IETF Logo Mail Archive

Re: [sidr] AD Review of sidr-origin-validation-signaling-09

"John G. Scudder" <jgs@juniper.net> Wed, 30 November 2016 01:24 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69681129D1A; Tue, 29 Nov 2016 17:24:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnp0YcAf2nhQ; Tue, 29 Nov 2016 17:24:07 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0105.outbound.protection.outlook.com [104.47.37.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C10A6129D15; Tue, 29 Nov 2016 17:24:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GNUsqBZG9kamukSRaMNnl0J7xG91YKPt3arPrHk8KD8=; b=TgODJyOgekqyfrS/cRff7RQFEEdBAOCVuM/aa5nFzoU8JNtxefysSb6rLfsJGiDNcH3OHNqEeZVgctqSQYonPOLp4kgz3nU5ijR/XS5QARQghLTS+pue6HoSSJtj1Q+j2ija394fVEIag/+uQW4nBqjZB/wJSo2kSGYdhivtvIY=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=jgs@juniper.net;
Received: from [172.29.33.83] (66.129.241.12) by CY1PR05MB2506.namprd05.prod.outlook.com (10.167.10.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.761.5; Wed, 30 Nov 2016 01:24:01 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: "John G. Scudder" <jgs@juniper.net>
In-Reply-To: <88A45E79-880B-4F82-9FAA-80C05627A49F@cisco.com>
Date: Tue, 29 Nov 2016 20:23:55 -0500
Content-Transfer-Encoding: quoted-printable
Message-ID: <917E9000-8F1F-4E4F-BDEC-767E3510A71A@juniper.net>
References: <88A45E79-880B-4F82-9FAA-80C05627A49F@cisco.com>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
X-Mailer: Apple Mail (2.3124)
X-Originating-IP: [66.129.241.12]
X-ClientProxiedBy: BN6PR01CA0060.prod.exchangelabs.com (10.172.194.150) To CY1PR05MB2506.namprd05.prod.outlook.com (10.167.10.27)
X-MS-Office365-Filtering-Correlation-Id: 9cc54c2e-7915-4e47-acbd-08d418bf9167
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY1PR05MB2506;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2506; 3:/d+87Xpf2nNdT+/BB6uYj5Wt/S0oVJlPAlvtkHUHl1LNPHq0SiIJiauOzChrn/5BB/Vvrh7IWOxJqx9p3ndKETNKKd2czFkKPT8lU0A6Z0D5NNqqF2m29CGyIS0OVRuFWCciiSc3GKL2eAystl/Mb0W18/xCjROnrWtCu1rqCBnHKGKQHckRfC7UL7QkYOaySYGuNu2J1tT9kDdVxGshEepfnwpHYy5RfjMFmZvJyg2dOqPx+gVQZS97Bi9jllTQ/eXlHeYZeVUVr+Bi6G420Q==
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2506; 25:dwPJtVC97PhPEd11l0kV/oBTFpmgonnleNCW+soJjB7c0/PJcZMXQ240TaNYQSPCUwD4+64niHoi6Po6DMK7lTmF5ZfOyG+kkdsRM+Al0ElfJfZzXDHvfHWZRfv2dNMvARSzomE2pV6XNfp6qKO4B5wYkYe5b1yleHTBT4fjHTl1xTBgvuVGZZjgCimepuoiQq40sEMzMM+NGeQK/Dium7+6TwiyxDNdNAmbJfo2lhO6lyAJeZu1X3ums2jBFCIoDG1Hsk6GakuppT1g5/k7hqg3ckYfAcCygQhcPyGR8OtcGQJFh5QsU28WB4aUrrQhI907pANTJinlsfAiuvO7nmriUdJEWA8Z+7lPgg4UPSgL6PhiVIztzNnTBvzmtj7gi4xcJC60oGVyzki5n09monM4vdXsQCpURtdF6P97aiumVQlGp9PMUbkPe6HZnPnjQQU3N1Z2bgQyL60LOhpV2/j+KHr7z12VqgCV+jRG3IIxfeYUw2HrfGW+VbmQzFuPw6VcIeale8sZWVzExaOnGIbFL2CWwwZbrhSGGpdd1u1T79AbUVZdREt2o5Ibv0VbANVbZssWejpsdWLrPXTNbzBtPYpMAplCacVxw7UKwM/OQwT6kYtq5lvog0ShHqFp/bhlLBSuDscR/K5oFBmXVF2d7eCUCc0hV9VwRDCzEUESNlNd6pkc/FtY+FWYAghMPv8lSEdDhVERI/KJApepKGlHfALPPBGMak7GcMH4EdaQ1A6ohH8TjDy8jcJHmHXgf1XYZb6auk+YQSNxT215WbSB0cHNgSVnB2kEjkf6WJQ=
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2506; 31:YhNFEPtGvsZDPXVYOdFnXXc0LE/Fgovg3SZuXf8wHFApKnntSd5Zxlh0WC2wMgxOstSN4x1jCTSnYPjKMah+Tz0/Zc31vZ6wdVXmIFEmFBzHmg0rmmlzNJrRe0m1zh2zrBvM/Jo/O+VeYVxZGkFL6z7WU3wOAPmgL7nEN7rfBu7bRzE6v4ifJ1w+n/W2mKOk7htp7aleg/5a0DuF1b7drlJnB9qHF1b0fire26KDJ7dOG5AoYIzSbpLzusmpsxGh6vYgw16VWrRBwMRiJF4DAk8RejedFp8uqTNEZoo5BzE=; 20:9QIzTjqM5cQPWtBevzUVFvpN44kAzM5LaUnVY+QwgzTpzXoFAsXuBx3CxrhdohQS5R67rAOAjwRG/WW6W2OYFPUxY0zh5cWVqAihrEHYzlt/hlOyqyf9Sy863ldcaMIjWB37YtqayP2RNdMZ4qc1ZeThl1hilj8CzHVh51fujBSPWuL8cvA0vBfkhL4Q+Y9pSLt6hRM4NiTLCtjwy1ycU4oREXJoaxtn9oaQ+Q/cdTqQO3oExBYmvVFHTwgBXzI7qMAklWI962HfPYWOP5NIiC5FzgypI7VlHjkDXgAmGu+Xu1B/lJgpCVx6M1ti5AfNuPhJqc9ZO2Yu86k2kmltLLKXEfKaGPZ5n+MTLo3YeoQJDwxPkPrYZnH+5s7Hk1+yaVYCBmWB/n1X/BisSX29BiGMisHgO8/iGHnnLpzzpCnIpX5ol6+gSLyxnUFhGk9MFzXKiwR0IVCsUh5yrVbO425YD4gBqZVGFKbHmdywat795/iCPSW18yAU4VHgtcXRQsRwksoC2uwqHYZW37xkEPbEvzfy6VtUL8fvG6kkFNIVMYLyLveUlEjACvicTUbUtGdKfn9eIkWMB+9tNL6TyLl5tifNYDorySWFOgUJtao=
X-Microsoft-Antispam-PRVS: <CY1PR05MB25065E962BDADB4A6EF524C9AA8C0@CY1PR05MB2506.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(95692535739014);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123560025)(20161123555025)(20161123564025)(6072148); SRVR:CY1PR05MB2506; BCL:0; PCL:0; RULEID:; SRVR:CY1PR05MB2506;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2506; 4:YJr4B0SMvt+u4o7CBWW3l37odOvvNpPGVvX8VxNFA2IDkjcuy5S/J+yiNReOXzNRHo+75krgOFjrMO9MQIwD/BlTHsfu9rzv17alFWpI4IMCqHa7Dcw+pgvI8GUfhmFB9t9R0zfxnt0e3z6JKcQCmSqCvrGELdO5K4vKo6e8J2tOhRAsnZmrUVTdKQFDGcgMVwhYpEVpIAfgF6WtTyZ8fzbFcVjUeDcVVXIGvcyRIGBedKEBByKJHRvhja73ihCZ6RmZ/TJ5tnP0u4Dw3tqPUO1vwXnHJc4rCClP6yI4od1oUXZ2l5K2GOh9Z708q+tscMgX3GeP041VgrdH0LEuGGUgDsPLcmYEZsdt5y4Vx3BlBCUwYLPWLudosEG2qtzwjX1oGr5fcvFutZx2YCiaoL4Jya6wsHBhqJW+MwpcCaPvWLa/gci0eJrdKA0HoJ/EU0c12X1cwOSmDX7WC1pDzsack+cwTFURMU68Y2xHV4RkWne8phHsH0XWKbeY+dkXfEGhXlOhpwuKMhQjeVb75FrDnrlU2o3LUbJB8lDgnUP89w6oRopXRWoBiXnvE35NE0Jolp1g7ebBY7Rwh/BeY8nioW/8mlDav07gmJIoyaTdM2j2eVqgMGQyqelgBMhZHRssddLOx0Ru3NkFCxgER0g37ki86UdGtLGStnr7GgQ=
X-Forefront-PRVS: 0142F22657
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(6049001)(7916002)(51444003)(189002)(377454003)(199003)(24454002)(5660300001)(97756001)(110136003)(106356001)(46406003)(105586002)(50986999)(66066001)(76176999)(42186005)(68736007)(7736002)(33656002)(47776003)(101416001)(230783001)(3846002)(23726003)(86362001)(7846002)(305945005)(8746002)(8676002)(36756003)(6116002)(39450400002)(733004)(50466002)(77096006)(39410400001)(6666003)(6486002)(50226002)(6916009)(2950100002)(4326007)(38730400001)(2906002)(81166006)(97736004)(82746002)(83716003)(189998001)(81156014)(229853002)(92566002)(57306001)(104396002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR05MB2506; H:[172.29.33.83]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2506; 23:Wk9sCliuHm7pLWH8pVYxNgk+viK+aCZGlSwZEO0JgmesKcIs5usTV+b7GiyrDyjybPQ7F4AtYoYmWa2oc1065BKgEJ+PR9Z8Wu8rG0UG1KYCC1PhQxdhloDBdWrmANho7fJ02xqczdXPMonwV3WDj1vMMfZQicAs8+3PLHl0IbG+iUGm9duEY1JD3tEw/SU7Abf6/AwU2HtPx+aPZcufIu2x7JLOAmfa5IYaE4hmBuZS+xYv9W1g0FmjqsE3k16oK+KBMpQ4LPz+3lt1QVIgTZBQhCcgb1B3KRwi/K7LPXngpwdOW4rcLG6T71O4p3RvgydcqIlnx7hJevWwmdqv01Y/9weAD4B2ACelOfWR63zjUwlnUG5qrQJ5hvlV/EufNU91jJ2Gn0dQlND+KDNf3HrWqfTsOlI6ObJPUbPbPVq7eV6EZT6fDvNnO+C0V8FEGqtHJzS5TJ8urewCjYzbwbDaZ2FLLv0cBJebsvdAlTkl5iYupWGoMPt8IZKhlVMEZMNRGcUrdt8r9keYKomwmNHrKeE01kM7cDSnk3BaKfW5cmX/3BSNWIurf+X5i3/vcG9ePe8JHKY0TjZdCj788Ij2pyMYwmUL6BUFG8JgVzT5IrWxIyKlUGtfo0Vu06rqVK1EwxaZwW6sKKU9lzao1LGlNUG+ceDPmHuEceuwWyuY9PZs2ZKlORtuuOcpkEnW27qt88eKcpXImzHZv6LT08TigmxHDEFGa4gDQ+I0MC7o/aphczGhhJCpaafBNqxoDN+1DTL+glxTXrieXF6V1XTTrcvVhBwauHgWkAmFp1FW8s/NgG2Yi8uoXO66d35rKjPIjC0Czql3FD2QGDHS+naIa6y1tjNSlUEB1Lb9kxH/Tbqmi6l11ch2d6VwSdj1naXBpLwO3Y/KWyLNr1hLEeiPPmNu+1OS5fTA6PmZJQqsVdPnS/jS90CiU88qkm8/MoQ9CmWohL3euWDzhl9L/EGSH0AKy36RGgfpDnfiqlk0sb3iPOEbCI7BCuO17GPynBxb7ue5789DNUpUL4UiTOiuOnRlDrQ7I1KMPxVYT/vKU/ADXpESyo9FFXH0Fxf3im8hD8Q4rH6dsKzzdojAYytEDEGFJbQG0aQxFw75hlwuzIdQgb5BafTO4ayTAdw05xh6WUYrVHzvviaR8IIC0aIyEcdn/lqiqN9CdZlFL+Gfbe3nyE7xmUB2Uyyltcj8nNu394rBL9zpXX6pCi6H3g/G7c8EBcjgPav3ICVOpHpNv9YVu5Tr81uJvBDAQ05gSiAAehOYptENBXqHSdgdtmBzCDyg8gzl/f/ICdb9yZ1gvdHLDSeaBJLAhvW/AIjEyLCQPCUHlki5bjYHKtMRArELulxBBqCyn1bHSOCSezg=
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2506; 6:hmWAnRiUUvq7jPvXy8qqHU6zuwZRvVHYvIDo1t+Y1V9qQ4XKqddfW3bef8XRFdRsXz+ZfD9qcuSQxcVLbjw8jrcfrre+K6eoSwmi8o5pCZkFCgVImIS5DSuQ26k95pHYmKfzfjdjafFnwtcPpUVINHMf4UTL+8qI5UMxGmOVmTduTKYR7ZJfCIGkRqpwldt6xMRvhX2pkszRL6quJTBH/sRxjDu4YiVIWWs6RQ0idKtCRWcYZylRABhRSYIRwskaFAv276Sflc0RmDwtqwxfDIbDzdTKBWd/B5BtmfE7kT1EwiSI5TYLR7lUlTLQ7fTTuPyNpLJAVccC5zEfPYS/vF8eWHmekfzvsudxu/9RZhv+d8EqB9H6w0GKAjBF6VV4XCM0PNjV61PfPTaw8umnj3C6O10EpkaTgqiUFFK/yontDcSrEjsHs0Z9+sL/277HcR4atrHGRLUEUALQuDmYG1jv1Bq7Z/uuEp8DkWu2Oj8=; 5:882fjJGajFAN04+uHTabynSRnVzovcIckyu1WaDKZhQFlEyLjYYRHU4C+VGl/06qGQ5HdwL7Rc7RiVo8c7cqJ4fjh2r272DV7G2jR5kAssCw78VbZnN3K1zJyUqDKhYuKcy1bX9V+UK3hIRy5hIkN5Fb156N6c0ZBm/TMijSuNc=; 24:KUpooRywu6rzRbxTBbvRX59NY204Q90pq0TfNQDgaqxGkcVvbDh7XQ0T3Ei/upganluzd7nA3ZT7+syWsGQ3/o9DZLsH45YTIdq6BZmvrdc=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2506; 7:7I454QUiUSZ7qX239HbqGUAQc9ykmsmRe1WVX3cgkbTUelZSNdSvXvWz8TKPdgvA0LbhbdCRTdOsKYu1nfJffbXMBtC83iUpGFROX7FOooIa9+s+NlIlwg7vO2uMMGrepYJMO571CPA4TZ2vlLS66Ga3Rx8WPXIKu0rX88WZEou+je4NtPgWxsqz7Tz5ui8qYyuBVGT/ELzfVW0lHehFTnWjEzxMbgbdJQFQIf0uaj8XOu8sCnqdq7zx2NaoxtzeNrX6ubU9J5VQTB9oHgpFRKmtKVaOAJkd7vK32wLbZe45EmYy6Zrz33mxh6k1XtZW323rwHkJCUJNMBRb7fREGjZyZKdTsZoJE9+9Zxn2fHExMixOfExEhXYdmyMDJmyhZwyawdoJOhVhWnx3kzg2Ha+7kV42IOAjf4OQ/tBP5aS8ZlXQWMS50XIySp1tAVAKO9/PMZOCPgI4GUgxgKf89A==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2016 01:24:01.4756 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR05MB2506
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/qzUPK6SyH9YPXIbEP1aIlNUSgo8>
Cc: "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, "draft-ietf-sidr-origin-validation-signaling@ietf.org" <draft-ietf-sidr-origin-validation-signaling@ietf.org>, "Sandra L. Murphy" <sandy@tislabs.com>
Subject: Re: [sidr] AD Review of sidr-origin-validation-signaling-09
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2016 01:24:10 -0000

On Nov 13, 2016, at 1:40 AM, Alvaro Retana (aretana) <aretana@cisco.com> wrote:
> C1. The reference to rfc7607 should be Informative.

Done (in -10 candidate source).
 
> C2. [Major] Security Considerations.  I think that there is one consideration that should be mentioned in this section:  Given that the largest value is preferred (2 = invalid), there is an attack vector where a router in the path (yes, even an internal router) can inject a community indicating that the route is invalid; the communities are not protected.  This action could result in inconsistent routing or in even a DoS.  I know the document is not explicit about what to do with the validation state (which is ok), but the clear intention (from rfc6811 and rfc7115) is that it will be used to make routing decisions.  Please add some text about this potential issue.

I started to write something about this and then realized I don't understand what you mean. At first I thought you were saying that an attacker that can forge an OV community can bias route selection. While this is true of course, it's also not unique to OV (Localpref has this property for example). It probably wouldn't be hard to write a sentence to summarize this, if necessary. 

However, you specifically refer to the invalid state: "a router in the path ... can inject a community indicating that the route is invalid". This makes me think you think there's something special about "invalid", and I don't know what it is. You also say something about the sorting order, which I'm also not sure why that would matter.

As far as I can tell, injecting "a community indicating that the route is invalid" is kind of boring attack -- it just makes the route less likely to be selected by the downstream router. The "bad" router could also just fail to propagate the route at all ("underclaiming") making it flat-out impossible for the downstream to select it, or could use any number of other path attribute manipulations (Localpref, AS path, etc) to make the route less preferable. Are you suggesting there is some fancier attack than this, or are you just asking us to acknowledge BGP doesn't work very well in the face of an on-path attacker?

By all means, if anyone has text to send, do.

Thanks,

--John

v2.23.0 | Report a Bug | By Email