Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
David Mandelberg <david@mandelberg.org> Mon, 09 February 2015 20:17 UTC
Return-Path: <david@mandelberg.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4A971A88A4 for <sidr@ietfa.amsl.com>; Mon, 9 Feb 2015 12:17:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2LJsB7gpT86b for <sidr@ietfa.amsl.com>; Mon, 9 Feb 2015 12:16:56 -0800 (PST)
Received: from nm16-vm8.access.bullet.mail.gq1.yahoo.com (nm16-vm8.access.bullet.mail.gq1.yahoo.com [216.39.63.224]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FD2F1A8864 for <sidr@ietf.org>; Mon, 9 Feb 2015 12:16:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1423513016; bh=lnCUDOKmsHAZ+S3tJYZ/TzfUdwFQ+SCSIWXLmJv9uak=; h=Date:From:To:Subject:In-Reply-To:References:From:Subject; b=kZFgXmtFoYjEminZeM1r48lQm2N3LJ3WVuyqKdP1Tp0X+41E/JwKwD8G2HY78ta8M9/HPjrc6dJ4HU8ZE5LxdwFXZJIj1Y+VQa0yPz+QjVNKrexsAretaibJ4GW/UMuX1QEq/8ljYJZYdSWzwgOZETud9iPioRMF4wYKGf1v2emky2llCbdsDIx4rh4drCitVvXkL++12hy6FlIim7KeT6XO22R4YMReZ2T95yl+wbngBvR0EjKmBlT0b1OgCWosmQ3soITKVpd4YNEZcz6G93/TZXentZZweVnodPu0qqPPCROz+qLyN3j1Vrb8D5krrOoVjZ/7CpAHwiCWzhgw7A==
Received: from [216.39.60.171] by nm16.access.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2015 20:16:56 -0000
Received: from [98.138.226.241] by tm7.access.bullet.mail.gq1.yahoo.com with NNFMP; 09 Feb 2015 20:16:56 -0000
Received: from [127.0.0.1] by smtp112.sbc.mail.ne1.yahoo.com with NNFMP; 09 Feb 2015 20:16:56 -0000
X-Yahoo-Newman-Id: 129169.43184.bm@smtp112.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 9YHrl6QVM1nm2nJ1f4ycQAL91aZp.Wg961o0UT3S.wQRpWk .Bru2Ug8REhu5i_aZc7wE7HwH086HE_ETpPAwTzLokbdilvCOOrcNqsmK_N1 dqZW_jSJDJU.7nMJkjIJqpWe4Xwnz4jAhj1JBTkqnqQzdC2Oj3EWlDzPHeCi 24WrBjqFHrNwUm.pHmBp9OUlV2ZJb6nAMgvl6o.u3fl6ebY3wGahtXsQc2kU 76BYKN8IAEB0H31hl7hkeHSzRRRxEabH_4TI_V_q3EEA_q9.SpI1YCSCXb1z Bmy4JS72wpZsffc_fT67GjgVus0P60ALhViCO.9KRXq.zzl3s_yoHAanAofC BexMTcCBA4ZdY3lpgegVgZGUleGRcZpXLk2.p8Q_TrFFJoKt5x.2eUGrjhfL sbB01KdBFsvExtvsjityCUHBX0JBrfriwogjXUCm_03INOfqmpDqeMQjaf0u Ch62D7Bi8apU78q29wWiu9YxTGNhCv9odcZAX8ForstOiSwvHO56Dp0bQeoq mZ5VoqkNRwSpJNlmhG0frg5vUu2SuPTDu6iz3mcICqvlGMPv1R_dSsFjyJOU EaQJie0SbGiaN7S6Y7zcIBpW6xI0kCcYwtfy8BeiCYLXrGSJ3bA--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from secure.mandelberg.org (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id CAA411C6029 for <sidr@ietf.org>; Mon, 9 Feb 2015 15:16:54 -0500 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Mon, 09 Feb 2015 15:16:54 -0500
From: David Mandelberg <david@mandelberg.org>
To: sidr@ietf.org
In-Reply-To: <1423351717341.84961@nist.gov>
References: <4C184296-F426-40EF-9DB6-3AE87C42B516@tislabs.com>, <82de0e0b8d59df99675cf4eb22996d08@mail.mandelberg.org> <1423351717341.84961@nist.gov>
Message-ID: <372b33e64a0cb7c5f516dd88a09b9e8a@mail.mandelberg.org>
X-Sender: david@mandelberg.org
User-Agent: Roundcube Webmail/0.7.2
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/ZH8OQhDBZYRP99k_MYjXJ12CWzw>
Subject: Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Feb 2015 20:17:03 -0000
On 2015-02-07 18:28, Sriram, Kotikalapudi wrote: >>It might be possible for an attacker to take a valid signature of >> data from the structure in 4.2, >>and present it as a valid signature of the same bytes interpreted >> with the structure in 4.1. > > If you have worked out a concrete example showing how the attack > works, > it would be good to see that. For this type of attack to be feasible, > is it required that the size > of the signature field equals the combined size of {Alg. ID, NLRI > length, NLRI prefix}? Yes, that's correct. > If yes, observe that the size of the signature field (ECDSA-P256) = > 64 octets + a few variable #octets, > and the combined size of {Alg. ID, NLRI length, NLRI prefix} is > either 6 octets (IPv4) or 18 octets (IPv6). Good catch. It seems that for a feasible attack, a future algorithm suite would need to have much shorter signatures (unlikely) or bgpsec would need to be extended to something with much longer NLRI prefixes (who's ready for IPv8?!) So this isn't going to bite us for a very long time, if ever. Should we (1) prevent that remote possibility by adding a single byte to both to-be-signed structures (which doesn't add any bytes on the wire), (2) make a note in the security considerations, or (3) just ignore this as too unlikely to care about? If we choose either 2 or 3, won't it be very difficult to change our minds once bgpsec is deployed? How hard is it to do (1) now? -- David Eric Mandelberg / dseomn http://david.mandelberg.org/
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11 Sandra Murphy
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… George, Wes
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Sriram, Kotikalapudi
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Michael Baer
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Michael Baer
- [sidr] David M's point about the bgpsec protocol … Sandra Murphy
- Re: [sidr] David M's point about the bgpsec proto… Randy Bush
- Re: [sidr] David M's point about the bgpsec proto… Randy Bush
- Re: [sidr] David M's point about the bgpsec proto… Sandra Murphy
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Keyur Patel (keyupate)
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Montgomery, Douglas
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Randy Bush
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Sriram, Kotikalapudi
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… David Mandelberg
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Matthew Lepinski
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Michael Baer
- Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protoc… Sriram, Kotikalapudi
- [sidr] Levels of BGPsec/RPKI validation, was: Re:… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Roque Gagliano (rogaglia)
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… David Mandelberg
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Sandra Murphy
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Roque Gagliano (rogaglia)
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Randy Bush
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Geoff Huston
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Sriram, Kotikalapudi
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Randy Bush
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Jared Mauch
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Sriram, Kotikalapudi
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Iljitsch van Beijnum
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Randy Bush
- Re: [sidr] [Idr] Levels of BGPsec/RPKI validation… Tim Bruijnzeels
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Matthew Lepinski
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Iljitsch van Beijnum
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Matthew Lepinski
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Iljitsch van Beijnum
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Sriram, Kotikalapudi
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Stephen Kent
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Iljitsch van Beijnum
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Stephen Kent
- Re: [sidr] Levels of BGPsec/RPKI validation, was:… Sriram, Kotikalapudi