Re: [tcpm] status of TCP-MD5 after TCP-AO publication
Iljitsch van Beijnum <iljitsch@muada.com> Wed, 05 August 2009 09:40 UTC
Return-Path: <iljitsch@muada.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 901EB28C545; Wed, 5 Aug 2009 02:40:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.342
X-Spam-Level:
X-Spam-Status: No, score=-6.342 tagged_above=-999 required=5 tests=[AWL=0.257, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9zPkP3WVCUC6; Wed, 5 Aug 2009 02:40:23 -0700 (PDT)
Received: from sequoia.muada.com (sequoia.muada.com [83.149.65.1]) by core3.amsl.com (Postfix) with ESMTP id 034D928C55B; Wed, 5 Aug 2009 02:39:44 -0700 (PDT)
Received: from claw.it.uc3m.es (claw.it.uc3m.es [163.117.139.55]) (authenticated bits=0) by sequoia.muada.com (8.13.3/8.13.3) with ESMTP id n759cYTY049934 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 5 Aug 2009 11:38:34 +0200 (CEST) (envelope-from iljitsch@muada.com)
Message-Id: <791B8996-F1CB-4DA6-B181-3D0A6E691532@muada.com>
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: "<toby.moncaster@bt.com>" <toby.moncaster@bt.com>
In-Reply-To: <AEDCAF87EEC94F49BA92EBDD49854CC70C82472C@E03MVZ1-UKDY.domain1.systemhost.net>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Wed, 05 Aug 2009 11:38:51 +0200
References: <6BB76CFA-4134-4D3E-BE20-3A90A5111CBD@nokia.com><FB33B8FD-308B-4867-902E-131382969C35@muada.com><4A777220.3070507@juniper.net> <75E968CA-1D9A-40BD-9C3E-534518B13BCF@muada.com> <AEDCAF87EEC94F49BA92EBDD49854CC70C82472C@E03MVZ1-UKDY.domain1.systemhost.net>
X-Mailer: Apple Mail (2.935.3)
Cc: tcpm@ietf.org, iesg@ietf.org
Subject: Re: [tcpm] status of TCP-MD5 after TCP-AO publication
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2009 09:40:24 -0000
On 5 aug 2009, at 11:22, <toby.moncaster@bt.com> <toby.moncaster@bt.com> wrote: > New solutions may only become widely deployed if there is some > indication that the existing deployment is in some way obsolete/ > historic. If you are now saying we can't call the existing solution > obsolete/historic until there is wide deployment of the new solution > then we are in a Catch 22... Despite people telling me it has been around for years, I have never encountered AO in the wild. And with IPsec as a mechanism to protect BGP being a huge failure because the vendors couldn't make it configurable (remember, configuring BGP is a full time job in many cases!) and 32-bit AS numbers taking a decade to appear on the scene, I am worried that making RFC 2385 historic quickly may leave some operators with no way to protect BGP sessions. Don't forget that people can easily run 2 year old code and deployment in Quagga is complex due to the fact that the actual authentication happens in the kernel, so if a late model Cisco or Juniper has AO but no MD5 and an older model or a Quagga box only MD5 but no AO we're in worse shape than we are today. Also remember that what the crypto people think is good operational practice has nothing to do with what really happens in practice, setting up MD5 once and never changing the password is what happens in 49% of all cases (with no protection at all in 50%), and considering the amount of attacks happening this seems quite sufficient. Actually the thing that worries me most about MD5 is that it allows for CPU exhaustion attacks, especially as implementations seem to authenticate first and do TCP sanity checking later and RFC 3682 never caught on because it doesn't autonegotiate. Not sure of AO helps against those attacks, but IPsec could through the anti-replay counter.
- [tcpm] status of TCP-MD5 after TCP-AO publication Lars Eggert
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Iljitsch van Beijnum
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Lars Eggert
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… David Borman
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Joe Touch
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Ron Bonica
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Iljitsch van Beijnum
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Smith, Donald
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Joe Touch
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Chaks Chigurupati (chaks)
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Smith, Donald
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Chaks Chigurupati (chaks)
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… toby.moncaster
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Iljitsch van Beijnum
- Re: [tcpm] status of TCP-MD5 after TCP-AO publica… Pekka Savola