IETF Logo Mail Archive

Re: [sidr] FW: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt

"Roque Gagliano (rogaglia)" <rogaglia@cisco.com> Wed, 24 October 2012 08:08 UTC

Return-Path: <rogaglia@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A59AD21F85B1 for <sidr@ietfa.amsl.com>; Wed, 24 Oct 2012 01:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J7tnLMsKu-6H for <sidr@ietfa.amsl.com>; Wed, 24 Oct 2012 01:08:40 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id A0ABE21F8592 for <sidr@ietf.org>; Wed, 24 Oct 2012 01:08:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5427; q=dns/txt; s=iport; t=1351066120; x=1352275720; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=DQkRQNnW8s993Sk0iYrefnu6cXSWFIkzVNga625cq4k=; b=Mu1ASa3liNJXXy46Q06WkPFt4LufTUXnjJ+DW8zarA+9gAQ/8T6tjUWv HSZVtiFnf4UUuL0dc0+S9chgDPpEHrVu1Nb7BW7OXNJ57GGNKyplU6lzq Hos1N1UStydd7SCmnTs1pTMl713DyYGhgI0bQQEDlf6Z7qL814+XueVJm E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EAL+gh1CtJV2Z/2dsb2JhbABEwXyBCIIeAQEBBBIBJzgFAhACAQgiFAULMhwJAgQODRqHYgubEKAAi2AVhXZgA5cKjTeBa4JvgVsBBxcGGA
X-IronPort-AV: E=Sophos;i="4.80,639,1344211200"; d="scan'208";a="134786165"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-6.cisco.com with ESMTP; 24 Oct 2012 08:08:35 +0000
Received: from xhc-aln-x07.cisco.com (xhc-aln-x07.cisco.com [173.36.12.81]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id q9O88ZoL024253 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 24 Oct 2012 08:08:35 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.176]) by xhc-aln-x07.cisco.com ([173.36.12.81]) with mapi id 14.02.0318.001; Wed, 24 Oct 2012 03:08:35 -0500
From: "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
Thread-Topic: [sidr] FW: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt
Thread-Index: AQHNrTENYVfUFBdyXUOH4ZzYAxQB0Q==
Date: Wed, 24 Oct 2012 08:08:34 +0000
Message-ID: <EF4348D391D0334996EE9681630C83F0206CDD4F@xmb-rcd-x01.cisco.com>
References: <D7A0423E5E193F40BE6E94126930C4930BA86CE472@MBCLUSTER.xchange.nist.gov> <EF4348D391D0334996EE9681630C83F0206BEF8F@xmb-rcd-x01.cisco.com> <EF4348D391D0334996EE9681630C83F0206C8BCE@xmb-rcd-x01.cisco.com> <D7A0423E5E193F40BE6E94126930C4930BA93472E0@MBCLUSTER.xchange.nist.gov> <EF4348D391D0334996EE9681630C83F0206C9D12@xmb-rcd-x01.cisco.com> <D7A0423E5E193F40BE6E94126930C4930BAA4671D2@MBCLUSTER.xchange.nist.gov>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930BAA4671D2@MBCLUSTER.xchange.nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.147.19.21]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19302.000
x-tm-as-result: No--42.873700-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-ID: <BC850FE96EBE4846A7CE43FC488B6267@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [sidr] FW: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2012 08:08:41 -0000

Hi Sriram,

Thanks for your email.

The problem I have with the way you described EKR is that it suppose that there is some sort of "coordination" between ASes in a way that an origin AS has to "trust" that whenever there is a topology change in a path, there will be a rollover by the ASes involved in those changes.

This sort of cooperation assumptions is a non-started IMHO.

All in all, I think we agreed on the path forward.

Roque

On Oct 23, 2012, at 11:24 PM, Sriram, Kotikalapudi wrote:

>> (Roque) As expressed in our document, there are many reasons to do key rollover
>> for BGPSEC certificates, just like in any PKI. Using your taxonomy, can we consider
>> EKR as emergency rollovers due to a key been compromised, changes on the
>> certificate information or local policies?
> 
> [Sriram] I think your description EKR above is different from how we described it 
> in section 5.2 of our document:
> http://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-00#section-5.2  
> EKR is *Event-driven Key Rollover*, and an "event" here is described as
> peering relationship discontinuation, policy change (e.g., change in how
> prepending was done for TE purpose, compromised key, etc.). 
> But there is more to clarify about EKR. Please see below.
> 
>> ( Roque) In my mind, the only thing that we we need to care about is if we follow the
>> periodic scheduled periodic rollover process or an emergency rollover. In general
>> the difference between the two is that in the emergency case there may not be
>> the time to wait for the RPKI process to propagate the information.
> 
> [Sriram] In EKR, there is preparedness for reaction to an "event" so that the affected router 
> can limit the window of exposure to replay attack. 
> In our description of EKR, it is NOT used in combination with PKR. 
> In the EKR, there are always 'Current' and 'Next' transit keys provisioned 
> (in addition to 'Current' and 'Next' origin keys); but this process is not periodic.
> All these keys have long NotValidAfter time in the EKR method. 
> Since 'Next' transit key is propagated in advance, there is no need to wait 
> for the RPKI process to propagate that information after an event has happened.
> So in EKR, when an event occurs, the router can immediately start
> signing with the 'Next' key and the receiving routers already have
> the corresponding pub key so they can validate the new updates. 
> The router which experienced an event and hence rolled the transit key
> will propagate a new 'Next' transit key to be prepared for any future event as well. 
> Subsequently, it will also issue a CRL for the previous cert. 
> So EKR is a complete method in itself and can be an alternative to PKR. 
> The trade-off is that EKR produces a churn only when events happen which are presumably rare,  
> but PKR produces update churn and RPKI churn in the background 
> plus it also produces update churn when events happen but less than that for EKR.
> (Side note: It is true that even in PKR, rollover of transit keys happens for maintenance 
> purpose once in long time (years); but we are focused here on the replay protection issue.)      
>> 
> -- snip --
>> 
>> (Roque) Ok, so you are focussing on the "transit" certificate rollover. This means
>> that this is a different discussion and has nothing to do with the re-play attack as
>> the technique we are pushing forward to control the windows of exposure are
>> periodic rollovers of "origin" certificates keys. Is the goal then to compare the
>> router's behavior when dealing with periodic vs emergency rollovers?
>> 
> [Sriram] No. We were comparing the amount of update churn that is created when 
> *an event happens* (as described above) in PKR vs. EKR. 
> I hope this should be clear now that I did described "event" and EKR above. 
> What we have shown is that for the same event happening, EKR generally has 
> higher (or much higher in many cases) update churn than PKR 
> for the same event happening. (OTOH, PKR has the downside of producing 
> some update/RPKI churn all the time in the background.) 
> 
> -- snip --
> 
>>> what we consider in slides 6-8 is that when the event occurs, in the PKR method
>> no cert is rolled (by design).
>> 
>> (Roque) I do not understand your comment " in the PKR method no cert is rolled
>> (by design)". The transit certificate, as any PKI certificate, will need to be rollover
>> due to two possible reasons: periodically (it has a long validity period but one day
>> it will expire) and emergency (particularly key compromised). Now, in each of
>> these cases, you need to perform a rollover process and you want to "do before
>> break" (sometimes in emergency process you do not have this option and you
>> break).
>> 
> [Sriram] I agree with your observation. But as I said we are focused here on replay protection
> and events that are of the nature of peering relation discontinuation, policy change, etc.
> Note that I did say "when the event occurs, in the PKR method no cert is rolled (by design)."
> You have also stated that the transit cert in not rolled in PKR when these "events" happen.
> 
> Sriram
>

v2.23.0 | Report a Bug | By Email