Re: [sidr] Stephen Farrell's Discuss on draft-ietf-sidr-bgpsec-protocol-21: (with DISCUSS and COMMENT)
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 09 January 2017 05:22 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AE40129AB1; Sun, 8 Jan 2017 21:22:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C7aEu2vx31uO; Sun, 8 Jan 2017 21:22:23 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0118.outbound.protection.outlook.com [23.103.201.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24F3B129AAE; Sun, 8 Jan 2017 21:22:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=04YAm9D1jO+bSlwc9GAWwTXKhAScoHXFCRREGo1Gs0A=; b=v0qRpwxAd2Z2f+LmNDVSFORzmxRclQnwHVY28VOoA9EchXFc2ueulCROzFtjiwr2EeSY+V9rI4kIz5GIamIAtbVOzhcwC+u3V5lsyiYQHZllPmigX/aPkLkqRY3c0btSusRWDrJ3zK6xfzjRaUra0p4HZ/haQG0MCAttlCUEGrI=
Received: from DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) by DM2PR09MB0447.namprd09.prod.outlook.com (10.161.252.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.817.10; Mon, 9 Jan 2017 05:22:20 +0000
Received: from DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) by DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) with mapi id 15.01.0817.015; Mon, 9 Jan 2017 05:22:20 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-sidr-bgpsec-protocol-21: (with DISCUSS and COMMENT)
Thread-Index: AQHSZpHl3JK9Ep+Hw0SM2CHq7jfcT6Ep5PcggAANcYCABay7Cw==
Date: Mon, 09 Jan 2017 05:22:20 +0000
Message-ID: <DM2PR09MB0446142ADB35126BCEBFB1E184640@DM2PR09MB0446.namprd09.prod.outlook.com>
References: <148353798879.13011.5291414579598073386.idtracker@ietfa.amsl.com> <DM2PR09MB0446A3E1696278FBD040707F84600@DM2PR09MB0446.namprd09.prod.outlook.com>, <304ad58d-fa44-45e3-6fb1-4e7b189007cd@cs.tcd.ie>
In-Reply-To: <304ad58d-fa44-45e3-6fb1-4e7b189007cd@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [132.163.222.9]
x-ms-office365-filtering-correlation-id: b24e88d1-3506-420b-27c8-08d4384f7c47
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:DM2PR09MB0447;
x-microsoft-exchange-diagnostics: 1; DM2PR09MB0447; 7:KKIdX9ULdcCw0s9zRRwzgXzFCyTLQGgJjqxKFcsUL53R4juArMqGAPF0MEYXTa6UTtmDqjYw1eKV4FsmsCqCXTcFdGSDW8vHiufxhzUeFa5Fnj6AEbJX1eNE9ejVCzI3QwGUj/Ogq8ZdOsfhdazsNnQwmyIjd/Jj5+B1TEy8BVh/g5PhEMn+4+jBlXs9fl379Axh/CHA4KlU1oFx47xh1X2ikJrHGJl0GiPOUwrrhwD+tC/3V/IjxJhjn1CqNN/021Xjd9IaA9eQs7++rvTjiaUgSM3OxM41YCZE5cB2riyaLJaYgBLG/zYUZq4e+TFS74IpUc69VmcgmNRsRzZ0BjcGj9MZU30XQ2M2oEGEuN4HNwOjECkudolcUoMkW6zpwn+gKFe/gx/9vefOS7PkVw65TKgdsHOa/nGiFmvnwUZMZwW1/mM0CcYcYpJZlkRZUhvh52dF7o3U0/H6miEEiw==
x-microsoft-antispam-prvs: <DM2PR09MB044704B1E7A421F1B0BBEC4D84640@DM2PR09MB0447.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123555025)(20161123564025)(20161123560025)(6072148); SRVR:DM2PR09MB0447; BCL:0; PCL:0; RULEID:; SRVR:DM2PR09MB0447;
x-forefront-prvs: 0182DBBB05
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39840400002)(39850400002)(39450400003)(39410400002)(199003)(189002)(3846002)(102836003)(54906002)(9686003)(3280700002)(68736007)(230783001)(74316002)(3660700001)(7736002)(2900100001)(6116002)(5660300001)(33656002)(8936002)(122556002)(8676002)(2950100002)(86362001)(189998001)(101416001)(6436002)(55016002)(92566002)(99286003)(77096006)(4326007)(7696004)(305945005)(6506006)(5001770100001)(105586002)(229853002)(97736004)(2906002)(81156014)(106116001)(81166006)(25786008)(106356001)(66066001)(50986999)(38730400001)(54356999)(76176999); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0447; H:DM2PR09MB0446.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jan 2017 05:22:20.1730 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0447
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/2bTvQmuQUYTzTGnmceYNKBYWBSE>
Cc: "draft-ietf-sidr-bgpsec-protocol@ietf.org" <draft-ietf-sidr-bgpsec-protocol@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, "m.waehlisch@fu-berlin.de" <m.waehlisch@fu-berlin.de>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Stephen Farrell's Discuss on draft-ietf-sidr-bgpsec-protocol-21: (with DISCUSS and COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 05:22:25 -0000
Stephen,
Please see responses inline below.
>>[Sriram] Signer's ASN is indeed included in the signed data.
>> In Figure 8, "Secure_Path Segment : N" corresponds
>> to the signing AS (current AS) and that is where the
>> signer's ASN is included along with its pCount and Flags.
>Hmm. That's the target ASN of the previous signer though.
Semantically the "Secure_Path Segment: N" shown in the
data to be hashed in Figure 8, contains the current
signer's ASN, although logically it is equal to
the target ASN of the previous signer.
>I thought there were cases where they could differ? But
>if not, then you probably need to state that as a rule
>for checking signatures, is that there already? (Happy to
>check later, but don't have time right now.)
They had differed in one situation but that was
before we put in a fix for the confederation boundary,
and that fix is in the second paragraph of Section 4.3
of version-21. So now we are good. Yes, now
a signer's ASN always equals the target ASN
used in the hashed data by the previous signer.
So in the signature validation, the verifier always
plugs in its own ASN as the target ASN for validation
of the most recently added signature. Without that the
validation of that signature will fail.
That rule is built in into the validation process (page 26):
"For the first segment to be processed (the most
recently added segment (i.e. N = K) given that there are K hops
in the Secure_Path), the 'Target AS Number' is AS(K+1), the AS
number of the BGPsec speaker validating the update message."
>>> - 5.2, I think you need to say something to the effect
>>> that every Secure_Path MUST have a signature with an
>>> algorithm that is supported. As I read the text, the
>>> algorithm as stated here could be read to not require
>>> that. E.g. the para before the bullets on p25 could be
>>> read to mean "drop all stuff involving unsupported algs
>>> and then continue to process the rest of the stuff."
>>>
>> [Sriram] Seems like a bit of a pathological case.
>> Could happen only if the sender behavior was incorrect.
>Yes, but 5.2 is verifier behaviour and ought not
>assume a correct signer, so I do think the alg
>presented here needs to cover such things.
Please see response below.
>> Sender is not required to know which algorithms a peer supports
>> but sender's expected behavior is this: MUST include a Signature_Block
> for the "current" algorithm (which every BGPsec speaker
>> MUST support through the transition period),
>Where does it say that the current/next thing applies
>to the entire world of BGPsec? I didn't read it that
>way as it happens, but rather that the current/next
>could involve different algorithms at different nodes
>at the same time.
>
>So e.g. I read it to be allowed that a migration from
>rsa/sha256 then to ecdsa then to eddsa could occur
>with some non-updated nodes still signing with rsa/sha256
>whilst some shiny new nodes are doing ecdsa and eddsa and
>others are in between.
>
>I do agree that a global current/next pair of algs
>is nicer, if that is what's wanted. But I don't recall
>the text saying that. (Again happy to check later, but
>no time right now;-)
The text does describe it in terms of
"a global current/new pair of algs" in Section 6.1 (p. 28, v-21):
"To this end, a mandatory algorithm suites document exists which
specifies a mandatory-to-use 'current' algorithm suite for use by all
BGPsec speakers [I-D.ietf-sidr-bgpsec-algs].
It is anticipated that, in the future, the mandatory algorithm suites
document will be updated to specify a transition from the 'current'
algorithm suite to a 'new' algorithm suite. During the period of
transition (likely a small number of years), all BGPsec update
messages SHOULD simultaneously use both the 'current' algorithm suite
and the 'new' algorithm suite. (Note that Section 3 and Section 4
specify how the BGPsec_Path attribute can contain signatures, in
parallel, for two algorithm suites.) Once the transition is
complete, use of the old 'current' algorithm will be deprecated, use
of the 'new' algorithm will be mandatory, …."
Thank you.
Sriram
- [sidr] Stephen Farrell's Discuss on draft-ietf-si… Stephen Farrell
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Sean Turner
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Russ Housley
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Mehmet Adalier (Antara Teknik)
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Montgomery, Douglas (Fed)
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Montgomery, Douglas (Fed)
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Sriram, Kotikalapudi (Fed)
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Sriram, Kotikalapudi (Fed)
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Sriram, Kotikalapudi (Fed)
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [sidr] Stephen Farrell's Discuss on draft-iet… Randy Bush