IETF Logo Mail Archive

Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11

David Mandelberg <david@mandelberg.org> Mon, 09 February 2015 20:17 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4A971A88A4 for <sidr@ietfa.amsl.com>; Mon, 9 Feb 2015 12:17:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2LJsB7gpT86b for <sidr@ietfa.amsl.com>; Mon, 9 Feb 2015 12:16:56 -0800 (PST)
Received: from nm16-vm8.access.bullet.mail.gq1.yahoo.com (nm16-vm8.access.bullet.mail.gq1.yahoo.com [216.39.63.224]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FD2F1A8864 for <sidr@ietf.org>; Mon, 9 Feb 2015 12:16:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1423513016; bh=lnCUDOKmsHAZ+S3tJYZ/TzfUdwFQ+SCSIWXLmJv9uak=; h=Date:From:To:Subject:In-Reply-To:References:From:Subject; b=kZFgXmtFoYjEminZeM1r48lQm2N3LJ3WVuyqKdP1Tp0X+41E/JwKwD8G2HY78ta8M9/HPjrc6dJ4HU8ZE5LxdwFXZJIj1Y+VQa0yPz+QjVNKrexsAretaibJ4GW/UMuX1QEq/8ljYJZYdSWzwgOZETud9iPioRMF4wYKGf1v2emky2llCbdsDIx4rh4drCitVvXkL++12hy6FlIim7KeT6XO22R4YMReZ2T95yl+wbngBvR0EjKmBlT0b1OgCWosmQ3soITKVpd4YNEZcz6G93/TZXentZZweVnodPu0qqPPCROz+qLyN3j1Vrb8D5krrOoVjZ/7CpAHwiCWzhgw7A==
Received: from [216.39.60.171] by nm16.access.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2015 20:16:56 -0000
Received: from [98.138.226.241] by tm7.access.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2015 20:16:56 -0000
Received: from [127.0.0.1] by smtp112.sbc.mail.ne1.yahoo.com with NNFMP; 09 Feb 2015 20:16:56 -0000
X-Yahoo-Newman-Id: 129169.43184.bm@smtp112.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 9YHrl6QVM1nm2nJ1f4ycQAL91aZp.Wg961o0UT3S.wQRpWk .Bru2Ug8REhu5i_aZc7wE7HwH086HE_ETpPAwTzLokbdilvCOOrcNqsmK_N1 dqZW_jSJDJU.7nMJkjIJqpWe4Xwnz4jAhj1JBTkqnqQzdC2Oj3EWlDzPHeCi 24WrBjqFHrNwUm.pHmBp9OUlV2ZJb6nAMgvl6o.u3fl6ebY3wGahtXsQc2kU 76BYKN8IAEB0H31hl7hkeHSzRRRxEabH_4TI_V_q3EEA_q9.SpI1YCSCXb1z Bmy4JS72wpZsffc_fT67GjgVus0P60ALhViCO.9KRXq.zzl3s_yoHAanAofC BexMTcCBA4ZdY3lpgegVgZGUleGRcZpXLk2.p8Q_TrFFJoKt5x.2eUGrjhfL sbB01KdBFsvExtvsjityCUHBX0JBrfriwogjXUCm_03INOfqmpDqeMQjaf0u Ch62D7Bi8apU78q29wWiu9YxTGNhCv9odcZAX8ForstOiSwvHO56Dp0bQeoq mZ5VoqkNRwSpJNlmhG0frg5vUu2SuPTDu6iz3mcICqvlGMPv1R_dSsFjyJOU EaQJie0SbGiaN7S6Y7zcIBpW6xI0kCcYwtfy8BeiCYLXrGSJ3bA--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from secure.mandelberg.org (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id CAA411C6029 for <sidr@ietf.org>; Mon, 9 Feb 2015 15:16:54 -0500 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Mon, 09 Feb 2015 15:16:54 -0500
From: David Mandelberg <david@mandelberg.org>
To: sidr@ietf.org
In-Reply-To: <1423351717341.84961@nist.gov>
References: <4C184296-F426-40EF-9DB6-3AE87C42B516@tislabs.com>, <82de0e0b8d59df99675cf4eb22996d08@mail.mandelberg.org> <1423351717341.84961@nist.gov>
Message-ID: <372b33e64a0cb7c5f516dd88a09b9e8a@mail.mandelberg.org>
X-Sender: david@mandelberg.org
User-Agent: Roundcube Webmail/0.7.2
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/ZH8OQhDBZYRP99k_MYjXJ12CWzw>
Subject: Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Feb 2015 20:17:03 -0000

On 2015-02-07 18:28, Sriram, Kotikalapudi wrote:
>>It might be possible for an attacker to take a valid signature of 
>> data from the structure in 4.2,
>>and present it as a valid signature of the same bytes interpreted 
>> with the structure in 4.1.
>
> If you have worked out a concrete example showing how the attack 
> works,
> it would be good to see that. For this type of attack to be feasible,
> is it required that the size
> of the signature field equals the combined size of {Alg. ID, NLRI
> length, NLRI prefix}?

Yes, that's correct.

> If yes, observe that the size of the signature field (ECDSA-P256) =
> 64 octets + a few variable #octets,
> and the combined size of {Alg. ID, NLRI length, NLRI prefix} is
> either 6 octets (IPv4) or 18 octets (IPv6).

Good catch. It seems that for a feasible attack, a future algorithm 
suite would need to have much shorter signatures (unlikely) or bgpsec 
would need to be extended to something with much longer NLRI prefixes 
(who's ready for IPv8?!) So this isn't going to bite us for a very long 
time, if ever. Should we (1) prevent that remote possibility by adding a 
single byte to both to-be-signed structures (which doesn't add any bytes 
on the wire), (2) make a note in the security considerations, or (3) 
just ignore this as too unlikely to care about? If we choose either 2 or 
3, won't it be very difficult to change our minds once bgpsec is 
deployed? How hard is it to do (1) now?

-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/

v2.23.0 | Report a Bug | By Email