[sidr] Gen-ART review of draft-ietf-sidr-bgpsec-threats-07
"Black, David" <david.black@emc.com> Wed, 09 October 2013 16:30 UTC
Return-Path: <david.black@emc.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3C1F21F99F0; Wed, 9 Oct 2013 09:30:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6qSQ5CTFo2c1; Wed, 9 Oct 2013 09:30:40 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id E744421F880F; Wed, 9 Oct 2013 09:28:27 -0700 (PDT)
Received: from maildlpprd02.lss.emc.com (maildlpprd02.lss.emc.com [10.253.24.34]) by mailuogwprd04.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r99GRsQn003031 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Oct 2013 12:27:55 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com r99GRsQn003031
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1381336075; bh=GKyJC2XbFKRMKdRcyRsXRTllMz8=; h=From:To:CC:Date:Subject:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=JNPjmDwK8flzFwELo6wTtVT2xPYUONpTNQO3teab5MSVZN+TrdOeoiL9QeVApPrNx 0Pgs4k1S0tEycCSmVYQTDnSrbVsjUoSZM0JJxnVcMFLKT47+d+3bnuelYaIhwmfUCn olRyNfJDjjAR9hCoo1Is988mz265/aT1CipCIKXc=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com r99GRsQn003031
Received: from mailusrhubprd02.lss.emc.com (mailusrhubprd02.lss.emc.com [10.253.24.20]) by maildlpprd02.lss.emc.com (RSA Interceptor); Wed, 9 Oct 2013 12:27:46 -0400
Received: from mxhub30.corp.emc.com (mxhub30.corp.emc.com [128.222.70.170]) by mailusrhubprd02.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r99GRjwl030080 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 9 Oct 2013 12:27:46 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub30.corp.emc.com ([128.222.70.170]) with mapi; Wed, 9 Oct 2013 12:27:46 -0400
From: "Black, David" <david.black@emc.com>
To: "kent@bbn.com" <kent@bbn.com>, "achi@cs.unc.edu" <achi@cs.unc.edu>, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>
Date: Wed, 09 Oct 2013 12:27:44 -0400
Thread-Topic: Gen-ART review of draft-ietf-sidr-bgpsec-threats-07
Thread-Index: Ac7FDHoXTpnzCWzcRRiztQCbALnpTw==
Message-ID: <8D3D17ACE214DC429325B2B98F3AE712025DCE24E0@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd02.lss.emc.com
X-EMM-GWVC: 1
X-EMM-McAfeeVC: 1
X-RSA-Classifications: public
Cc: "sidr@ietf.org" <sidr@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: [sidr] Gen-ART review of draft-ietf-sidr-bgpsec-threats-07
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 16:30:45 -0000
After discussion with the authors, the -07 version of this draft resolves the two issues in the Gen-ART review of the -06 version. In summary: - Text has been added to explain the relationship of the PATHSEC and BGPsec terms. - Citations have been added to the RFCs that explain the RPKI RP caching requirements. Thanks, --David > -----Original Message----- > From: Black, David > Sent: Monday, September 23, 2013 8:25 PM > To: kent@bbn.com; achi@cs.unc.edu; General Area Review Team (gen-art@ietf.org) > Cc: Black, David; stbryant@cisco.com; ietf@ietf.org; sidr@ietf.org > Subject: Gen-ART review of draft-ietf-sidr-bgpsec-threats-06 > > I am the assigned Gen-ART reviewer for this draft. For background on > Gen-ART, please see the FAQ at > < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > > Please wait for direction from your document shepherd > or AD before posting a new version of the draft. > > Document: draft-ietf-sidr-bgpsec-threats-06 > Reviewer: David L. Black > Review Date: September 23, 2012 > IETF LC End Date: September 23, 2012 > > Summary: This draft is on the right track, but has open issues > described in the review. > > This draft describes the threat model for BGP Path Security. The > draft generally reads well, but does contain quite a bit of serious > security analysis of an important routing protocol and hence requires > both security and routing expertise to fully understand. > > Major issue: > > This draft contains more than just a threat model. It also contains > a high level security analysis of the security architecture/approach > that applies the RPKI to secure use of BGP. That analysis appears to > be good, but it's somehow disconnected from the rest of the sidr WG's > work, by what I hope is simply a terminology problem: > - This draft refers to the security architecture/approach for > BGP as PATHSEC. > - Many of the other sidr WG draft refer to that security as > BGPsec > In effect, the PATHSEC security architecture/approach appears to be > implicit in this draft. > > Something's missing - if those two terms were meant to be the same, > BGPsec should probably be used in this draft, otherwise, the relationship > should be described. I've tagged this as a major issue, as it makes > text like the following in Section 4.2 rather unclear: > > Stale Path Announcement: If PATHSEC-secured announcements can > expire, such an announcement may be propagated with PATHSEC data > that is "expired". This behavior would violate the PATHSEC goals > and is considered a type of replay attack. > > What is "PATHSEC data"? What are "the PATHSEC goals"? The statement > in the abstract that " We use the term PATHSEC to refer to any BGP > path security technology that makes use of the RPKI" doesn't seem to > answer these questions. > > Minor Issue: > > Section 4.4 seems somewhat loose on caching by RPs, considering the > importance of that caching in countering a number of the attacks described > in that section - in multiple cases, RP detection of an attack relies > upon the RP noticing that something has changed at the publication point > wrt the RP's cached copy in a fashion that should not have happened. > > Statements such as "the RPKI calls for RPs to cache" and "RPs are > expected to make use of local caches" strike me as a weak foundation > for the level of security dependence on that caching. A pointer to a > SHOULD or MUST requirement for caching by RPKI RPs in another document > would alleviate this concern; surely that language exists somewhere. > > Nits/editorial comments: > > Also in Section 4.4: > > (The RP would be very unhappy if > there is no CRL for the CA instance anyway.) > > Please rewrite to describe how the RP reacts to failure to find a CRL > - the RP surely does something in addition to becoming "very unhappy" ;-). > Some of that may already be in the sentence immediately following the > "very unhappy" text. > > idnits 2.12.17 complains about a missing reference: > > == Missing Reference: 'TCPMD5' is mentioned on line 114, but not defined > > That citation is embedded in a quote from RFC 4272, nonetheless, [TCPMD5] > should be informatively referenced here - it was RFC 2385, which has been > obsoleted by RFC 5925, which is referenced here. The fact that RFC 2385 > is obsolete will generate a different idnits warning, which is ok to ignore. > > Thanks, > --David > ---------------------------------------------------- > David L. Black, Distinguished Engineer > EMC Corporation, 176 South St., Hopkinton, MA 01748 > +1 (508) 293-7953 FAX: +1 (508) 293-7786 > david.black@emc.com Mobile: +1 (978) 394-7754 > ---------------------------------------------------- >
- [sidr] Gen-ART review of draft-ietf-sidr-bgpsec-t… Black, David