Re: [Sidrops] Stalloris: RPKI Downgrade Attack

Jeroen Massar <jeroen@massar.ch> Thu, 05 May 2022 12:11 UTC

Return-Path: <jeroen@massar.ch>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06816C15E3F3 for <sidrops@ietfa.amsl.com>; Thu, 5 May 2022 05:11:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=massar.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CkQ7xaGTzbsW for <sidrops@ietfa.amsl.com>; Thu, 5 May 2022 05:10:59 -0700 (PDT)
Received: from citadel.ch.unfix.org (citadel.ch.unfix.org [IPv6:2001:1620:20b0::50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD78AC15E405 for <sidrops@ietf.org>; Thu, 5 May 2022 05:10:53 -0700 (PDT)
Received: from smtpclient.apple (adsl-130-212.dsl.init7.net [213.144.130.212]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: jeroen@massar.ch) by citadel.ch.unfix.org (Postfix) with ESMTPSA id D209522B056BC; Thu, 5 May 2022 12:10:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=massar.ch; s=DKIM2009; t=1651752647; bh=dWTswYbgEFn6URq1ComMY+6NtCm7iidGOcrrG01ZG3c=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=vlo47KP+Co3AIMnJsk0DpqRnpWCVM3piy2brRL0FEOe9BEQkoxD9Ltbij33ISshV7 TDEDfrYY+GqWwX8HdDaGO592QsMurDYu0hEG6UuTq5A+h1ZYDAhEQCPaXMDF12DZEf J2yWoPrP9gmmQkycgRSpYLRVB/8DDI7nUYAcWkyLubDLinPPvLGLnU4LMTssHqlGfu xTI2D/05URL3YLeiDEq6gtWChHLHy4iEpE6b/CeyRH8spyp3htwq+ZYXfuYdA7cYtY W4CPgL5Vs5oRr5zOcafZi/afIKMPLDz7/wqZM7jQT7m0cuiSi2dWaWhCw0skiia2N9 S5Z+GIdvHzRkA==
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
From: Jeroen Massar <jeroen@massar.ch>
In-Reply-To: <CAL9jLaaZm=QsjZGARu8DLajWj6_Q+sH1rh7UTOrEUjOMeODo8Q@mail.gmail.com>
Date: Thu, 05 May 2022 14:10:47 +0200
Cc: "sidrops@ietf.org" <sidrops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <5E3A8C12-E0A2-4EA8-9657-AE6C4D31291D@massar.ch>
References: <AS4P195MB142948CC066435891815A8C88CC09@AS4P195MB1429.EURP195.PROD.OUTLOOK.COM> <CAL9jLaaZm=QsjZGARu8DLajWj6_Q+sH1rh7UTOrEUjOMeODo8Q@mail.gmail.com>
To: Christopher Morrow <christopher.morrow@gmail.com>
X-Mailer: Apple Mail (2.3696.80.82.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/rfSyrs3CcLL_c4SuiD6yOP3KeLg>
Subject: Re: [Sidrops] Stalloris: RPKI Downgrade Attack
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2022 12:11:04 -0000

> On 4 May 2022, at 16:47, Christopher Morrow <christopher.morrow@gmail.com> wrote:
> 
> sure.. this seems pretty obvious from the system design.

Next up: a paper how when one does not have the CA, one cannot verify it.
And another one: that when a CRL is not reachable it is broken....

Yes, people should read the design constraints of papers, but interesting to see that come out of that institution.

Here a related IPv6 one: https://arxiv.org/abs/2203.08946 that effectively states

"they can track you if 1 device in a /64 has a static EUI-64 portion"

while the intro of rfc3041 clearly states:

8<---------
By design, the interface identifier is likely to be globally unique when generated in this fashion.
--------->8

Seems to be a slow paper year... and note, those are published at "peer reviewed" conferences...

> I think you COULD say: "well, then unknowns also die in a fire with invalids!"
> but.. that's going to leave you with a very small internet :(
> 
> Ideally publication point operators are buidling robust and distributed deployments that can be resilient in the face of both network problems and bad actors.

Indonesia's IDNIC would like to demonstrate the problem for you ;)

At the moment https://repo-rpki.idnic.net/rrdp/notification.xml seems to be reachable but there have been rather big connectivity issues with it around december that almost caused it to expire from many rpki views.

Greets,
 Jeroen