net> <4DB592B3.3090805@isi.edu> <033e01cc05a8$0a82f160$4001a8c0@gateway.2wire.net> <4DB9A456.3060709@isi.edu> <BANLkTikg18FV5H0bOdOfWMzpTcm_B__EVQ@mail.gmail.com> <017b01cc13ff$0cb6da40$4001a8c0@gateway.2wire.net> <BANLkTink82qvhge6rRhqt5+h-2mEkKBMhA@mail.gmail.com> <m21uzwr3tw.wl%randy@psg.com> <BANLkTimPnMfE1ii=6uwAckoFY0yUU=w43g@mail.gmail.com> <BANLkTinu8pxxCj4cdJzbS3z5h=8=s+U3Gw@mail.gmail.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E006@EUSAACMS0701.eamcs.ericsson.se> <Pine.WNT.4.64.1106031624560.2148@SMURPHY-LT.columbia.ads.sparta.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E04A@EUSAACMS0701.eamcs.ericsson.se> <D1D8138DDF34B34B8BC68A11262D10790F6233E0E3@EUSAACMS0701.eamcs.ericsson.se> <BANLkTikqeHdq15P7yC1A6owtrKGBWQsKkQ@mail.gmail.com> <1F1804CA-BC0D-4231-B83B-1F3DAE29CDC1@isi.edu>
Date: Sat, 04 Jun 2011 20:56:37 -0400
X-Google-Sender-Auth: ud1N1__maRnHK6iXBYTb10LcD2A
Message-ID: <BANLkTikN2tBkqV8ETawx29WqmnOsPn7m9Q@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, Sandra Murphy <Sandra.Murphy@sparta.com>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jun 2011 00:56:42 -0000

On Sat, Jun 4, 2011 at 10:02 AM, Joe Touch <touch@isi.edu> wrote:
> So basically the problem is that:
>
> - routers don't all support IPsec for the control plane
>
> - servers don't yet implement AO

routers don't yet support AO either :( at least not in juniper 10.x
code nor cisco 12.2(S) or 15 code...
(or not that I've seen and been able to configure, though at least 1
of the 2 there say 'coming RSN!')

> I repeat that there's a known solution that is already being used for BGP:
>
> Use AO if available
>
> Use MD5 in the meantime
>

ok, I think that's kind of where the implementors got in offline
discussions. I think people (me at least) are hoping the security AD
folks find this sort of wording/direction palatable though.

> Yes, servers will support AO, if for no other reason than they support BGP and MD5 now.

agreed, some heat is required to make this happen (heat == 'gosh I'd
love my Oracle/fbsd/linux server(s) to be able to run quagga to my new
and old IOS boxes...')

-chris

> Joe
>
> On Jun 3, 2011, at 7:26 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
>
>> On Fri, Jun 3, 2011 at 10:15 PM, Uma Chunduri <uma.chunduri@ericsson.com> wrote:
>>>
>>>
>>> -----Original Message-----
>>> From: christopher.morrow@gmail.com [mailto:christopher.morrow@gmail.com] On Behalf Of Christopher Morrow
>>> Sent: Friday, June 03, 2011 6:11 PM
>>> To: Uma Chunduri
>>> Cc: Sandra Murphy; stephen.farrell@cs.tcd.ie; sidr@ietf.org
>>> Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
>>>
>>> On Fri, Jun 3, 2011 at 5:28 PM, Uma Chunduri <uma.chunduri@ericsson.com> wrote:
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Sandra Murphy [mailto:Sandra.Murphy@sparta.com]
>>>> Sent: Friday, June 03, 2011 1:43 PM
>>>> To: Uma Chunduri
>>>> Cc: sidr@ietf.org; Sean Turner; stephen.farrell@cs.tcd.ie
>>>> Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
>>>>
>>>>
>>>> On Fri, 3 Jun 2011, Uma Chunduri wrote:
>>>>
>>>>>
>>>>>
>>>> ....
>>>>
>>>>>
>>>>> True, privacy through SSH is overkill but strong AUTH is *critical*, I feel:
>>>>>   - TCP-MD5 should not be considered (as it is any ways deprecated
>>>>> and it's MD5)
>>>>>   - TCP-AO has only slight advantage as it has less overhead than
>>>>> ipsec-AH even when
>>>>>     deployed with manual keys
>>>>>   - but it's better if it is "MUST support authentication of nodes
>>>>> with TCP-AO or ipsec-AH" because
>>>>
>>>> Just to be sure:
>>>>
>>>> Did you understand the part about implementations of TCP-AO and ipsec-AH not being available at present?
>>>>
>>>> I.e., you recognize this forces a delay in implementation of the protocol (and accept the consequent impact on deployment of the RPKI)?
>>>>
>>>> [Uma] Yes, I did. Even though operators don't like  ipsec-AH today, it
>>>> is still deployed for OSPFv3 protection as that (of course now there are other drafts to mitigate complexity with reasonable trade-off).
>>>>
>>>
>>> So, speaking as just another guy on the bus here... it's not about 'dont like it' it's about "THE CODE ON THE ROUTER DOES NOT DO IPSEC"
>>>
>>> Keep in mind that a router is not a generic CPU + intel ethernet PCI card, and often the OS on it is optomized for a particular duty, in large iron routers it's NOT ipsec.
>>>
>>>> Problem with MD5 is, it can present the *weakest* link for the whole RPKI infa.
>>>> At least new infrastructure like RPKI should avoid deprecated  stuff.
>>>
>>> exactly how is MD5 the weakest link here? some particular words about the threat model + ability to subvert a running session which ships a few megabytes/minute around would be in order here.
>>>
>>> [Uma]
>>>
>>> 1. Wang, X., H. Yu, "How to break MD5 and other hash
>>>             functions", Proc. IACR Eurocrypt 2005, Denmark
>>
>> depends on creating 2 items to hash I believe?  shows that if you do
>> the right thing for 2 very large items you create you can get a
>> collision in some instances. not picking random bits off the wire, not
>> relevant, move on.
>>
>>> 2. RFC 4270
>>
>> talks about the above, not relevant.
>>
>>>
>>> 3. long back even OSPF, ISIS etc.. moved away from MD5
>>
>> fear, uncertainty, doubt.
>>
>> we aren't talking about a permanent use of md5, we're talking about:
>> Use something that provides authentication/assurance NOW so we can
>> move forward, knowing full well we'll change to the better/required
>> solution when it's available in the right places.
>>
>> There's not a single AO implementation available today... it's DOA
>> until there is. (frankly it's kind of a failure that there aren't
>> widely deployed implementations of this... given all the time to
>> invent it and all)
>>
>>> 4. ...
>>>
>>> For that matter SHA1 is getting deprecated http://securitymusings.com/article/1587/algorithm-and-key-length-deprecation
>>>
>>
>> again, not relevant.
>>
>> please find something relevant that's not just fear mongering. Or,
>> alternately, find implementations of AO in the servers and routers
>> that matter. (if there are AO implementations w00t! we all win, until
>> then we spin)
>>
>> -chris
>> <regular guy socks==on>
>>
>>>
>>> Getting public keys from a server with a  deprecated auth mechanism to verify RSA signature?
>>> it's obscure..and not sure why it's not considered weak.
>>> Well, one can still use and design systems around this if this is still seen adequate.
>>>
>>> -Uma
>>>
>>>
>>>
>>>
>>> -chris
>>> <just a guy>
>>>
>>>> -Uma
>>>>
>>>>
>>>> --Sandy, speaking as wg co-chair
>>>>
>>>>
>>>>>     as both support
>>>>>           - strong auth algos
>>>>>           - algo agility
>>>>>           - can be deployed with manual and auto key management
>>>>>            (auto key probably required eventually, once with lot of
>>>>> connections at
>>>>>             cache/global RPKI/server side and for automatic key
>>>>>             changes periodically)
>>>>>           - key changes for existing sessions
>>>>>
>>>>>    One would get flexibility with this.
>>>>>    Also Section 7 (page 16)
>>>>>    "It is assumed that the router and cache have exchanged keys out of band by some reasonably secured means"
>>>>>    This will be still applicable but only if TCP-AO/ipsce-AH are deployed with manual keys.
>>>>>
>>>>> 2 cents,
>>>>> -Uma
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> sidr mailing list
>>>>> sidr@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/sidr
>>>>>
>>>> _______________________________________________
>>>> sidr mailing list
>>>> sidr@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/sidr
>>>>
>>>
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
>

v2.23.0 | Report a Bug | By Email