Re: [sidr] The question about https certificates and frequency of mft/crl re-issuance
Stephen Kent <kent@bbn.com> Mon, 13 June 2016 20:10 UTC
Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A771D12D614 for <sidr@ietfa.amsl.com>; Mon, 13 Jun 2016 13:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.627
X-Spam-Level:
X-Spam-Status: No, score=-4.627 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_HOME=1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4ShQ5lTzutI for <sidr@ietfa.amsl.com>; Mon, 13 Jun 2016 13:10:45 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B009A12D62D for <sidr@ietf.org>; Mon, 13 Jun 2016 13:10:40 -0700 (PDT)
Received: from ssh.bbn.com ([192.1.122.15]:51682 helo=COMSEC.fios-router.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1bCYBz-000PQW-Fx for sidr@ietf.org; Mon, 13 Jun 2016 16:10:39 -0400
To: sidr@ietf.org
References: <1CD27ACC-F5D2-4F11-8DD5-2B1F42544406@ripe.net>
From: Stephen Kent <kent@bbn.com>
Message-ID: <396e87de-9ed6-a49d-2f17-68a1a43df60d@bbn.com>
Date: Mon, 13 Jun 2016 16:10:39 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <1CD27ACC-F5D2-4F11-8DD5-2B1F42544406@ripe.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/Z-Ej_wnNmBHhtuGCOu4od5Mf6lc>
Subject: Re: [sidr] The question about https certificates and frequency of mft/crl re-issuance
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2016 20:10:47 -0000
Tim, Sorry to have not replied sooner. > Hi all, > > I promised to take this to list. > > So, as presented today, the volume of updates of MFTs and CRLs in the RIPE NCC repository vs updates of ROAs is about 1000:1. This is a bad signal -to-noise ratio that causes waste of cycles and bandwidth. > > = Why this noisy? MITM.. > We get this, because we use a 'next update time' of 24 hours, but we actually republish every 8 hours to make sure that we can fix issues before things go stale. In my understanding we need this because of man-in-the-middle attacks involving replay or withhold. And rsync is vulnerable to this (clear text, and no authentication of server). If an RP is being fed old data, they would notice that something is wrong within 24 hours. A longer period seems scary.. If this understanding is wrong I would love to be educated. I think an 8-hour cycle is very much overkill, despite the good intentions that motivated it. An RP should detect when a manifest is stale, since the manifest carries a next publication date. It's a local matter as to how stale a Manifest can be before an RP sounds an alarm. The actions an RP MAY take in the face of a stale Manifest are also largely a local matter, as per RFC 6486. So, I don't think an 8-hour re-pub rate is warranted given these local policy aspects of Manifest processing. Similarly, daily CRL publication strikes me as overkill as well. Yes, it's nice to be able to say that IF there were a need to revoke a cert, everyone could know about that in 24 hours. BUT, revocations in many PKIs are fairly rare, and in the RPKI they seem very infrequent as well, right? I'd suggest a default next update frequency for both CRLs and Manifests of 1 week. This should be shortened if a resource is about to be transferred, or there is a planned key rollover, etc. If we adopt 1 week as the default, then pushing out new versions every 3-4 days would be reasonable, IMHO. These changes would reduce churn by a factor of 10 or so. > = Solved by https? > But assuming this does make sense, I wondered whether RRDP with httpS offers a way out of this. With RRDP a CA signs a certificate with an https URL like: https//my.repository.example.org/notification.xml. We can trust this because it's on a signed certificate. Now, if we can also exclude mitm, because we can trust the httpS certificate, this would allow for a much longer period 'next update time'. And in the meantime the RP would still learn about updates before this, because the notification.xml is checked regularly and would include any changes ahead of this. I'm not sure I understand the analysis above. In the current scheme, the next update times for CRLs and Manifests are signed objects too. yes, an RP could learn about an earlier update IF there is no attack that prevents timely dissemination of the notification file. But, what prevents an attacker from delaying such notifications? I'll have to think about your TA questions some more before replying. Steve
- Re: [sidr] come on people Re: The question about … Rob Austein
- Re: [sidr] come on people Re: The question about … Tim Bruijnzeels
- Re: [sidr] come on people Re: The question about … Randy Bush
- Re: [sidr] come on people Re: The question about … Sandra Murphy
- [sidr] The question about https certificates and … Tim Bruijnzeels
- [sidr] come on people Re: The question about http… Sandra Murphy
- Re: [sidr] The question about https certificates … Stephen Kent