Re: [Sidrops] trying to limit RP processing variability

Randy Bush <randy@psg.com> Thu, 16 April 2020 13:30 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 555AC3A081F for <sidrops@ietfa.amsl.com>; Thu, 16 Apr 2020 06:30:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QrWGVm1ekMgJ for <sidrops@ietfa.amsl.com>; Thu, 16 Apr 2020 06:30:45 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDE6B3A07E1 for <sidrops@ietf.org>; Thu, 16 Apr 2020 06:30:44 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1jP4bK-0003Zq-31; Thu, 16 Apr 2020 13:30:42 +0000
Date: Thu, 16 Apr 2020 06:30:41 -0700
Message-ID: <m24ktjpnge.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Martin Hoffmann <martin@opennetlabs.com>
Cc: "sidrops@ietf.org" <sidrops@ietf.org>, Stephen Kent <stkent=40verizon.net@dmarc.ietf.org>, Robert Kisteleki <robert@ripe.net>
In-Reply-To: <20200416113320.53500fa6@glaurung.nlnetlabs.nl>
References: <a9448e54-320f-300c-d4f9-d01aca2b6ef4.ref@verizon.net> <a9448e54-320f-300c-d4f9-d01aca2b6ef4@verizon.net> <63c18696-fe3b-c66f-d8ae-fb132f78ee9f@ripe.net> <a0067385-adb8-cadd-3a7f-3a362176d265@verizon.net> <e3bcba98-c664-0c27-850f-137251cc314a@ripe.net> <a1c7b748-6dda-c555-0ab7-3727d34bc672@verizon.net> <20200415124611.7af291b1@glaurung.nlnetlabs.nl> <m2wo6gpq6j.wl-randy@psg.com> <20200416113320.53500fa6@glaurung.nlnetlabs.nl>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/0jiK7BQy58rSD9NhpnqQ-kk2tFk>
Subject: Re: [Sidrops] trying to limit RP processing variability
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2020 13:30:46 -0000

>>> An attacker who can delete files can as easily replace them with
>>> something else with the same result.  
>> not really.
> I cannot think of a case where an attack can manipulate the rsync
> exchange, impersonate the rsync server, or manipulate the file system
> of the legitimate rsync server in such a way that they can signal
> to an rsync client to delete existing files but not to replace them
> partially or completely. 
> 
> What am I missing?

6486 4.2

   fileList:
      This field is a sequence of FileAndHash objects.  There is one
      FileAndHash entry for each currently valid signed object that has
      been published by the authority (at this publication point).  Each
      FileAndHash is an ordered pair consisting of the name of the file
      in the repository publication point (directory) that contains the
      object in question and a hash of the file's contents.
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^