IETF Logo Mail Archive

Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?

Christopher Morrow <morrowc.lists@gmail.com> Sat, 04 June 2011 02:26 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D70EAE06EC for <sidr@ietfa.amsl.com>; Fri, 3 Jun 2011 19:26:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K7YYIWlM0fcr for <sidr@ietfa.amsl.com>; Fri, 3 Jun 2011 19:26:36 -0700 (PDT)
Received: from mail-px0-f182.google.com (mail-px0-f182.google.com [209.85.212.182]) by ietfa.amsl.com (Postfix) with ESMTP id BB2A0E0752 for <sidr@ietf.org>; Fri, 3 Jun 2011 19:26:36 -0700 (PDT)
Received: by pxi20 with SMTP id 20so1801956pxi.27 for <sidr@ietf.org>; Fri, 03 Jun 2011 19:26:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=jbyTYRTB4LwbN4k009aazvve60cJnRPz6fEk8ro/y+k=; b=XR4XHUwAV6mtinuLIavYInjUhFbyUdpWnc2CTRw5GXApxL+xO06k5huSSYQBFVYx/m oGA9J9soXJeGoIK4+Kr9jYCjVqPC3GDLGZdKGClS+4+jgX1f0sRn34DlATZ7Gs9McDec kFbDUMsJt26GMBh4fAfpsE/sHvITOVOKy+vlM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=PrKXjNteN3fNEHKtXVBUKp8CyIuxHSLjCor4lBZhh+VmiJotib4O0OcBX997SJpi00 cD7pNHdayLXfP+jcvjtItqk++CX8F75OiPj+utV59py9xrO5nwmcW0Jp5zIURzB+EB6a oRTJqmzqb6BOq6a9GU9utIv0YUh1Bwmkz8CQ0=
MIME-Version: 1.0
Received: by 10.68.35.72 with SMTP id f8mr1106899pbj.83.1307154395408; Fri, 03 Jun 2011 19:26:35 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.68.44.106 with HTTP; Fri, 3 Jun 2011 19:26:35 -0700 (PDT)
In-Reply-To: <D1D8138DDF34B34B8BC68A11262D10790F6233E0E3@EUSAACMS0701.eamcs.ericsson.se>
References: <4DAF44AC.8060408@isi.edu> <E3076C4C-F27C-40A8-A033-2EBB8C39A3D2@cisco.com> <4DAF796C.7010807@isi.edu> <BANLkTi=Oc-fEKOYCRQqM97wPxSSXjrdTRw@mail.gmail.com> <409BDC5C-FE86-444A-BC0D-6DA00E7BF0F3@isi.edu> <BANLkTikLi2p7UipJ!TRSQqVOL6GkLn=j9iA@mail.gmail.com> <F0FABE61-FC1D-45ED-A21D-ED7A1228A997@isi.edu> <01eb01cc0325$6e4fd260$4001a8c0@gateway.2wire.net> <4DB592B3.3090805@isi.edu> <033e01cc05a8$0a82f160$4001a8c0@gateway.2wire.net> <4DB9A456.3060709@isi.edu> <BANLkTikg18FV5H0bOdOfWMzpTcm_B__EVQ@mail.gmail.com> <017b01cc13ff$0cb6da40$4001a8c0@gateway.2wire.net> <BANLkTink82qvhge6rRhqt5+h-2mEkKBMhA@mail.gmail.com> <m21uzwr3tw.wl%randy@psg.com> <BANLkTimPnMfE1ii=6uwAckoFY0yUU=w43g@mail.gmail.com> <BANLkTinu8pxxCj4cdJzbS3z5h=8=s+U3Gw@mail.gmail.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E006@EUSAACMS0701.eamcs.ericsson.se> <Pine.WNT.4.64.1106031624560.2148@SMURPHY-LT.columbia.ads.sparta.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E04A@EUSAACMS0701.eamcs.ericsson.se> <BANLkTi=OcqYbBReP+F+6e+mdqySEWPkq4Q@mail.gmail.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E0E3@EUSAACMS0701.eamcs.ericsson.se>
Date: Fri, 03 Jun 2011 22:26:35 -0400
X-Google-Sender-Auth: S4NTtbQHB1EWoGvhKbj4B7ZzIx4
Message-ID: <BANLkTikqeHdq15P7yC1A6owtrKGBWQsKkQ@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Uma Chunduri <uma.chunduri@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "sidr@ietf.org" <sidr@ietf.org>, Sandra Murphy <Sandra.Murphy@sparta.com>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>
Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2011 02:26:38 -0000

On Fri, Jun 3, 2011 at 10:15 PM, Uma Chunduri <uma.chunduri@ericsson.com> wrote:
>
>
> -----Original Message-----
> From: christopher.morrow@gmail.com [mailto:christopher.morrow@gmail.com] On Behalf Of Christopher Morrow
> Sent: Friday, June 03, 2011 6:11 PM
> To: Uma Chunduri
> Cc: Sandra Murphy; stephen.farrell@cs.tcd.ie; sidr@ietf.org
> Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
>
> On Fri, Jun 3, 2011 at 5:28 PM, Uma Chunduri <uma.chunduri@ericsson.com> wrote:
>>
>>
>> -----Original Message-----
>> From: Sandra Murphy [mailto:Sandra.Murphy@sparta.com]
>> Sent: Friday, June 03, 2011 1:43 PM
>> To: Uma Chunduri
>> Cc: sidr@ietf.org; Sean Turner; stephen.farrell@cs.tcd.ie
>> Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
>>
>>
>> On Fri, 3 Jun 2011, Uma Chunduri wrote:
>>
>>>
>>>
>> ....
>>
>>>
>>> True, privacy through SSH is overkill but strong AUTH is *critical*, I feel:
>>>   - TCP-MD5 should not be considered (as it is any ways deprecated
>>> and it's MD5)
>>>   - TCP-AO has only slight advantage as it has less overhead than
>>> ipsec-AH even when
>>>     deployed with manual keys
>>>   - but it's better if it is "MUST support authentication of nodes
>>> with TCP-AO or ipsec-AH" because
>>
>> Just to be sure:
>>
>> Did you understand the part about implementations of TCP-AO and ipsec-AH not being available at present?
>>
>> I.e., you recognize this forces a delay in implementation of the protocol (and accept the consequent impact on deployment of the RPKI)?
>>
>> [Uma] Yes, I did. Even though operators don't like  ipsec-AH today, it
>> is still deployed for OSPFv3 protection as that (of course now there are other drafts to mitigate complexity with reasonable trade-off).
>>
>
> So, speaking as just another guy on the bus here... it's not about 'dont like it' it's about "THE CODE ON THE ROUTER DOES NOT DO IPSEC"
>
> Keep in mind that a router is not a generic CPU + intel ethernet PCI card, and often the OS on it is optomized for a particular duty, in large iron routers it's NOT ipsec.
>
>> Problem with MD5 is, it can present the *weakest* link for the whole RPKI infa.
>> At least new infrastructure like RPKI should avoid deprecated  stuff.
>
> exactly how is MD5 the weakest link here? some particular words about the threat model + ability to subvert a running session which ships a few megabytes/minute around would be in order here.
>
> [Uma]
>
> 1. Wang, X., H. Yu, "How to break MD5 and other hash
>             functions", Proc. IACR Eurocrypt 2005, Denmark

depends on creating 2 items to hash I believe?  shows that if you do
the right thing for 2 very large items you create you can get a
collision in some instances. not picking random bits off the wire, not
relevant, move on.

> 2. RFC 4270

talks about the above, not relevant.

>
> 3. long back even OSPF, ISIS etc.. moved away from MD5

fear, uncertainty, doubt.

we aren't talking about a permanent use of md5, we're talking about:
Use something that provides authentication/assurance NOW so we can
move forward, knowing full well we'll change to the better/required
solution when it's available in the right places.

There's not a single AO implementation available today... it's DOA
until there is. (frankly it's kind of a failure that there aren't
widely deployed implementations of this... given all the time to
invent it and all)

> 4. ...
>
> For that matter SHA1 is getting deprecated http://securitymusings.com/article/1587/algorithm-and-key-length-deprecation
>

again, not relevant.

please find something relevant that's not just fear mongering. Or,
alternately, find implementations of AO in the servers and routers
that matter. (if there are AO implementations w00t! we all win, until
then we spin)

-chris
<regular guy socks==on>

>
> Getting public keys from a server with a  deprecated auth mechanism to verify RSA signature?
> it's obscure..and not sure why it's not considered weak.
> Well, one can still use and design systems around this if this is still seen adequate.
>
> -Uma
>
>
>
>
> -chris
> <just a guy>
>
>> -Uma
>>
>>
>> --Sandy, speaking as wg co-chair
>>
>>
>>>     as both support
>>>           - strong auth algos
>>>           - algo agility
>>>           - can be deployed with manual and auto key management
>>>            (auto key probably required eventually, once with lot of
>>> connections at
>>>             cache/global RPKI/server side and for automatic key
>>>             changes periodically)
>>>           - key changes for existing sessions
>>>
>>>    One would get flexibility with this.
>>>    Also Section 7 (page 16)
>>>    "It is assumed that the router and cache have exchanged keys out of band by some reasonably secured means"
>>>    This will be still applicable but only if TCP-AO/ipsce-AH are deployed with manual keys.
>>>
>>> 2 cents,
>>> -Uma
>>>
>>>
>>> _______________________________________________
>>> sidr mailing list
>>> sidr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sidr
>>>
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
>>
>

v2.23.0 | Report a Bug | By Email