[sidr] discussion about mandatory-to-implement connection security (was WGLC draft-sidr-rpki-rtr - take 2?)
Joe Touch <touch@isi.edu> Wed, 20 April 2011 20:29 UTC
Return-Path: <touch@isi.edu>
X-Original-To: sidr@ietfc.amsl.com
Delivered-To: sidr@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 280E4E0753 for <sidr@ietfc.amsl.com>; Wed, 20 Apr 2011 13:29:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.962
X-Spam-Level:
X-Spam-Status: No, score=-103.962 tagged_above=-999 required=5 tests=[AWL=1.397, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_LWSHORTT=1.24, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TxCqPDLJ3GeV for <sidr@ietfc.amsl.com>; Wed, 20 Apr 2011 13:29:49 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfc.amsl.com (Postfix) with ESMTP id 2EF42E0669 for <sidr@ietf.org>; Wed, 20 Apr 2011 13:29:49 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id p3KKTEvO018447 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Wed, 20 Apr 2011 13:29:14 -0700 (PDT)
Message-ID: <4DAF421A.9060100@isi.edu>
Date: Wed, 20 Apr 2011 13:29:14 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: sidr@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: [sidr] discussion about mandatory-to-implement connection security (was WGLC draft-sidr-rpki-rtr - take 2?)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Apr 2011 20:29:50 -0000
Hi, all, I've reviewed the discussion about mandatory-to-implement connection security that dates back to Morrow's post of 1 Apr: http://www.ietf.org/mail-archive/web/sidr/current/msg02623.html I'd like to note a few things: 1) ssh does not protect the transport connection ssh is an application protocol, not a transport protocol It provides privacy and authentication at the application layer, of the data over the TCP connection, but that connection can be interrupted by an attacker. This may not have the same impact as for vanilla BGP (where the connection disappearing causes routes to be removed), but should be a consideration in a "mandatory to implement" component, IMO. 2) TCP-AO was designed for BGP TCP-AO was designed to get around concerns with the use of IPsec for BGP protection, and to correct for weaknesses in TCP MD5. Any platform that is intended to use BGP in a protected way will need to implement TCP-AO anyway. Using that mechanism to protect other parts of BGP seems appropriate. 3) TCP-AO obsoletes TCP MD5 We did not deprecate TCP MD5 for legacy reasons only. It should not be recommended in any new cases. 4) a SIDR solution assuming TCP-AO isn't available on servers is an interim only RFCs ought not focus on short term solutions, especially ones that are so easily corrected. If the issue is the lack of a TCP-AO implementation in Linux and FreeBSD, it would be more productive to find the resources (6 man-months approx.) to just write this than even to discuss it on this list at length further. If you do insist on including other alternatives, I would strongly suggest listing only IPsec; if you do include ssh (or, AFAICT, if you really want to get to servers, why not tls? surely servers are as likely if not more so to have HTTPS support) then you should note the lack of protection to the transport layer, and any implications that result. Joe
- [sidr] discussion about mandatory-to-implement co… Joe Touch
- Re: [sidr] discussion about mandatory-to-implemen… Borchert, Oliver
- Re: [sidr] discussion about mandatory-to-implemen… Christopher Morrow
- Re: [sidr] discussion about mandatory-to-implemen… Randy Bush
- Re: [sidr] discussion about mandatory-to-implemen… Borchert, Oliver
- Re: [sidr] discussion about mandatory-to-implemen… Randy Bush
- Re: [sidr] discussion about mandatory-to-implemen… Randy Bush
- Re: [sidr] discussion about mandatory-to-implemen… Joe Touch