Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees

Rob Austein <> Thu, 27 August 2015 02:49 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 762DB1B38FA for <>; Wed, 26 Aug 2015 19:49:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id o3-_HQAeASwU for <>; Wed, 26 Aug 2015 19:49:47 -0700 (PDT)
Received: from ( [IPv6:2001:418:1::19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E4D441B38F9 for <>; Wed, 26 Aug 2015 19:49:47 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "", Issuer "Grunchweather Associates" (verified OK)) by (Postfix) with ESMTPS id 20C033980B for <>; Thu, 27 Aug 2015 02:49:47 +0000 (UTC)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id B46A51ABFFC4 for <>; Wed, 26 Aug 2015 22:49:45 -0400 (EDT)
Date: Wed, 26 Aug 2015 22:49:45 -0400
From: Rob Austein <>
In-Reply-To: <>
References: <>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <>
Archived-At: <>
Subject: Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Aug 2015 02:49:49 -0000

At Wed, 26 Aug 2015 17:26:24 -0400, David Mandelberg wrote:
> I think this problem might be fixed if we modify the protocol to sign 
> all of the preceding signed data (rather than just the immediate, 
> previous signature).

Agreed, assuming this means adding the (theoretically invariant)
fields from the data to be signed in section 4.1 to the data to be
signed in section 4.2.

Taking "Origin AS Number" in section 4.1 as equivalent to "Signer's AS
Number" in section 4.2, this leaves the algorithm suite identifier,
the AFI, the SAFI, and the NLRI to be added to the data to be signed
in section 4.2.  I doubt that there's any practical attack based on
fiddling with the algorithm suite identifier (I'd expect any games
there to cause validation failure, end of story), but maybe somebody
has a more twisted imagination than mine, and, given that the
algorithm suite ID is one byte long, I don't think it's worth trying
to optimize that byte out of the section 4.2 signature.

Presumably we want to keep the existing signature chaining, so I
wouldn't remove anything from the data to be signed in section 4.2,
just add the fields that are currently only present in section 4.1.

David, if this is consistent with what you meant, cool, if not, say on.