Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
David Mandelberg <david@mandelberg.org> Tue, 10 February 2015 21:48 UTC
Return-Path: <david@mandelberg.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04BAA1A86F7 for <sidr@ietfa.amsl.com>; Tue, 10 Feb 2015 13:48:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tvPqHB7uya1i for <sidr@ietfa.amsl.com>; Tue, 10 Feb 2015 13:48:01 -0800 (PST)
Received: from nm26-vm4.access.bullet.mail.gq1.yahoo.com (nm26-vm4.access.bullet.mail.gq1.yahoo.com [216.39.63.114]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AFC31A19FA for <sidr@ietf.org>; Tue, 10 Feb 2015 13:48:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1423604880; bh=/MiVZk5T1y4r+tDdGA3LtVJyAypgaCwqXxomrwx8eKU=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=XmZBfZys9styChwOrYCeGlw/vHUqdkTWOjSpyFWhyqWM7vKCsWa7E0LHhjPPm0hC6unVbRABRU7Xpg4PDuAx7VuVUMsp9H+0AUCbm1pCg7KxwkhwYsG1XJMf2Yw2/MNho7dXFimQ9xAF0OGLrTVcfX8KtqF6zXcCjz6TnjXV3nyCOKEKgUIhyoDaO8G1pRTyQI+naGxBLXS6kiTvrMj50FQxX55rgCKMMukbZ0ue9JZy29wzvVcjoXlGQ9oCPCr0FWNjIdKVMt/cU+c7FMVtx0WJZNh6nsArlMUgBoqGdn4lQCsQ2TG+qalPTW8zoUxQGD8gX27ASv0J2Iqbnu78iA==
Received: from [216.39.60.166] by nm26.access.bullet.mail.gq1.yahoo.com with NNFMP; 10 Feb 2015 21:48:00 -0000
Received: from [98.138.104.97] by tm2.access.bullet.mail.gq1.yahoo.com with NNFMP; 10 Feb 2015 21:48:00 -0000
Received: from [127.0.0.1] by smtp117.sbc.mail.ne1.yahoo.com with NNFMP; 10 Feb 2015 21:48:00 -0000
X-Yahoo-Newman-Id: 622214.60801.bm@smtp117.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: tId_3vgVM1lWbs5QvHtpoyXD..ry3abIKd_JDft6GFFSySR 1pBWcJxmTLTcul9SnhTo82fh5sm_LH5bVOH86zgKRvEw2DZhl10vaN_dhGsK J01UxZC6Fr9lm8Spkrqjb1cZl9Scdsj_arnEpXWYLaWQ_nq8YNt1XT8VLfVm LVdM5QvvbHCMyQXvfgk8kcr6.0w2kBccG5CahxB2lQ0NJaGyCRZQkip.X5yk h2HLuLCpSBu2dztk3HA69JrB9RbX9bbmERNo9zPgMl6zXp7.jLkwNaRW0a_V 18RU2cbVOLFJRg5iQ_5pMywA77g8mj15waJ4Z9Loi7ZRFmuZ8rYBF7KFN3SR 3w3mOt61OwPi3UM0f95FQ.0IcsXK76du8x2nm0wXU8WH_NWI7zw7QFPGqKYe O6zJSg8nr3whZ3f4GZbY1MhzT425CcOYkvg0nz54tNIx8uG_JIgBkxkWowrv qPJKiYAVf6rFlcbP53tpLsJ1P10VUUx4u6XXR1cLMOMq90u4eMGKk5vZmorm VCgdA.x3YW2Jwf7ug7O9pcwPrk49tpfCWONz9RYpyqNgSuHhOeTmmXi53hPV tgRpPU7iZAz5NqulTP3y.j5yU2eugKhjbRj8ytLugweweHr2.EKTzDQ6IVBt bQssZ0Rs-
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from [192.168.1.13] (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 3E3E71C6029 for <sidr@ietf.org>; Tue, 10 Feb 2015 16:47:59 -0500 (EST)
Message-ID: <54DA7C98.4040604@mandelberg.org>
Date: Tue, 10 Feb 2015 16:48:08 -0500
From: David Mandelberg <david@mandelberg.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: sidr@ietf.org
References: <4C184296-F426-40EF-9DB6-3AE87C42B516@tislabs.com> <82de0e0b8d59df99675cf4eb22996d08@mail.mandelberg.org> <87iof9r8wg.fsf@rebma.mikesoffice.com>
In-Reply-To: <87iof9r8wg.fsf@rebma.mikesoffice.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="NvX6a6Tpjkimbc7RlfbHEoARBE5P9wWxu"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/XiuDCIbOH2Hc5KnWoEvse-s_L6w>
Subject: Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Feb 2015 21:48:03 -0000
All, while coming up with the example below, I realized another issue. The structure in 4.1 doesn't include an Address Family Identifier. Unless I missed something, this means that a signature for 1.2.0.0/16 would be exactly the same as a signature for 102::/16. This would be a much more practical attack than the one I originally though of. Michael, response to your comment is below. On 02/10/2015 12:09 PM, Michael Baer wrote: > I don't believe this is a problem. The signature is calculated by > creating a digest of the data and then creating a signature from that > digest. I'm definitely not a cryptography expert, but my understanding > of digest functions generally is that with even slightly differing > input, the resulting set of bits should be completely different. > Assuming the digest function chosen is not flawed, there shouldn't be a > set of bits from the digest of 4.1 that could be used to successfully > replace the digest of 4.2, except by chance. You're right about digest algorithms being highly sensitive to changes in the input, but the issue I described is when the two inputs are equal, not just similar. For example, if a router signed the below values in the structure from 4.2: Target AS Number = 0x01020304 Origin AS Number = 0x05060708 pCount = 0x01 Flags = 0x00 Most Recent Sig Field = 0x00700102030405060708090a0b0c0d0e (See Sriram's email for why this would never actually happen with the current algorithm suite's signature length.) Then the router signed the digest of the bytes 0x0102030405060708010000700102030405060708090a0b0c0d0e. However, these exact same bytes could appear to have come from the structure in 4.1 with these values: Target AS Number = 0x01020304 Origin AS Number = 0x05060708 pCount = 0x01 Flags = 0x00 Algorithm Suite Id = 0x00 NLRI Length = 0x70 (112 bits = 14 bytes) NLRI Prefix = 0x0102030405060708090a0b0c0d0e Note that the first 16 bits of 4.2's Most Recent Sig Field can't be any values. The first 8 have to match the Algorithm Suite ID (1 possible value). The next 8 have to be a valid number of bits for the number of bytes in the prefix (8 possible values). This means that there's only a 2^-13 chance that a single random Most Recent Sig Field of the appropriate length could be reinterpreted successfully. However, with more than 2^13 signatures floating around the Internet, that's not good odds. -- David Eric Mandelberg / dseomn http://david.mandelberg.org/
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11 Sandra Murphy
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… George, Wes
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Sriram, Kotikalapudi
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Michael Baer
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Michael Baer
- [sidr] David M's point about the bgpsec protocol … Sandra Murphy
- Re: [sidr] David M's point about the bgpsec proto… Randy Bush
- Re: [sidr] David M's point about the bgpsec proto… Randy Bush
- Re: [sidr] David M's point about the bgpsec proto… Sandra Murphy
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Keyur Patel (keyupate)
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Montgomery, Douglas
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Randy Bush
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Sriram, Kotikalapudi
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Matthew Lepinski
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Michael Baer
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Sriram, Kotikalapudi
- [sidr] Levels of BGPsec/RPKI validation, was: Re:… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Roque Gagliano (rogaglia)
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… David Mandelberg
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Sandra Murphy
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Roque Gagliano (rogaglia)
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Randy Bush
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Geoff Huston
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Sriram, Kotikalapudi
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Randy Bush
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Jared Mauch
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Sriram, Kotikalapudi
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Randy Bush
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Tim Bruijnzeels
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Matthew Lepinski
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Iljitsch van Beijnum
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Matthew Lepinski
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Iljitsch van Beijnum
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Sriram, Kotikalapudi
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Stephen Kent
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Iljitsch van Beijnum
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Stephen Kent
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Sriram, Kotikalapudi