IETF Logo Mail Archive

Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 04 June 2011 16:38 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AE7BE06C3 for <sidr@ietfa.amsl.com>; Sat, 4 Jun 2011 09:38:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5sJ1-Vz2vOI5 for <sidr@ietfa.amsl.com>; Sat, 4 Jun 2011 09:38:39 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [134.226.32.56]) by ietfa.amsl.com (Postfix) with ESMTP id 30324E06C1 for <sidr@ietf.org>; Sat, 4 Jun 2011 09:38:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 78E84171C03; Sat, 4 Jun 2011 17:38:38 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1307205516; bh=/+WO3slI9HQl1C yMLmH8A0cM5kWUMWT7JYY7yipA3QA=; b=iz0fnAeXY5Sul8l9OB4JMnqWnhJuh9 kCdh8e+l93YYpnxO9t0qUOc1triUsO26pbeuWVOiOVmrAsIXpAzGBVsQdb9DTrKG CAHU7Hp0jROWGjXHMSZiGNj8mHkdkcw7+UTj7EThJxsVMSpBaaEALPMdS9n5M+ys W+3OJoqHH0Vs4dAGO9P0M3E8vVxwgFKwdJqOyVgR1TWbFP9lgAiUeIxRirjCyQhc uQfIF0C7Oh5w7Ple8FNWNP735kHDqzAvh/UXQdh6EuItTptANc85kGJyBGC1jyCV OYPnPzMzCM6uzTAo238X8+AG+uWrdO6ZPtwLdvAQTaiqtezOgnL+Vqxw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id U3YgL90s8hw2; Sat, 4 Jun 2011 17:38:36 +0100 (IST)
Received: from [10.87.48.9] (unknown [86.45.54.169]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 7C663171D0D; Sat, 4 Jun 2011 17:38:35 +0100 (IST)
Message-ID: <4DEA5F8B.8060804@cs.tcd.ie>
Date: Sat, 04 Jun 2011 17:38:35 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Christopher Morrow <morrowc.lists@gmail.com>
References: <4DAF44AC.8060408@isi.edu> <BANLkTikLi2p7UipJ!TRSQqVOL6GkLn=j9iA@mail.gmail.com> <F0FABE61-FC1D-45ED-A21D-ED7A1228A997@isi.edu> <01eb01cc0325$6e4fd260$4001a8c0@gateway.2wire.net> <4DB592B3.3090805@isi.edu> <033e01cc05a8$0a82f160$4001a8c0@gateway.2wire.net> <4DB9A456.3060709@isi.edu> <BANLkTikg18FV5H0bOdOfWMzpTcm_B__EVQ@mail.gmail.com> <017b01cc13ff$0cb6da40$4001a8c0@gateway.2wire.net> <BANLkTink82qvhge6rRhqt5+h-2mEkKBMhA@mail.gmail.com> <m21uzwr3tw.wl%randy@psg.com> <BANLkTimPnMfE1ii=6uwAckoFY0yUU=w43g@mail.gmail.com> <BANLkTinu8pxxCj4cdJzbS3z5h=8=s+U3Gw@mail.gmail.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E006@EUSAACMS0701.eamcs.ericsson.se> <Pine.WNT.4.64.1106031624560.2148@SMURPHY-LT.columbia.ads.sparta.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E04A@EUSAACMS0701.eamcs.ericsson.se> <BANLkTi=OcqYbBReP+F+6e+mdqySEWPkq4Q@mail.gmail.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E0E3@EUSAACMS0701.eamcs.ericsson.se> <BANLkTikqeHdq15P7yC1A6owtrKGBWQsKkQ@mail.gmail.co m>
In-Reply-To: <BANLkTikqeHdq15P7yC1A6owtrKGBWQsKkQ@mail.gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Sandra Murphy <Sandra.Murphy@sparta.com>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2011 16:38:40 -0000

Hi all,

Trying to catch up with you all here.

>From reading the mail thread it seems to me that:

- tcp-md5 is available but undesirable
- tcp-ao is desirable but unavailable so far
- ssh is available and slightly undesirable for
  performance reasons but desirable in
  security terms

That would imply that an answer might be:

MUST implement SSH; SHOULD implement TCP-AO and
MUST/SHOULD prefer TCP-AO over SSH if both
available

Would that garner (rough) consensus?

We really do want to deprecate tcp-md5.

Cheers,
Stephen.

On 04/06/11 03:26, Christopher Morrow wrote:
> On Fri, Jun 3, 2011 at 10:15 PM, Uma Chunduri <uma.chunduri@ericsson.com> wrote:
>>
>>
>> -----Original Message-----
>> From: christopher.morrow@gmail.com [mailto:christopher.morrow@gmail.com] On Behalf Of Christopher Morrow
>> Sent: Friday, June 03, 2011 6:11 PM
>> To: Uma Chunduri
>> Cc: Sandra Murphy; stephen.farrell@cs.tcd.ie; sidr@ietf.org
>> Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
>>
>> On Fri, Jun 3, 2011 at 5:28 PM, Uma Chunduri <uma.chunduri@ericsson.com> wrote:
>>>
>>>
>>> -----Original Message-----
>>> From: Sandra Murphy [mailto:Sandra.Murphy@sparta.com]
>>> Sent: Friday, June 03, 2011 1:43 PM
>>> To: Uma Chunduri
>>> Cc: sidr@ietf.org; Sean Turner; stephen.farrell@cs.tcd.ie
>>> Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
>>>
>>>
>>> On Fri, 3 Jun 2011, Uma Chunduri wrote:
>>>
>>>>
>>>>
>>> ....
>>>
>>>>
>>>> True, privacy through SSH is overkill but strong AUTH is *critical*, I feel:
>>>>   - TCP-MD5 should not be considered (as it is any ways deprecated
>>>> and it's MD5)
>>>>   - TCP-AO has only slight advantage as it has less overhead than
>>>> ipsec-AH even when
>>>>     deployed with manual keys
>>>>   - but it's better if it is "MUST support authentication of nodes
>>>> with TCP-AO or ipsec-AH" because
>>>
>>> Just to be sure:
>>>
>>> Did you understand the part about implementations of TCP-AO and ipsec-AH not being available at present?
>>>
>>> I.e., you recognize this forces a delay in implementation of the protocol (and accept the consequent impact on deployment of the RPKI)?
>>>
>>> [Uma] Yes, I did. Even though operators don't like  ipsec-AH today, it
>>> is still deployed for OSPFv3 protection as that (of course now there are other drafts to mitigate complexity with reasonable trade-off).
>>>
>>
>> So, speaking as just another guy on the bus here... it's not about 'dont like it' it's about "THE CODE ON THE ROUTER DOES NOT DO IPSEC"
>>
>> Keep in mind that a router is not a generic CPU + intel ethernet PCI card, and often the OS on it is optomized for a particular duty, in large iron routers it's NOT ipsec.
>>
>>> Problem with MD5 is, it can present the *weakest* link for the whole RPKI infa.
>>> At least new infrastructure like RPKI should avoid deprecated  stuff.
>>
>> exactly how is MD5 the weakest link here? some particular words about the threat model + ability to subvert a running session which ships a few megabytes/minute around would be in order here.
>>
>> [Uma]
>>
>> 1. Wang, X., H. Yu, "How to break MD5 and other hash
>>             functions", Proc. IACR Eurocrypt 2005, Denmark
> 
> depends on creating 2 items to hash I believe?  shows that if you do
> the right thing for 2 very large items you create you can get a
> collision in some instances. not picking random bits off the wire, not
> relevant, move on.
> 
>> 2. RFC 4270
> 
> talks about the above, not relevant.
> 
>>
>> 3. long back even OSPF, ISIS etc.. moved away from MD5
> 
> fear, uncertainty, doubt.
> 
> we aren't talking about a permanent use of md5, we're talking about:
> Use something that provides authentication/assurance NOW so we can
> move forward, knowing full well we'll change to the better/required
> solution when it's available in the right places.
> 
> There's not a single AO implementation available today... it's DOA
> until there is. (frankly it's kind of a failure that there aren't
> widely deployed implementations of this... given all the time to
> invent it and all)
> 
>> 4. ...
>>
>> For that matter SHA1 is getting deprecated http://securitymusings.com/article/1587/algorithm-and-key-length-deprecation
>>
> 
> again, not relevant.
> 
> please find something relevant that's not just fear mongering. Or,
> alternately, find implementations of AO in the servers and routers
> that matter. (if there are AO implementations w00t! we all win, until
> then we spin)
> 
> -chris
> <regular guy socks==on>
> 
>>
>> Getting public keys from a server with a  deprecated auth mechanism to verify RSA signature?
>> it's obscure..and not sure why it's not considered weak.
>> Well, one can still use and design systems around this if this is still seen adequate.
>>
>> -Uma
>>
>>
>>
>>
>> -chris
>> <just a guy>
>>
>>> -Uma
>>>
>>>
>>> --Sandy, speaking as wg co-chair
>>>
>>>
>>>>     as both support
>>>>           - strong auth algos
>>>>           - algo agility
>>>>           - can be deployed with manual and auto key management
>>>>            (auto key probably required eventually, once with lot of
>>>> connections at
>>>>             cache/global RPKI/server side and for automatic key
>>>>             changes periodically)
>>>>           - key changes for existing sessions
>>>>
>>>>    One would get flexibility with this.
>>>>    Also Section 7 (page 16)
>>>>    "It is assumed that the router and cache have exchanged keys out of band by some reasonably secured means"
>>>>    This will be still applicable but only if TCP-AO/ipsce-AH are deployed with manual keys.
>>>>
>>>> 2 cents,
>>>> -Uma
>>>>
>>>>
>>>> _______________________________________________
>>>> sidr mailing list
>>>> sidr@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/sidr
>>>>
>>> _______________________________________________
>>> sidr mailing list
>>> sidr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sidr
>>>
>>

v2.23.0 | Report a Bug | By Email