Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
"Keyur Patel (keyupate)" <keyupate@cisco.com> Sat, 14 February 2015 01:03 UTC
Return-Path: <keyupate@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88A601A00FF for <sidr@ietfa.amsl.com>; Fri, 13 Feb 2015 17:03:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtPIN2SmSHvs for <sidr@ietfa.amsl.com>; Fri, 13 Feb 2015 17:03:50 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 913E51A03A9 for <sidr@ietf.org>; Fri, 13 Feb 2015 17:03:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2765; q=dns/txt; s=iport; t=1423875830; x=1425085430; h=from:to:subject:date:message-id:in-reply-to:content-id: content-transfer-encoding:mime-version; bh=OEYJXT/cn1THWOgEojWrVLirkWjHL8EYGjQuNOpKqcE=; b=EaRLGoqMkkcGueXvzazBX1GFitpAF9RBnlFUfAP9TChoWKrmhwyfCWZl ZftsVeante0G49WwmsRymT77GYwVuvhJLkeEgfTpAnWxuJ8FLhk4v3HaH zKXnCK632DpZPT9nieE19fdA1pbETloR28u5Fq8GOCJNTSJyT2C6Ywk3d o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AmQFABie3lStJA2N/2dsb2JhbABbgwZSWgTCKoV1AoERQwEBAQEBAXyEDQEBBGsgAQgYYCUCBAESiC3UYAEBAQEBBQEBAQEeiwyECxEBV4QqBYoJhSuDVoVfgRg4jXeDPiKBfx+BUG+BBAcXBhx/AQEB
X-IronPort-AV: E=Sophos;i="5.09,574,1418083200"; d="scan'208";a="392925928"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-1.cisco.com with ESMTP; 14 Feb 2015 01:03:49 +0000
Received: from xhc-aln-x13.cisco.com (xhc-aln-x13.cisco.com [173.36.12.87]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id t1E13nSf029250 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sat, 14 Feb 2015 01:03:49 GMT
Received: from xmb-aln-x09.cisco.com ([169.254.4.43]) by xhc-aln-x13.cisco.com ([173.36.12.87]) with mapi id 14.03.0195.001; Fri, 13 Feb 2015 19:03:49 -0600
From: "Keyur Patel (keyupate)" <keyupate@cisco.com>
To: David Mandelberg <david@mandelberg.org>, "sidr@ietf.org" <sidr@ietf.org>
Thread-Topic: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
Thread-Index: AQHQR/IX9pGexz7OlEWPwIvxYzjWpA==
Date: Sat, 14 Feb 2015 01:03:48 +0000
Message-ID: <D103DE3D.1041C%keyupate@cisco.com>
In-Reply-To: <54DA7C98.4040604@mandelberg.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.8.130913
x-originating-ip: [10.24.123.137]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <FDF65CCE24D19A42BAC7B534C10CC8E0@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/RvxQM_YrZOVmwHLisQM0w0bn7l4>
Subject: Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Feb 2015 01:03:54 -0000
Hi David, On 2/10/15, 1:48 PM, "David Mandelberg" <david@mandelberg.org> wrote: >All, while coming up with the example below, I realized another issue. >The structure in 4.1 doesn't include an Address Family Identifier. >Unless I missed something, this means that a signature for 1.2.0.0/16 >would be exactly the same as a signature for 102::/16. This would be a >much more practical attack than the one I originally though of. But, isn¹t this issue covered by origin-AS validation? Regards, Keyur > >Michael, response to your comment is below. > >On 02/10/2015 12:09 PM, Michael Baer wrote: >> I don't believe this is a problem. The signature is calculated by >> creating a digest of the data and then creating a signature from that >> digest. I'm definitely not a cryptography expert, but my understanding >> of digest functions generally is that with even slightly differing >> input, the resulting set of bits should be completely different. >> Assuming the digest function chosen is not flawed, there shouldn't be a >> set of bits from the digest of 4.1 that could be used to successfully >> replace the digest of 4.2, except by chance. > >You're right about digest algorithms being highly sensitive to changes >in the input, but the issue I described is when the two inputs are >equal, not just similar. For example, if a router signed the below >values in the structure from 4.2: > >Target AS Number = 0x01020304 >Origin AS Number = 0x05060708 >pCount = 0x01 >Flags = 0x00 >Most Recent Sig Field = 0x00700102030405060708090a0b0c0d0e (See Sriram's >email for why this would never actually happen with the current >algorithm suite's signature length.) > >Then the router signed the digest of the bytes >0x0102030405060708010000700102030405060708090a0b0c0d0e. However, these >exact same bytes could appear to have come from the structure in 4.1 >with these values: > >Target AS Number = 0x01020304 >Origin AS Number = 0x05060708 >pCount = 0x01 >Flags = 0x00 >Algorithm Suite Id = 0x00 >NLRI Length = 0x70 (112 bits = 14 bytes) >NLRI Prefix = 0x0102030405060708090a0b0c0d0e > >Note that the first 16 bits of 4.2's Most Recent Sig Field can't be any >values. The first 8 have to match the Algorithm Suite ID (1 possible >value). The next 8 have to be a valid number of bits for the number of >bytes in the prefix (8 possible values). This means that there's only a >2^-13 chance that a single random Most Recent Sig Field of the >appropriate length could be reinterpreted successfully. However, with >more than 2^13 signatures floating around the Internet, that's not good >odds. > >-- >David Eric Mandelberg / dseomn >http://david.mandelberg.org/ >
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11 Sandra Murphy
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… George, Wes
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Sriram, Kotikalapudi
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Michael Baer
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Michael Baer
- [sidr] David M's point about the bgpsec protocol … Sandra Murphy
- Re: [sidr] David M's point about the bgpsec proto… Randy Bush
- Re: [sidr] David M's point about the bgpsec proto… Randy Bush
- Re: [sidr] David M's point about the bgpsec proto… Sandra Murphy
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Keyur Patel (keyupate)
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Montgomery, Douglas
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Randy Bush
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Sriram, Kotikalapudi
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Matthew Lepinski
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Michael Baer
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Sriram, Kotikalapudi
- [sidr] Levels of BGPsec/RPKI validation, was: Re:… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Roque Gagliano (rogaglia)
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… David Mandelberg
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Sandra Murphy
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Roque Gagliano (rogaglia)
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Randy Bush
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Geoff Huston
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Sriram, Kotikalapudi
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Randy Bush
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Jared Mauch
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Sriram, Kotikalapudi
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Randy Bush
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Tim Bruijnzeels
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Matthew Lepinski
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Iljitsch van Beijnum
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Matthew Lepinski
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Iljitsch van Beijnum
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Sriram, Kotikalapudi
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Stephen Kent
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Iljitsch van Beijnum
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Stephen Kent
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Sriram, Kotikalapudi