Re: [Sidrops] trying to limit RP processing variability

Martin Hoffmann <martin@opennetlabs.com> Wed, 15 April 2020 10:46 UTC

Return-Path: <martin@opennetlabs.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 973C03A0AB9 for <sidrops@ietfa.amsl.com>; Wed, 15 Apr 2020 03:46:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 039mriQ1xA3a for <sidrops@ietfa.amsl.com>; Wed, 15 Apr 2020 03:46:14 -0700 (PDT)
Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB9E03A0AB8 for <sidrops@ietf.org>; Wed, 15 Apr 2020 03:46:13 -0700 (PDT)
Received: from glaurung.nlnetlabs.nl (82-197-214-124.dsl.cambrium.nl [82.197.214.124]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 7F5431B198; Wed, 15 Apr 2020 12:46:11 +0200 (CEST)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none (p=none dis=none) header.from=opennetlabs.com
Authentication-Results: dicht.nlnetlabs.nl; spf=none smtp.mailfrom=martin@opennetlabs.com
Date: Wed, 15 Apr 2020 12:46:10 +0200
From: Martin Hoffmann <martin@opennetlabs.com>
To: Stephen Kent <stkent=40verizon.net@dmarc.ietf.org>
Cc: Robert Kisteleki <robert@ripe.net>, "sidrops@ietf.org" <sidrops@ietf.org>
Message-ID: <20200415124611.7af291b1@glaurung.nlnetlabs.nl>
In-Reply-To: <a1c7b748-6dda-c555-0ab7-3727d34bc672@verizon.net>
References: <a9448e54-320f-300c-d4f9-d01aca2b6ef4.ref@verizon.net> <a9448e54-320f-300c-d4f9-d01aca2b6ef4@verizon.net> <63c18696-fe3b-c66f-d8ae-fb132f78ee9f@ripe.net> <a0067385-adb8-cadd-3a7f-3a362176d265@verizon.net> <e3bcba98-c664-0c27-850f-137251cc314a@ripe.net> <a1c7b748-6dda-c555-0ab7-3727d34bc672@verizon.net>
Organization: Open Netlabs
X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/lSZ9zm0hNYVtLRBjKq1zOx4iIDs>
Subject: Re: [Sidrops] trying to limit RP processing variability
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 10:46:16 -0000

Stephen Kent wrote:
>
> > rsync has a flag (--delete) where it literally syncs, ie. not only
> > fetches new/updated objects but also removes the local ones that no
> > longer exist remotely. (Either this, or some other processes have
> > to do cleanup, otherwise the local copy accumulates objects
> > eternally.)  
> 
> I forgot about the --delete flag. But, if one chooses to make use of
> the flag, it requires caution. if an attacker deleted files and an RP 
> removed instances of those files from the local cache, this is an
> easy DoS attack. One would have to see if there is a current manifest
> and if it lists files that have been deleted from the PP. Only if
> there is a current manifest, and the deleted files are also not
> present in the manifest, would it be safe to delete those files.
> 
> If one relies on examination of a current manifest to trigger
> deletion of cached files this problem would be avoided, and thus
> those files would not accumulate forever. maybe that's why I was not
> thinking about the flag.

An attacker who can delete files can as easily replace them with
something else with the same result. So I am not sure the added code
complexity is worth it.

Kind regards,
Martin