IETF Logo Mail Archive

Re: [sidr] New Version: draft-ietf-sidr-bgpsec-protocol-12

Matthew Lepinski <mlepinski.ietf@gmail.com> Fri, 24 July 2015 05:31 UTC

Return-Path: <mlepinski.ietf@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 698021B2DDD for <sidr@ietfa.amsl.com>; Thu, 23 Jul 2015 22:31:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4jOGq-7bQ_5e for <sidr@ietfa.amsl.com>; Thu, 23 Jul 2015 22:31:15 -0700 (PDT)
Received: from mail-ob0-x22a.google.com (mail-ob0-x22a.google.com [IPv6:2607:f8b0:4003:c01::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41F741ACE2B for <sidr@ietf.org>; Thu, 23 Jul 2015 22:31:15 -0700 (PDT)
Received: by obdeg2 with SMTP id eg2so10328569obd.0 for <sidr@ietf.org>; Thu, 23 Jul 2015 22:31:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XQ3lvkQ83LTPJrEezRW3hHV6Q+n9c6ij/2054J3AocU=; b=TixDeY/w3/Vzc562w0gzCbVaefCvo0VC44ih9nvPVRUktdeDNgLuxaQ9S178tWFCbh eps7qV5QRWHuxBMFhDo1RiNbw9H0k2CYjRL3ak66iSo0nG0LNesiPiiJtFOH0/zYc6dS MFaGqSDeAvpa7knyMgRh8P9nBwUmlaiTNCybWMsWLvJJfmQ9SOyeyC7H5QCA13vXJR4M vZMzE5EiWGabvDi6VsOMFCIF76VJ6GL0tQPBx+oio0dwespQm+pHF5XzbGIP456e5Sbr c+OKBJ9SY5sr69t6MnDvqqU/3OB4+kMRjHXoVEFEt6lGoCxypE81fGnrKiBKCUpw5Hkw 269g==
MIME-Version: 1.0
X-Received: by 10.60.33.74 with SMTP id p10mr13691717oei.62.1437715874713; Thu, 23 Jul 2015 22:31:14 -0700 (PDT)
Received: by 10.202.201.86 with HTTP; Thu, 23 Jul 2015 22:31:14 -0700 (PDT)
In-Reply-To: <D1C58D87.5BEAC%wesley.george@twcable.com>
References: <CANTg3aBO=jb01DYcT3YPU305-nUpSmdSzF3GiG4ia1FP7r9H1w@mail.gmail.com> <D1C58D87.5BEAC%wesley.george@twcable.com>
Date: Fri, 24 Jul 2015 01:31:14 -0400
Message-ID: <CANTg3aBrL8-k2sYP3rmt5YwGQBae=GSvQXd1KFA+Ny9SReTzKA@mail.gmail.com>
From: Matthew Lepinski <mlepinski.ietf@gmail.com>
To: "George, Wes" <wesley.george@twcable.com>
Content-Type: multipart/alternative; boundary="089e0115eef8001921051b985088"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/gj33_yRM0zlzdS_FMNqELsvgdOE>
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] New Version: draft-ietf-sidr-bgpsec-protocol-12
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2015 05:31:18 -0000

Wes,

Sorry for the delay. I completely agree with you that the text in 7.1 could
be more clear. I appreciate your suggested change and I am happy to issue a
quick revision to clarify this issue.

With regards to the validation algorithm (Section 5.2), I am not convinced
there is a problem. The document currently states (at the beginning of 5.2
on page 26) that implements must have the same input/output behavior as the
validation algorithm in the document. That is, my interpretation of the
current text is that we don't want to mandate any particular algorithm (or
rule out any potential implementation-specific optimizations), but we want
every implementation to return "Valid" on the same inputs as any other
implementation. I believe this means that implementations are free to
"skip-out" after a failed signature verification or not as they see fit
[and still be compliant with the spec either way].

That being said, I agree with you that from the point of view of a
denial-of-service prevention, that we should be recommending that
implementations "Skip out" after a failed signature verification. When I
read the text in "Step III" on page 29 within Section 5.2, I interpret that
text as indicating that implementations should skip the remaining
signatures once they get a failed signature verification. If you interpret
that text differently, please let me know, but in my reading of the
document, I understand the 5.2 algorithm as saying implementations should
"skip out" when a signature is bad.

- Matt Lepinski

On Fri, Jul 10, 2015 at 3:08 PM, George, Wes <wesley.george@twcable.com>
wrote:

>  Matt -
>
>  I finally got a chance to review the updates you put in for –12 and 13.
> It has addressed most of the concerns I raised. Only thing I see missing is
> this comment from my previous review.
>
>  Section 5.2 - elsewhere in the document (7.3), you note that validation
> should stop when an invalid signature is found. However, I see no mention
> of that in the actual validation algorithm. That seems like good practice
> even if there isn't a long chain of signatures to validate.
> Additionally, 7.1's text "Thus, a BGPsec speaker MUST completely validate
> all BGPsec update messages received from external peers." seems to
> conflict with this recommendation because it says "completely". I think
> it's a wording problem, i.e. We're not saying you MUST validate the
> *entire* update, but rather you must validate ALL updates that you
> *receive* until you encounter an invalid signature within a given update,
> in which case you can stop and move to the next update.
>
>
>  Thanks,
>
>
>
> Wes
>
>
>
>   From: sidr <sidr-bounces@ietf.org> on behalf of Matthew Lepinski <
> mlepinski.ietf@gmail.com>
> Date: Monday, June 15, 2015 at 12:41 AM
> To: "sidr@ietf.org" <sidr@ietf.org>
> Subject: [sidr] New Version: draft-ietf-sidr-bgpsec-protocol-12
>
>  I have submitted a new version of the BGPsec protocol specification.
>
>  This version includes some minor fixes as well as all of the changes
> discussed at IETF 92. (Minutes can be found here --
> http://www.ietf.org/proceedings/92/minutes/minutes-92-sidr) I believe
> that all open issues with this document have been addressed.
>
>  The only normative changes in the -12 version are the following:
> -- BGPsec speakers MUST support the multi-protocol extension (RFC 4760)
> -- BGPsec now signs the entire MP_REACH_NLRI attribute. (Recall that there
> was an error previously where the AFI was not protected under the signature)
>
>  I believe that this document is now ready to ship to the IESG. If you
> disagree, please let me know what still needs to be addressed.
>
>  - Matt Lepinski
>
> ------------------------------
> This E-mail and any of its attachments may contain Time Warner Cable
> proprietary information, which is privileged, confidential, or subject to
> copyright belonging to Time Warner Cable. This E-mail is intended solely
> for the use of the individual or entity to which it is addressed. If you
> are not the intended recipient of this E-mail, you are hereby notified that
> any dissemination, distribution, copying, or action taken in relation to
> the contents of and attachments to this E-mail is strictly prohibited and
> may be unlawful. If you have received this E-mail in error, please notify
> the sender immediately and permanently delete the original and any copy of
> this E-mail and any printout.
>

v2.23.0 | Report a Bug | By Email