Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
Rob Austein <sra@isc.org> Sun, 17 July 2011 23:40 UTC
Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0641C21F877F for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 16:40:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.614
X-Spam-Level:
X-Spam-Status: No, score=-100.614 tagged_above=-999 required=5 tests=[AWL=-0.662, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7qfMJC4ja282 for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 16:40:30 -0700 (PDT)
Received: from adrilankha.hactrn.net (adrilankha.hactrn.net [IPv6:2001:418:1::19]) by ietfa.amsl.com (Postfix) with ESMTP id 6BC6621F8779 for <sidr@ietf.org>; Sun, 17 Jul 2011 16:40:30 -0700 (PDT)
Received: from minas-ithil.hactrn.net (c-66-30-16-106.hsd1.ma.comcast.net [66.30.16.106]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (verified OK)) by adrilankha.hactrn.net (Postfix) with ESMTPS id 792F8B85A; Sun, 17 Jul 2011 23:40:29 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [127.0.0.1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id CA86F31DA93; Sun, 17 Jul 2011 19:40:28 -0400 (EDT)
Date: Sun, 17 Jul 2011 19:40:28 -0400
From: Rob Austein <sra@isc.org>
To: Geoff Huston <gih@apnic.net>
In-Reply-To: <F3747D13-2885-4DBE-8B86-DAE1C61D75CA@apnic.net>
References: <4E209AC9.5040808@cisco.com> <20110717145323.6460631BDB0@minas-ithil.hactrn.net> <F3747D13-2885-4DBE-8B86-DAE1C61D75CA@apnic.net>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20110717234028.CA86F31DA93@minas-ithil.hactrn.net>
Cc: draft-ietf-sidr-repos-struct@tools.ietf.org, sidr@ietf.org, sidr-chairs@tools.ietf.org
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jul 2011 23:40:31 -0000
At Mon, 18 Jul 2011 07:41:40 +1000, Geoff Huston wrote: > On 18/07/2011, at 12:53 AM, Rob Austein wrote: > > But wouldn't the CMS (and ASN.1 for that matter) effectively tell > the RP what the object was intended to be? As I said: "attempt to decode every object in various ways to see which (if any) worked". Not all objects are CMS. The outermost layers of ASN.1 on most of them are sequences of sequences of blah blah blah. Yes, if one peers at these things long enough it becomes obvious what they are, assuming no encoding errors, but it's not like there's a trivial tag in each one saying "this an X.509 certificate", "this is a CMS object", or "this is a CRL". > It strikes me that the file name extension is a bit of syntactic > sugar rather than an essential and necessary component, so I'm > curious to understand what has changed in this particular PKI that > makes the filename extension such a necessary attribute. Most PKIs aren't deep trees distributed over an arbitrarily large number of distinct servers and directories, in most cases one knows exactly what an object purports to be when one attempts to validate it, and in most cases one is not attempting to validate tens of thousands of objects at once. > If this is the case would a rogue CA be able to mount an effective > DOS attack for all RPs by deliberately mis-naming objects? No. The names are hints as to the intended decoding. If the encoding doesn't match the hint, the decode fails pretty quickly. The difference here is that the RP tries exactly one decode, and if that doesn't work, the object is toast. A MITM attack on rsync could of course whack the filenames, but it could also corrupt the objects themselves, with pretty much the same effect, so it's not a new threat.
- [sidr] draft-ietf-sidr-repos-struct to Standards … Stewart Bryant
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Andrew Chi
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… t.petch
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… t.petch
- [sidr] draft-ietf-sidr-repos-struct - Track Stewart Bryant