IETF Logo Mail Archive

Re: [sidr] preventing SKI collisions

David Mandelberg <david@mandelberg.org> Mon, 05 October 2015 20:36 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7D251B4FD4 for <sidr@ietfa.amsl.com>; Mon, 5 Oct 2015 13:36:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X2OWobhkQc2n for <sidr@ietfa.amsl.com>; Mon, 5 Oct 2015 13:36:06 -0700 (PDT)
Received: from nm16-vm6.access.bullet.mail.bf1.yahoo.com (nm16-vm6.access.bullet.mail.bf1.yahoo.com [216.109.115.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEB581B4FDE for <sidr@ietf.org>; Mon, 5 Oct 2015 13:36:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1444077365; bh=Ekg3hHfzKWdeiXIkGQfUXWie6lLXM4rDeyyH731Xx/0=; h=Date:From:To:Subject:In-Reply-To:References:From:Subject; b=J1dyp9AsUUk264jVCOD/KZAqaK/Voy6I5+Km9B1c4V9bHW3X7bv+oFY1NqRwX/2X1URYNWXoscLmy//CH8qlCGK/JEiZdnu75Py3uGWzndpYYoIRX0SqenwjbxFy4JLPDFkL4ICN0PY2iKEqwaA2G/VsvUHJSOujjDDE//pDX4XhJiQvB2c+20FWuSAuB+YVkJIFE3nHzg0u9wXbKeRgkkXsxgnSLIaxaGf9vrdT5yk92bbGWZKYESi+PIfP8IGUFulKIRNC+d2DpFauN5TJfaJ3/EEcd1Sfosz24Bt88l7Zw+SQMfm0m/3AXEGJ9GYBaMnIifp18mTq+kvkVxXxbg==
Received: from [66.196.81.162] by nm16.access.bullet.mail.bf1.yahoo.com with NNFMP; 05 Oct 2015 20:36:05 -0000
Received: from [98.138.104.99] by tm8.access.bullet.mail.bf1.yahoo.com with NNFMP; 05 Oct 2015 20:36:05 -0000
Received: from [127.0.0.1] by smtp119.sbc.mail.ne1.yahoo.com with NNFMP; 05 Oct 2015 20:36:04 -0000
X-Yahoo-Newman-Id: 966392.71261.bm@smtp119.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: c3pijMAVM1m21SMWTyXGW2PfNPIkb6d_Z_rLgshHEJGh3gC gOGwbwSv591uMnRSwTJZqLKaK98pF2bQQcGFl1MhBVwYDl8Dz6ynb.Ara76G kRkW6YLcQGxBnjLWDbQPkDxcIYsLHSC4QKZ_sG9zp522JLDzwDG1Q.cJ8ivz EhT6G8QX_QsrByvfHTNG.GJnf9DvHZABtIsxbg.isrL5pTFVArkIodO.TDlj lP_ul2egzGDGAM7KJdx92E0rlfxZLtWxT28Ymc.n27QM3QRiS5xh97.HDH4V Ccl3bGp47ZTTz47wBSMfajBYJLMIXmCI0AzISmyGr4d1W6ecJl6_abHdV93i k4rJzIAcbxbxESy.7Vy4DDgGXJjJ1jCnrP.1A45l6EEP5gYAAVjOaM8SHuN5 NJGhCpeZ2Tj4THMXz4V1aPZH63VKvWxSNdHaXVWqwULLXdHv1Psi2N7JEe7M aHfbbN3OPDby47bSZvO.QWGQJivnCzn1V3Ie8fqcmkcvqBgVoLwOEuAmZY.I G8geqaUbjc22Zb4rS_C8btdPgowW0gRz3wrYaEQ--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from secure.mandelberg.org (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id CFE7F1C6033 for <sidr@ietf.org>; Mon, 5 Oct 2015 16:36:03 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Date: Mon, 05 Oct 2015 16:36:03 -0400
From: David Mandelberg <david@mandelberg.org>
To: sidr@ietf.org
In-Reply-To: <D008D28C-FC51-4AB7-9F73-C2435408AED6@ieca.com>
References: <555F436F.3080003@bbn.com> <2BF75857-6A5F-4260-B13B-0B9F6CE3FD98@ieca.com> <197E8AEA-D554-4DB4-885E-CFD55EF9E774@ripe.net> <m2wpx7pes6.wl%randy@psg.com> <55C4D7C8.4000401@bbn.com> <97B4FBD1-BCE6-4D37-BC0C-07A211347FBF@ieca.com> <55CA4901.4010007@bbn.com> <D008D28C-FC51-4AB7-9F73-C2435408AED6@ieca.com>
Message-ID: <c6af9ec70934494a2e0dd965c3fe753b@mail.mandelberg.org>
X-Sender: david@mandelberg.org
User-Agent: Roundcube Webmail/0.7.2
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/He0IRVvAFeb31EHozuFL8qwtwJk>
Subject: Re: [sidr] preventing SKI collisions
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 20:36:07 -0000

On 2015-09-16 10:38, Sean Turner wrote:
> Okay so I think we’re in agreement here that we don’t work on #3 now,
> but I’m also thinking that we should leave #1 and #2 alone for now.
> If we think a SHA-1 hash for the RPKI’s KIs are good enough now, then
> it sounds like it's also good enough for BGPsec.  It seems really odd
> that we do something different in BGPsec than what is done in the 
> rest
> of the RPKI.  So, I’m proposing that:

I was about to argue that BGPsec's requirements for KIs are inherently 
different than the rest of the RPKI's requirements for KIs, but then I 
realized that I only thought that way because I'm implementing the 
relying party side of things and not the BGPsec-enabled router side. So 
I now agree with you that we can leave #1 and #2 alone for now, but only 
if we do #4 (which I just made up):

4. Add text warning relying parties to detect malicious CAs that cause 
too many KI collisions, and blacklist those CAs. Similarly, warn routers 
and/or rpki-rtr caches to detect AS numbers with too many public keys 
sharing the same SKI, and blacklist those AS numbers.

In both router certs and other RPKI certs, the KIs are used as an 
optimization in the selection of a public key (BGPsec) or certificate 
(RPKI) to use for BGPsec validation (BGPsec) or certificate path 
validation (RPKI). If there are too many KI collisions, then this 
optimization stops working well, and it's possible for a malicious CA to 
DoS a router (router cert SKI collisions) or relying party (CA cert SKI 
collisions). In either case, the DoS could be prevented by reducing the 
probability of collisions (your #1-3), or by detecting and ignoring the 
malicious CA (my #4).

By the way, I think your #1 might be easier than my #4, but either one 
would prevent the issue Richard discovered.

-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/

v2.23.0 | Report a Bug | By Email