IETF Logo Mail Archive

Re: [sidr] Stephen Farrell's Discuss on draft-ietf-sidr-bgpsec-protocol-21: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 04 January 2017 21:45 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEEA31296F7; Wed, 4 Jan 2017 13:45:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.401
X-Spam-Level:
X-Spam-Status: No, score=-7.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qs8mbNz-nsml; Wed, 4 Jan 2017 13:45:24 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A29BF12941E; Wed, 4 Jan 2017 13:45:23 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 39C9CBE39; Wed, 4 Jan 2017 21:45:21 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id otHnNzDmSizR; Wed, 4 Jan 2017 21:45:19 +0000 (GMT)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 9B597BE38; Wed, 4 Jan 2017 21:45:18 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1483566319; bh=XbQ4IQ/DDwq4xIA9i+B87NvqgLR7vHnhZ+Hdey0N+BM=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=kvYb6FtLgohMhqKO63t+l3GdHldnNUcK7OVY6b2IQW9N/qbjwQ61lpZB61mwe6yTu vgOAAjQAGqK5qhFX2RIar7JD2I6H+b9i9J5wS1dt/10hkefi1civ0BU0QlJw06odAB eiorzY5uezrCC4klJACuJKoTL7RzEy95LL3Zo8+Q=
To: "Montgomery, Douglas (Fed)" <dougm@nist.gov>, Russ Housley <housley@vigilsec.com>
References: <148353798879.13011.5291414579598073386.idtracker@ietfa.amsl.com> <B659D894-672F-4059-A001-5C4D1D602470@vigilsec.com> <3ae7d707-3229-2508-7aeb-2cd617aa97fd@cs.tcd.ie> <D492BBD6.6F422%dougm@nist.gov> <f306df7c-06a0-0662-93f4-5cb984a8eb0e@cs.tcd.ie> <D492D3B6.6F4BE%dougm@nist.gov>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <f1c2f28f-c889-ee6d-e670-e8f977492946@cs.tcd.ie>
Date: Wed, 04 Jan 2017 21:45:18 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <D492D3B6.6F4BE%dougm@nist.gov>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms080702040900010903040100"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/oI_25NC84j1RUM35Bm4sI5r0F-I>
Cc: IESG <iesg@ietf.org>, IETF SIDR <sidr@ietf.org>
Subject: Re: [sidr] Stephen Farrell's Discuss on draft-ietf-sidr-bgpsec-protocol-21: (with DISCUSS and COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2017 21:45:27 -0000

Hiya,

On 04/01/17 21:39, Montgomery, Douglas (Fed) wrote:
> The RPKI validating caches *are* the relaying parties for BGPsec, they are
> (a) designed to be run on a separate box than the router itself and (b)
> their behavior WRT exchanges with RPKI repositories is independent of BGP
> message processing by any of the routers that they serve.

Sure. That makes sense. But where's it stated for BGPsec that
the RP ought act that way?

Cheers,
S.

> 
> Maybe the first few sections of https://tools.ietf.org/html/rfc6810 would
> make that point better than my mumblings.
> 
> e.g., For various research / measurement reasons we run 3 different
> validating caches that don’t serve a single BGP router.   Their exchanges
> with the repositories are no different than if they served a DFZ BGP
> router.
> 
> Dougm
> 
> 
> 
> — 
> Doug Montgomery, Mgr Internet & Scalable Systems Research at  NIST/ITL/ANTD
> 
> 
> 
> 
> 
> On 1/4/17, 3:48 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
> 
>>
>> Hiya,
>>
>> On 04/01/17 20:00, Montgomery, Douglas (Fed) wrote:
>>> Stephen,
>>>
>>> If I understand your question, I don’t think one can infer anything
>>> about
>>> the BGP feeds or route selection processes of an AS based upon the
>>> traffic
>>> a validating cache sends to RPKI repositories.
>>
>> Is that the same traffic a BGPsec relying party sends?
>>
>> I can imagine that it might or might not be, but don't
>> recall the BGPsec spec saying.
>>
>> If, in fact, it isn't possible to infer which ASes are
>> likely to be used from the traffic emitted by an RP
>> for PKI purposes, then yes, this discuss point goes
>> away. (I think:-)
>>
>> Cheers,
>> S.
>>
>>>
>>> The design of RPKI validating caches (and all implementations that I
>>> know
>>> of) prefetch and validate RPKI objects independent of BGP traffic
>>> processing.   That is, they are background processing the entire RPKI,
>>> and
>>> are not event driven by BGP traffic.  As a matter of fact, the RPKI
>>> validating cache’s are typically on systems that have no reason to
>>> implement BGP at all.
>>>
>>> Also the RPKI-to-Rtr protocol between the cache and router is batch
>>> driven
>>> (roughly) by the validation process, not BGP event driven.
>>>
>>> I.e., the RPKI traffic to a validating cache in an AS with no BGP feeds
>>> and one with full BGP feeds is the same, and both independent of BGP
>>> event
>>> processing.
>>>
>>> If that was not the supposition of your question … please ignore.
>>> dougm
>>>
>>>
>>>
>>>
>>> — 
>>> Doug Montgomery, Mgr Internet & Scalable Systems Research at
>>> NIST/ITL/ANTD
>>>
>>>
>>>
>>>
>>>
>>> On 1/4/17, 2:33 PM, "sidr on behalf of Stephen Farrell"
>>> <sidr-bounces@ietf.org on behalf of stephen.farrell@cs.tcd.ie> wrote:
>>>
>>>>
>>>>
>>>> On 04/01/17 19:24, Russ Housley wrote:
>>>>>
>>>>>>
>>>>>> ----------------------------------------------------------------------
>>>>>>
>>>>>>
>>>> DISCUSS:
>>>>>>
>>>>>> ----------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>>
>>>> I have a couple of fairly straightforward things I'd
>>>>>> like to briefly discuss...
>>>>>>
>>>>>> [snip]
>>>>>>
>>>>>> (3) section 8: Is there a potential exposure here in that a relying
>>>>>> party who emits e.g.  certificate status checks or cert retrieval
>>>>>> queries for an RPKI cert they've not previously seen is exposing
>>>>>> something about the set of paths its traffic is likely to follow.
>>>>>> (This is similar to why we have OCSP stapling in the web.) IIRC the
>>>>>> RPKI specs may cover this but I suspect it'd be worth noting here
>>>>>> as well even if so as this represents exposing something about BGP
>>>>>> announcement content to off-path parties which I think is new for
>>>>>> BGP. Is that a new thing for BGP? (I think the new aspect to the
>>>>>> attack is that a bad actor who has already compromised some AS
>>>>>> could more easily spot that traffic from the relying party's AS is
>>>>>> likely to transit the compromised AS.)
>>>>>
>>>>> I am not sure what you mean by a "compromised AS,” but it may not
>>>>> matters …
>>>>
>>>> More or less if traffic to/from ASxxxx is visible to an
>>>> attacker and/or can be modified by an attacker. That could
>>>> be due to collusion between the AS and an attacker for
>>>> example, or because an attacker has compromised some routers
>>>> within a transit AS.
>>>>
>>>>>
>>>>> If a link goes down,
>>>>
>>>> I'm not sure this is only if a link goes down. I'd guess the same
>>>> risk would exist when any BGPsec path is first seen at a relying
>>>> party and where that RP doesn't have all the necessary RPKI stuff
>>>> cached before signature validation.
>>>>
>>>> . and that causes an alternative path to be
>>>>> selected, that forces the validation a new path which might involve a
>>>>> previously unvalidated AS.  If an OCSP responder or repository that
>>>>> provides RPKI objects is contacted as part of that validation, then
>>>>> some external entities can detect that something is changing.  That
>>>>> is, stuff not normally validated because it is associated with a
>>>>> unselected path gets fetched.
>>>>
>>>> Right. Sorry to not be clearer on what might become visible to
>>>> the network outside the RP's AS - I'm afraid I just don't have all
>>>> the RPKI details in my head;-)
>>>>
>>>>>
>>>>> That said, the NOC could fetch a snapshot of the RPKI, then the
>>>>> exposure of the switch to a new path can be limited to that AS.  This
>>>>> assumes that the snapshot uses CRLs, which seems like a very
>>>>> reasonable choice in the RPKI.
>>>>
>>>> Right, I think all that'd be needed for this would be to ack that
>>>> there's this (normally fairly minor) new risk and that you can
>>>> avoid it if you pre-fetch enough stuff. (As a separate question,
>>>> I wonder if the amount of stuff involved in the RPKI is such that
>>>> it'd be fairly easy to pre-fetch it all frequently enough to
>>>> nearly never hit this problem.)
>>>>
>>>> Cheers,
>>>> S.
>>>>
>>>>>
>>>>> Russ
>>>>>
>>>>
>>>
>>
>

v2.23.0 | Report a Bug | By Email