Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees

David Mandelberg <david@mandelberg.org> Wed, 09 September 2015 01:01 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3558A1A0007 for <sidr@ietfa.amsl.com>; Tue, 8 Sep 2015 18:01:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Level:
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9uHbuuzIWKIm for <sidr@ietfa.amsl.com>; Tue, 8 Sep 2015 18:01:25 -0700 (PDT)
Received: from nm18-vm1.access.bullet.mail.gq1.yahoo.com (nm18-vm1.access.bullet.mail.gq1.yahoo.com [216.39.63.16]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A1201B2D05 for <sidr@ietf.org>; Tue, 8 Sep 2015 18:01:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1441760484; bh=uyKgZZ2W1R7p+9CfuwlbpjcNw/b6CRUJMkhFxDDGKvo=; h=Date:From:To:Subject:In-Reply-To:References:From:Subject; b=LD6g8/0OYCTpYoE+pmRA65dDCOhF7EjsUg1Zatd6oM56LbVp0uzX2tKQFJHYOToaPt1oGxxFKYq8MmaV8BMtp6gW5JROTzenKho1LhT6SxWxZ2d3gOGe2Tx4YWRiS3D0umq1Q0hfgGZAxF85/i8YRTRrjiG5R1HGXrv3uTyx240FlCBVa8BNpe3cHXh5Wk/zixGTYIWLllrEUg6Tvajz3kE4mFDbyCgNwBI5O4RvuiS7fu+KZznXPlr52b/xhdGDDdBJjRp1QdQKWZbF0o3SaAtcycX5mhlmprZMQxC943w1nqvr9gOxLPUIa/7TVRB407utHsqR2ErqLvKOYsxxZQ==
Received: from [216.39.60.172] by nm18.access.bullet.mail.gq1.yahoo.com with NNFMP; 09 Sep 2015 01:01:24 -0000
Received: from [98.138.104.99] by tm8.access.bullet.mail.gq1.yahoo.com with NNFMP; 09 Sep 2015 01:01:24 -0000
Received: from [127.0.0.1] by smtp119.sbc.mail.ne1.yahoo.com with NNFMP; 09 Sep 2015 01:01:24 -0000
X-Yahoo-Newman-Id: 461376.38377.bm@smtp119.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: J0dzH2QVM1nU3v5.1KxSDVX2UIVZF5._.IBRcQVv_wP1DaT Vn.jJFS4DYYoSIDjgUOsxwx6EvEcWUwJwBZr8EC2rMTFtUboHV3Oz0x.xSGf LEwDwUzUl9wrEEKbCkvQMllAzAO2tGOw3ciF5vGcOapL4mM7I5Sf56Tnva.q FaY8Z1iO851QAM2jsuX_4xuXWd9KW.IPGzV_yaa4NXSuRj_mKyCc.c41FWN3 YPjdOcZ.o4nkJ14bLJg9X.dMxfwTTCDvzCWOy19W4ycP6EdSu8O1uO5waD6R og3s4c5P7tqP24SGOgHbO6pLIZooA1.UnIbWfXec_ZA_chVXCOPqbxFJo7Zs 1Wb574.dSH4cEJrxEKUJforyh5g62uAquFqxzmrcci2olL1Rdgu4mQBu9Tcr TFYldHdhL35daIS2FYhAtEB_Oa.s9Sq9.cYktZ7L0sF_oeSi1eiXlAZl57IM kmJ3NUJyYbMCqH5TofK4qxT4kmejxpuK.OPbnYK7Ao8CSlfw3UWd_SRohf_i vDaZT027jktAXO4iswcez6xvqdenzcvoS9o7_mQ--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from secure.mandelberg.org (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id CDA631C6095 for <sidr@ietf.org>; Tue, 8 Sep 2015 21:01:22 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Tue, 08 Sep 2015 21:01:22 -0400
From: David Mandelberg <david@mandelberg.org>
To: sidr@ietf.org
In-Reply-To: <D204DB7C.387BC%oliver.borchert@nist.gov>
References: <f12cf36b3ee80798852c3fa13485b50d@mail.mandelberg.org> <CY1PR09MB0793AAC5E6D10477A6351A96846F0@CY1PR09MB0793.namprd09.prod.outlook.com> <20150827175826.A35401AC51E2@minas-ithil.hactrn.net> <D204D873.387AB%oliver.borchert@nist.gov> <D204DB7C.387BC%oliver.borchert@nist.gov>
Message-ID: <a99f4dc3555c85ac70d2dae0a117fc91@mail.mandelberg.org>
X-Sender: david@mandelberg.org
User-Agent: Roundcube Webmail/0.7.2
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/b4G9KopWS9qWlBFXN3f1fp8FqKs>
Subject: Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 01:01:27 -0000

On 2015-08-27 15:23, Borchert, Oliver wrote:
> If I understand Davids attack vector correct than the attack would 
> look
> as follows:
>
> For the path -> A -> B -> C -> D -> E with A and D conspiring and B 
> and C
> only signing but not validating:
>
> A signs the path to D and not to B but sends it to B. Because B and C
> do not validate, just sign they forward the path to D.
> D removed B and C from the path and forwards the path as -> A -> D  
> to E.
> Now E verifies the path as valid and moves on.
>
> If this is what David had in mind then I agree that the security 
> guarantee
> in 7.1 does not hold up.

This is one type of attack that uses the issue I raised, but this 
specific attack doesn't seem problematic to me. A and D can always set 
up a BGPsec tunnel to accomplish the same result of removing B and C 
from the path, and there's not much we can do to stop that.

-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/