Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees
Rob Austein <sra@hactrn.net> Thu, 27 August 2015 02:49 UTC
Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 762DB1B38FA for <sidr@ietfa.amsl.com>; Wed, 26 Aug 2015 19:49:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o3-_HQAeASwU for <sidr@ietfa.amsl.com>; Wed, 26 Aug 2015 19:49:47 -0700 (PDT)
Received: from adrilankha.hactrn.net (adrilankha.hactrn.net [IPv6:2001:418:1::19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4D441B38F9 for <sidr@ietf.org>; Wed, 26 Aug 2015 19:49:47 -0700 (PDT)
Received: from minas-ithil.hactrn.net (c-24-34-34-101.hsd1.ma.comcast.net [24.34.34.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (verified OK)) by adrilankha.hactrn.net (Postfix) with ESMTPS id 20C033980B for <sidr@ietf.org>; Thu, 27 Aug 2015 02:49:47 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [IPv6:::1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id B46A51ABFFC4 for <sidr@ietf.org>; Wed, 26 Aug 2015 22:49:45 -0400 (EDT)
Date: Wed, 26 Aug 2015 22:49:45 -0400
From: Rob Austein <sra@hactrn.net>
To: sidr@ietf.org
In-Reply-To: <f12cf36b3ee80798852c3fa13485b50d@mail.mandelberg.org>
References: <f12cf36b3ee80798852c3fa13485b50d@mail.mandelberg.org>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20150827024945.B46A51ABFFC4@minas-ithil.hactrn.net>
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/rH-3JQBhzcmxnhZMoDULer-GWLQ>
Subject: Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2015 02:49:49 -0000
At Wed, 26 Aug 2015 17:26:24 -0400, David Mandelberg wrote: ... > I think this problem might be fixed if we modify the protocol to sign > all of the preceding signed data (rather than just the immediate, > previous signature). Agreed, assuming this means adding the (theoretically invariant) fields from the data to be signed in section 4.1 to the data to be signed in section 4.2. Taking "Origin AS Number" in section 4.1 as equivalent to "Signer's AS Number" in section 4.2, this leaves the algorithm suite identifier, the AFI, the SAFI, and the NLRI to be added to the data to be signed in section 4.2. I doubt that there's any practical attack based on fiddling with the algorithm suite identifier (I'd expect any games there to cause validation failure, end of story), but maybe somebody has a more twisted imagination than mine, and, given that the algorithm suite ID is one byte long, I don't think it's worth trying to optimize that byte out of the section 4.2 signature. Presumably we want to keep the existing signature chaining, so I wouldn't remove anything from the data to be signed in section 4.2, just add the fields that are currently only present in section 4.1. David, if this is consistent with what you meant, cool, if not, say on.
- [sidr] draft-ietf-sidr-bgpsec-protocol-13's secur… David Mandelberg
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Randy Bush
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Rob Austein
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Sriram, Kotikalapudi
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Rob Austein
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Borchert, Oliver
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Borchert, Oliver
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Randy Bush
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Sriram, Kotikalapudi
- [sidr] replay threats (was: draft-ietf-sidr-bgpse… Randy Bush
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Sriram, Kotikalapudi
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… David Mandelberg
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… David Mandelberg
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… David Mandelberg
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Rob Austein
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… David Mandelberg
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Rob Austein
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Stephen Kent
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… David Mandelberg
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Sriram, Kotikalapudi
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Randy Bush
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's s… Matthew Lepinski
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pro… Sriram, Kotikalapudi
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pro… Sandra Murphy
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pro… Sriram, Kotikalapudi