Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11

"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Sat, 07 February 2015 23:29 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC3821A6F20 for <sidr@ietfa.amsl.com>; Sat, 7 Feb 2015 15:29:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.502
X-Spam-Level:
X-Spam-Status: No, score=-0.502 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNe41La1b5qG for <sidr@ietfa.amsl.com>; Sat, 7 Feb 2015 15:29:03 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0737.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:737]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7E1A1A1B78 for <sidr@ietf.org>; Sat, 7 Feb 2015 15:29:02 -0800 (PST)
Received: from DM2PR09MB0302.namprd09.prod.outlook.com (25.160.96.147) by DM2PR09MB0302.namprd09.prod.outlook.com (25.160.96.147) with Microsoft SMTP Server (TLS) id 15.1.65.19; Sat, 7 Feb 2015 23:28:39 +0000
Received: from DM2PR09MB0302.namprd09.prod.outlook.com ([25.160.96.147]) by DM2PR09MB0302.namprd09.prod.outlook.com ([25.160.96.147]) with mapi id 15.01.0065.013; Sat, 7 Feb 2015 23:28:38 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: David Mandelberg <david@mandelberg.org>, "sidr@ietf.org" <sidr@ietf.org>
Thread-Topic: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
Thread-Index: AQHQObnP/eFvHk0J6E2CzGstO0tmlJzjGf4AgALK1hw=
Date: Sat, 07 Feb 2015 23:28:38 +0000
Message-ID: <1423351717341.84961@nist.gov>
References: <4C184296-F426-40EF-9DB6-3AE87C42B516@tislabs.com>, <82de0e0b8d59df99675cf4eb22996d08@mail.mandelberg.org>
In-Reply-To: <82de0e0b8d59df99675cf4eb22996d08@mail.mandelberg.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [129.6.219.5]
authentication-results: mandelberg.org; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR09MB0302;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:DM2PR09MB0302;
x-forefront-prvs: 0480A51D4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(99286002)(46102003)(76176999)(50986999)(2900100001)(230783001)(106116001)(117636001)(92566002)(66066001)(102836002)(2950100001)(54356999)(107886001)(86362001)(87936001)(77156002)(2656002)(40100003)(2501002)(122556002)(36756003)(62966003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0302; H:DM2PR09MB0302.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2015 23:28:38.1094 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0302
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/_JKkBYSJefaWa-0aO3NePDFsedY>
Subject: Re: [sidr] wglc for draft-ietf-sidr-bgpsec-protocol-11
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Feb 2015 23:29:05 -0000

>It might be possible for an attacker to take a valid signature of data from the structure in 4.2, 
>and present it as a valid signature of the same bytes interpreted with the structure in 4.1.

If you have worked out a concrete example showing how the attack works, 
it would be good to see that. For this type of attack to be feasible, is it required that the size 
of the signature field equals the combined size of {Alg. ID, NLRI length, NLRI prefix}?
If yes, observe that the size of the signature field (ECDSA-P256) = 64 octets + a few variable #octets,
and the combined size of {Alg. ID, NLRI length, NLRI prefix} is either 6 octets (IPv4) or 18 octets (IPv6).

Sriram