Re: [sidr] FW: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt
"Roque Gagliano (rogaglia)" <rogaglia@cisco.com> Wed, 24 October 2012 08:08 UTC
Return-Path: <rogaglia@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A59AD21F85B1 for <sidr@ietfa.amsl.com>; Wed, 24 Oct 2012 01:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J7tnLMsKu-6H for <sidr@ietfa.amsl.com>; Wed, 24 Oct 2012 01:08:40 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id A0ABE21F8592 for <sidr@ietf.org>; Wed, 24 Oct 2012 01:08:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5427; q=dns/txt; s=iport; t=1351066120; x=1352275720; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=DQkRQNnW8s993Sk0iYrefnu6cXSWFIkzVNga625cq4k=; b=Mu1ASa3liNJXXy46Q06WkPFt4LufTUXnjJ+DW8zarA+9gAQ/8T6tjUWv HSZVtiFnf4UUuL0dc0+S9chgDPpEHrVu1Nb7BW7OXNJ57GGNKyplU6lzq Hos1N1UStydd7SCmnTs1pTMl713DyYGhgI0bQQEDlf6Z7qL814+XueVJm E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EAL+gh1CtJV2Z/2dsb2JhbABEwXyBCIIeAQEBBBIBJzgFAhACAQgiFAULMhwJAgQODRqHYgubEKAAi2AVhXZgA5cKjTeBa4JvgVsBBxcGGA
X-IronPort-AV: E=Sophos;i="4.80,639,1344211200"; d="scan'208";a="134786165"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-6.cisco.com with ESMTP; 24 Oct 2012 08:08:35 +0000
Received: from xhc-aln-x07.cisco.com (xhc-aln-x07.cisco.com [173.36.12.81]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id q9O88ZoL024253 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 24 Oct 2012 08:08:35 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.176]) by xhc-aln-x07.cisco.com ([173.36.12.81]) with mapi id 14.02.0318.001; Wed, 24 Oct 2012 03:08:35 -0500
From: "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
Thread-Topic: [sidr] FW: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt
Thread-Index: AQHNrTENYVfUFBdyXUOH4ZzYAxQB0Q==
Date: Wed, 24 Oct 2012 08:08:34 +0000
Message-ID: <EF4348D391D0334996EE9681630C83F0206CDD4F@xmb-rcd-x01.cisco.com>
References: <D7A0423E5E193F40BE6E94126930C4930BA86CE472@MBCLUSTER.xchange.nist.gov> <EF4348D391D0334996EE9681630C83F0206BEF8F@xmb-rcd-x01.cisco.com> <EF4348D391D0334996EE9681630C83F0206C8BCE@xmb-rcd-x01.cisco.com> <D7A0423E5E193F40BE6E94126930C4930BA93472E0@MBCLUSTER.xchange.nist.gov> <EF4348D391D0334996EE9681630C83F0206C9D12@xmb-rcd-x01.cisco.com> <D7A0423E5E193F40BE6E94126930C4930BAA4671D2@MBCLUSTER.xchange.nist.gov>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930BAA4671D2@MBCLUSTER.xchange.nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.147.19.21]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19302.000
x-tm-as-result: No--42.873700-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-ID: <BC850FE96EBE4846A7CE43FC488B6267@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [sidr] FW: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2012 08:08:41 -0000
Hi Sriram, Thanks for your email. The problem I have with the way you described EKR is that it suppose that there is some sort of "coordination" between ASes in a way that an origin AS has to "trust" that whenever there is a topology change in a path, there will be a rollover by the ASes involved in those changes. This sort of cooperation assumptions is a non-started IMHO. All in all, I think we agreed on the path forward. Roque On Oct 23, 2012, at 11:24 PM, Sriram, Kotikalapudi wrote: >> (Roque) As expressed in our document, there are many reasons to do key rollover >> for BGPSEC certificates, just like in any PKI. Using your taxonomy, can we consider >> EKR as emergency rollovers due to a key been compromised, changes on the >> certificate information or local policies? > > [Sriram] I think your description EKR above is different from how we described it > in section 5.2 of our document: > http://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-00#section-5.2 > EKR is *Event-driven Key Rollover*, and an "event" here is described as > peering relationship discontinuation, policy change (e.g., change in how > prepending was done for TE purpose, compromised key, etc.). > But there is more to clarify about EKR. Please see below. > >> ( Roque) In my mind, the only thing that we we need to care about is if we follow the >> periodic scheduled periodic rollover process or an emergency rollover. In general >> the difference between the two is that in the emergency case there may not be >> the time to wait for the RPKI process to propagate the information. > > [Sriram] In EKR, there is preparedness for reaction to an "event" so that the affected router > can limit the window of exposure to replay attack. > In our description of EKR, it is NOT used in combination with PKR. > In the EKR, there are always 'Current' and 'Next' transit keys provisioned > (in addition to 'Current' and 'Next' origin keys); but this process is not periodic. > All these keys have long NotValidAfter time in the EKR method. > Since 'Next' transit key is propagated in advance, there is no need to wait > for the RPKI process to propagate that information after an event has happened. > So in EKR, when an event occurs, the router can immediately start > signing with the 'Next' key and the receiving routers already have > the corresponding pub key so they can validate the new updates. > The router which experienced an event and hence rolled the transit key > will propagate a new 'Next' transit key to be prepared for any future event as well. > Subsequently, it will also issue a CRL for the previous cert. > So EKR is a complete method in itself and can be an alternative to PKR. > The trade-off is that EKR produces a churn only when events happen which are presumably rare, > but PKR produces update churn and RPKI churn in the background > plus it also produces update churn when events happen but less than that for EKR. > (Side note: It is true that even in PKR, rollover of transit keys happens for maintenance > purpose once in long time (years); but we are focused here on the replay protection issue.) >> > -- snip -- >> >> (Roque) Ok, so you are focussing on the "transit" certificate rollover. This means >> that this is a different discussion and has nothing to do with the re-play attack as >> the technique we are pushing forward to control the windows of exposure are >> periodic rollovers of "origin" certificates keys. Is the goal then to compare the >> router's behavior when dealing with periodic vs emergency rollovers? >> > [Sriram] No. We were comparing the amount of update churn that is created when > *an event happens* (as described above) in PKR vs. EKR. > I hope this should be clear now that I did described "event" and EKR above. > What we have shown is that for the same event happening, EKR generally has > higher (or much higher in many cases) update churn than PKR > for the same event happening. (OTOH, PKR has the downside of producing > some update/RPKI churn all the time in the background.) > > -- snip -- > >>> what we consider in slides 6-8 is that when the event occurs, in the PKR method >> no cert is rolled (by design). >> >> (Roque) I do not understand your comment " in the PKR method no cert is rolled >> (by design)". The transit certificate, as any PKI certificate, will need to be rollover >> due to two possible reasons: periodically (it has a long validity period but one day >> it will expire) and emergency (particularly key compromised). Now, in each of >> these cases, you need to perform a rollover process and you want to "do before >> break" (sometimes in emergency process you do not have this option and you >> break). >> > [Sriram] I agree with your observation. But as I said we are focused here on replay protection > and events that are of the nature of peering relation discontinuation, policy change, etc. > Note that I did say "when the event occurs, in the PKR method no cert is rolled (by design)." > You have also stated that the transit cert in not rolled in PKR when these "events" happen. > > Sriram >
- [sidr] FW: New Version Notification for draft-sri… Sriram, Kotikalapudi
- Re: [sidr] FW: New Version Notification for draft… Roque Gagliano (rogaglia)
- Re: [sidr] FW: New Version Notification for draft… Roque Gagliano (rogaglia)
- Re: [sidr] FW: New Version Notification for draft… Sriram, Kotikalapudi
- Re: [sidr] FW: New Version Notification for draft… Roque Gagliano (rogaglia)
- Re: [sidr] FW: New Version Notification for draft… Sriram, Kotikalapudi
- Re: [sidr] FW: New Version Notification for draft… Roque Gagliano (rogaglia)
- Re: [sidr] FW: New Version Notification for draft… Sriram, Kotikalapudi