Re: [Sidrops] trying to limit RP processing variability

Job Snijders <job@ntt.net> Thu, 16 April 2020 15:02 UTC

Return-Path: <job@ntt.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BA9F3A0AA6 for <sidrops@ietfa.amsl.com>; Thu, 16 Apr 2020 08:02:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gh7CUQLOmr1K for <sidrops@ietfa.amsl.com>; Thu, 16 Apr 2020 08:02:06 -0700 (PDT)
Received: from mail4.dllstx09.us.to.gin.ntt.net (mail4.dllstx09.us.to.gin.ntt.net [IPv6:2001:418:3ff:5::192:26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D8E23A0AA4 for <sidrops@ietf.org>; Thu, 16 Apr 2020 08:02:06 -0700 (PDT)
Received: from auth2-smtp.messagingengine.com (auth2-smtp.messagingengine.com [66.111.4.228]) by mail4.dllstx09.us.to.gin.ntt.net (Postfix) with ESMTPSA id 65C50EE0072 for <sidrops@ietf.org>; Thu, 16 Apr 2020 15:02:05 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailauth.nyi.internal (Postfix) with ESMTP id EA1D127C0054 for <sidrops@ietf.org>; Thu, 16 Apr 2020 11:02:03 -0400 (EDT)
Received: from imap1 ([10.202.2.51]) by compute3.internal (MEProxy); Thu, 16 Apr 2020 11:02:03 -0400
X-ME-Sender: <xms:a3OYXgzKnIMJBzn3hwRqL84TIe_ca__FA8wjsbv_zJyI0I8lJmJMrQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrfeehgdekgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdflohgsucfunhhijhguvghrshdfuceojhhosgesnhhtthdr nhgvtheqnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epjhhosgdomhgvshhmthhprghuthhhphgvrhhsohhnrghlihhthidquddtgeejleduheek gedqvdeffeefkeefvddtqdhjohgspeepnhhtthdrnhgvthesshhosghorhhnohhsthdrnh gvth
X-ME-Proxy: <xmx:a3OYXgKiPYkmUaEthZf66CI8aFv5m42YpwWqlCxX1U4O27PyXPtnbw> <xmx:a3OYXvXhbrRfPWjEeG3puUo6_h-BT0Ea9MEsntd4nqwhGXmeu6PTag> <xmx:a3OYXja-RfPmiZXWLGLexExyffSqzBdJLWpK9L_1zNRmtVWTHXXHeA> <xmx:a3OYXnm_iiTYH2HL5k4k67oBhnPKdYOwaMvcFJUxLLD3kBdinxEULg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 34B73C200A5; Thu, 16 Apr 2020 11:02:03 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1131-g3221b37-fmstable-20200415v1
Mime-Version: 1.0
Message-Id: <495aa74e-9094-458a-8524-db595d7bc6f2@www.fastmail.com>
In-Reply-To: <m24ktjpnge.wl-randy@psg.com>
References: <a9448e54-320f-300c-d4f9-d01aca2b6ef4.ref@verizon.net> <a9448e54-320f-300c-d4f9-d01aca2b6ef4@verizon.net> <63c18696-fe3b-c66f-d8ae-fb132f78ee9f@ripe.net> <a0067385-adb8-cadd-3a7f-3a362176d265@verizon.net> <e3bcba98-c664-0c27-850f-137251cc314a@ripe.net> <a1c7b748-6dda-c555-0ab7-3727d34bc672@verizon.net> <20200415124611.7af291b1@glaurung.nlnetlabs.nl> <m2wo6gpq6j.wl-randy@psg.com> <20200416113320.53500fa6@glaurung.nlnetlabs.nl> <m24ktjpnge.wl-randy@psg.com>
Date: Thu, 16 Apr 2020 17:01:42 +0200
From: "Job Snijders" <job@ntt.net>
To: sidrops@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/T-8FNDGaMAsgLv9yAV1_3s0NKYg>
Subject: Re: [Sidrops] trying to limit RP processing variability
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2020 15:02:08 -0000

On Thu, Apr 16, 2020, at 15:30, Randy Bush wrote:
> >>> An attacker who can delete files can as easily replace them with
> >>> something else with the same result.  
> >> not really.
> > I cannot think of a case where an attack can manipulate the rsync
> > exchange, impersonate the rsync server, or manipulate the file system
> > of the legitimate rsync server in such a way that they can signal
> > to an rsync client to delete existing files but not to replace them
> > partially or completely. 
> > 
> > What am I missing?
> 
> 6486 4.2
> 
>    fileList:
>       This field is a sequence of FileAndHash objects.  There is one
>       FileAndHash entry for each currently valid signed object that has
>       been published by the authority (at this publication point).  Each
>       FileAndHash is an ordered pair consisting of the name of the file
>       in the repository publication point (directory) that contains the
>       object in question and a hash of the file's contents.
>                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I think I see an instance of miscommunication:

I think Martin's perspective is that whether the files are deleted or modified by MITM, the RP outcome is the same: the PP has to be tossed. I don't think Martin suggested that files can trivially be replaced, just that deletion or tampering have the same effect. 

Right?

Kind regards,

Job