IETF Logo Mail Archive

Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11

Michael Baer <baerm@tislabs.com> Thu, 26 February 2015 17:50 UTC

Return-Path: <baerm@tislabs.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 256241A1B15 for <sidr@ietfa.amsl.com>; Thu, 26 Feb 2015 09:50:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amTu-0xWXTpM for <sidr@ietfa.amsl.com>; Thu, 26 Feb 2015 09:50:00 -0800 (PST)
Received: from mail.mikesoffice.com (dns.mikesoffice.com [75.101.48.145]) by ietfa.amsl.com (Postfix) with ESMTP id 7C6C11A040B for <sidr@ietf.org>; Thu, 26 Feb 2015 09:50:00 -0800 (PST)
Received: from localhost (unknown [IPv6:2001:470:1f05:274:3e97:eff:feba:52f]) by mail.mikesoffice.com (Postfix) with ESMTPSA id 1B620395D3A; Thu, 26 Feb 2015 09:50:00 -0800 (PST)
From: Michael Baer <baerm@tislabs.com>
To: Matthew Lepinski <mlepinski.ietf@gmail.com>
References: <54DA7C98.4040604@mandelberg.org> <D103DE3D.1041C%keyupate@cisco.com> <D104DC36.3310E%dougm@nist.gov> <m2wq3klab3.wl%randy@psg.com> <1423943624118.34986@nist.gov> <54E3D163.1040600@mandelberg.org> <CANTg3aAN9roAnK_3aeKnD3Y=maErB2=i5e+YaphxZe0hheWzVg@mail.gmail.com>
X-Face: "*g#dUT3; 8M9AE5dLk\\b4G\cNCQkRb.g/2QwEXQKf.:<GckOP:; wBMTb7\%Y"JI=R<M6g?6}tR)6Z7rp5X*24G\bkb!
Date: Thu, 26 Feb 2015 09:49:59 -0800
In-Reply-To: <CANTg3aAN9roAnK_3aeKnD3Y=maErB2=i5e+YaphxZe0hheWzVg@mail.gmail.com> (Matthew Lepinski's message of "Tue, 24 Feb 2015 12:38:07 -0500")
Message-ID: <87ioeor29k.fsf@rebma.mikesoffice.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/Y7ZoSo4KoZrc2CCigWaLENPiMFg>
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2015 17:50:02 -0000

I do not have any objection to the resolutions below, but I did notice
something else while looking at the NLRI processing for BGPsec.  For
prefixes that do not end on octet boundary, the value of the trailing
bits between the end of the prefix and the octet boundary are undefined.
Both RFC 4271 p20 and the multiprotocol RFC 4760 p7 use the same
language,

 "Note that the value of trailing bits is irrelevant."

I was unable to find text in another RFC or within the protocol draft
that explicitly sets these bits.  If any of those bits get changed from
what the originator signed, the signature will be invalid even though
the NLRI is otherwise valid according to the RFCs.  Practically
speaking, these bits likely get set to zero by most (all?) routers
anyway.  But it would probably be good to have text in the protocol
document explicitly setting them when creating signatures. Something
like,

"Any trailing bits in the NLRI prefix between the prefix length and the
next octet boundary are set to zero when calculating the signatures."

-Mike


>>>>> On Tue, 24 Feb 2015 12:38:07 -0500, Matthew Lepinski <mlepinski.ietf@gmail.com> said:

    ML> I am in the process of resolving issues in the bgpsec-protocol document in
    ML> order to get out a new version before Dallas.

    ML> Based on the discussion in this thread, I believe the best way forward is:
    ML> 1) Add a small amount of security considerations text to address the
    ML> original concern that David raised. (I believe the consensus is that this
    ML> concern cannot be converted into an actual attack. However, other readers
    ML> might reasonably have the same concern as David and so there is no harm
    ML> laying the concern to rest in security considerations.)

    ML> 2) Given that origin validation is now decoupled from path validation, we
    ML> will put the AFI under the BGPsec signature to avoid potential IPv4 vs IPv6
    ML> issues.

    ML> Any objections to this resolution of these issues?

    ML> - Matt Lepinski

    ML> On Tue, Feb 17, 2015 at 6:40 PM, David Mandelberg <david@mandelberg.org>
    ML> wrote:

    >> On 02/14/2015 02:53 PM, Sriram, Kotikalapudi wrote:
    >> > I agree that the solution should not merely rely on the presence of a
    >> validating ROA.
    >> > But there is some more detail here that is worth looking into. The path
    >> was fully signed
    >> > and assume all signatures are valid. Then clearly the origin AS actually
    >> announced it.
    >> > The question or ambiguity is: Did the origin AS announce 1.2.0.0/16
    >> (v4) or 102::/16 (v6)?
    >> > The ROA has AFI information, but the signed update does not (currently).
    >> >  https://tools.ietf.org/html/rfc6482#section-3.3
    >> >     “Within the ROAIPAddressFamily structure, addressFamily contains the
    >> >     Address Family Identifier (AFI) of an IP address family.  This
    >> >     specification only supports IPv4 and IPv6.  Therefore, addressFamily
    >> >     MUST be either 0001 or 0002.”
    >> >
    >> > Hence, as Keyur has surmised, there is a possibility that the ROA can
    >> help resolve the ambiguity here.
    >> > But the ambiguity would still persist if the same origin AS happens to
    >> have ROA(s) for
    >> > both prefixes 1.2.0.0/16 (v4) and 102::/16 (v6)  (though the
    >> probability is extremely small).
    >> > So, yes, a robust solution calls for something more than a validating
    >> ROA.
    >> > The ambiguity goes away if the AFI (of the announced prefix) is included
    >> by the origin AS
    >> > on the wire as well as in the sequence of octets that are signed.
    >> 
    >> When there's no attack, I don't think there's any ambiguity about what
    >> NLRI is being announced or withdrawn. RFC4760 seems to include (S)AFIs
    >> in the right places on the wire. The only change that I think needs to
    >> happen for this issue is including (S)AFIs in the data that's signed.
    >> 
    >> --
    >> David Eric Mandelberg / dseomn
    >> http://david.mandelberg.org/
    >> 
    >> 
    >> _______________________________________________
    >> sidr mailing list
    >> sidr@ietf.org
    >> https://www.ietf.org/mailman/listinfo/sidr
    >> 
    >> 

    ML> _______________________________________________
    ML> sidr mailing list
    ML> sidr@ietf.org
    ML> https://www.ietf.org/mailman/listinfo/sidr

-- 
Michael Baer
baerm@tislabs.com
Senior Software Engineer
Parsons Global Shared Services, Cyber Security Division
C: 530.902.3131

v2.23.0 | Report a Bug | By Email