Re: [Sidrops] what to do when the CRL is hosed?
Lukas Tribus <lists@ltri.eu> Fri, 03 April 2020 07:32 UTC
Return-Path: <lists@ltri.eu>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9A523A1366 for <sidrops@ietfa.amsl.com>; Fri, 3 Apr 2020 00:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gG7nnW8BuLFi for <sidrops@ietfa.amsl.com>; Fri, 3 Apr 2020 00:32:49 -0700 (PDT)
Received: from smtp-relay2.web-server.biz (smtp-relay2.web-server.biz [137.74.38.202]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AAFE3A1333 for <sidrops@ietf.org>; Fri, 3 Apr 2020 00:32:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp-relay2.web-server.biz (Postfix) with ESMTP id EF93C1CD42 for <sidrops@ietf.org>; Fri, 3 Apr 2020 09:32:46 +0200 (CEST)
Received: from smtp-relay2.web-server.biz ([137.74.38.202]) by localhost (smtp-relay2.web-server.biz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FQ9Y0erH58Z for <sidrops@ietf.org>; Fri, 3 Apr 2020 09:32:44 +0200 (CEST)
Received: from mail5.web-server.biz (www5.web-server.biz [185.181.105.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-relay2.web-server.biz (Postfix) with ESMTPS id 0F2051CD19 for <sidrops@ietf.org>; Fri, 3 Apr 2020 09:32:44 +0200 (CEST)
Received: from mail-io1-f47.google.com (mail-io1-f47.google.com [209.85.166.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail5.web-server.biz (Postfix) with ESMTPSA id 8E60C47C77 for <sidrops@ietf.org>; Fri, 3 Apr 2020 07:32:39 +0000 (UTC)
Received: by mail-io1-f47.google.com with SMTP id i3so6439124ioo.13 for <sidrops@ietf.org>; Fri, 03 Apr 2020 00:32:39 -0700 (PDT)
X-Gm-Message-State: AGi0Pua9SB5sDBvW1HPXyVyPnlicKhWd100aZXhzRTwwo032jZ/Hcn/7 gHjfXCCyT5FB7jhjuWGLvCN5GWj77cX9+iz1Gk0=
X-Google-Smtp-Source: APiQypKqYeQ+J8zU/ntUkf1dnpxTxAAPEy0iAC354aFeJOF29B2WYB5DKdzwxHigpZOzmzbx91eOtE35rda4UD28gpY=
X-Received: by 2002:a02:b616:: with SMTP id h22mr7290162jam.126.1585899157861; Fri, 03 Apr 2020 00:32:37 -0700 (PDT)
MIME-Version: 1.0
References: <20200224151532.GD19221@vurt.meerval.net> <20200224211531.GB60925@vurt.meerval.net> <20200225090338.10464b1a@glaurung.nlnetlabs.nl> <9cc3a6a5-f9c8-23df-588e-48dee5db62d4@verizon.net> <3B7006DE-5366-47E7-9CD6-AF392F9ED0CC@nlnetlabs.nl> <6602d1a7-ecbf-73a0-21d8-1254fb2aff97@verizon.net> <20200226173935.GE72144@vurt.meerval.net> <2db8d19a-6f91-d2fc-36c3-65742ba77e6c@ripe.net> <8B09B96B-432C-4190-9DE0-DC2004AAFCC2@nlnetlabs.nl> <CC64461D-4F34-4367-AD9D-D42B2A476363@ripe.net> <75140927-0b8b-07ab-ad2e-952e32256df1@verizon.net> <24198.20355.168888.506246@oz.mt.att.com> <CACC_My-g7bU7FYHiy+3j=HfXBp4+ZEWA96aGOaptROtLg8CSUg@mail.gmail.com> <m2mu7to1jk.wl-randy@psg.com>
In-Reply-To: <m2mu7to1jk.wl-randy@psg.com>
From: Lukas Tribus <lists@ltri.eu>
Date: Fri, 03 Apr 2020 09:32:26 +0200
X-Gmail-Original-Message-ID: <CACC_My9PwS7fSZD-50zCW8q2BtDMGbJA38SYfq+Efqzez_GMzQ@mail.gmail.com>
Message-ID: <CACC_My9PwS7fSZD-50zCW8q2BtDMGbJA38SYfq+Efqzez_GMzQ@mail.gmail.com>
To: Randy Bush <randy@psg.com>
Cc: Jay Borkenhagen <jayb@braeburn.org>, sidrops@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/aKHQxrk06G9loCElVV7V1ZV4NOY>
Subject: Re: [Sidrops] what to do when the CRL is hosed?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2020 07:33:00 -0000
Hello Randy, On Fri, 3 Apr 2020 at 02:28, Randy Bush <randy@psg.com> wrote: > > > - no MITM attacks possible that lead to incomplete VRP sets (with the > > supported retrieval methods, which still includes rsync) > > you are asking for transport security. we chose not to take that path. > if an evil monkey gets in the middle, it should be detectable. but the > design does not prevent mitm. What I'm trying to say is something different: We promised transport agnostic security. I'm asking that we maintain that promise. But if we are unable to maintain that promise and start relying on transport security, then we need to actually fully admit that and drop rysnc. This is because I read some arguments on this list akin to "well this attack will not work against RRDP, so only rsync ...". What I am saying is that: we should maintain the same guarantees and consistencies at the end of the day with both retrieval methods. I understand MITM - as in denying the *entire* service - is an attack that affects both retrieval methods. That's ok. What would be unacceptable for me is that a repository retrieved via rsync could be affected by a partial withhold attack, withholding some VRP's. The TL;DR here is, as a network operator, I expect both retrieval methods to provide the same kind of assurances, consistencies and security guarantees. On the other hand, if rsync is a second class citizen, then we need big fat warnings about rsync. Lukas
- [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
- Re: [Sidrops] what to do when the CRL is hosed? Francisco Javier Moreno Arana
- Re: [Sidrops] what to do when the CRL is hosed? Ben Maddison
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
- Re: [Sidrops] what to do when the CRL is hosed? Louis Poinsignon
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
- Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
- Re: [Sidrops] what to do when the CRL is hosed? Di Ma
- Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Nathalie Trenaman
- Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Rob Austein
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
- Re: [Sidrops] what to do when the CRL is hosed? Di Ma
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? Jay Borkenhagen
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
- Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush