Re: [Tsv-art] Tsvart last call review of draft-ietf-lisp-rfc6830bis-15

Dino Farinacci <farinacci@gmail.com> Tue, 28 August 2018 16:53 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C4B3130F47; Tue, 28 Aug 2018 09:53:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dXaNf0FEcd2i; Tue, 28 Aug 2018 09:53:31 -0700 (PDT)
Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CE67130F43; Tue, 28 Aug 2018 09:53:31 -0700 (PDT)
Received: by mail-pg1-x529.google.com with SMTP id r1-v6so1001343pgp.11; Tue, 28 Aug 2018 09:53:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Rkt1kNzLwy/rfFsYNwQCC5qSDcJL25fd6rSHhxbQHyo=; b=CmmJ22kYb+uAKtvNMFrHcIanphAAkj3SKm0HiQT6gBE9MraQ18l0W2FBVcxczy+Zlp rudPOMypNJBUmyR64cBSGuVC68OUPt4uh0BNYF3mZAXdVy6WAYc1qUIljAeDHx9lKYvD K0hfKl2cex6cyZwW4y8+GCFgzPqObm6NQED4bYzhg1S2tB+FOtU3rgz5Hqzwx9JvBwh4 vILrCc3JLNXg9MPyveJkbiXlHlUKOXoypgyehcVwyaEEtmysVDLxFEPNTgJHeRC5XZiL jB3juxOKPhVkEkNj0y0mdDkJLL0uhjYkAcgJNllhmkyVn6SIi6fV+qQQGZoKbMgA7H1r OTgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Rkt1kNzLwy/rfFsYNwQCC5qSDcJL25fd6rSHhxbQHyo=; b=teyJQ/aW3KORddalnwbWaLw1+XDxzm8g5uEier8SDD1XyH+dXHpL92ljN+2dIz2RkO 6RX4TnxskQKL1goVqW5uGHqjkHtZyje5Rqb10rQlsidhZMM4GxKofpEU05pJ+R41bpda mzckM3cMBmsVRbJYzshi3Cqg4tY7BmYq7JT8WmD3TSIK4ZApDXOwoog0UXeQByhNXI8r 8oPmsrgHikFd2N55TMSoYV+hMaL5RWM/6VYiIsXIIz5yQFUnSTq4MmTQIgQvZltzsNA3 VjPApWPoQlcnOfqE/koGXYhP6wqNjO0YgCiicPYxBu1cEZL/9BJ7hSVvUx9vTMtaG4S9 71sg==
X-Gm-Message-State: APzg51Cs8Ripre7oW+OMZpK5UaPUxvQ6UiUpUl/QEh1VmiiY9ywSV581 97rRrENluHJ0BqhCw58YbftVSyXT
X-Google-Smtp-Source: ANB0VdY/14TkBl7JQZ1KRriHbfzPQQ2tvrNPQI7v4gY9NkvkdhhDE5is1PTblzFDtwVTGp9bCPbjQg==
X-Received: by 2002:a63:6283:: with SMTP id w125-v6mr2245152pgb.83.1535475211044; Tue, 28 Aug 2018 09:53:31 -0700 (PDT)
Received: from [10.31.79.28] ([96.72.181.209]) by smtp.gmail.com with ESMTPSA id o134-v6sm5175864pfg.74.2018.08.28.09.53.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Aug 2018 09:53:30 -0700 (PDT)
From: Dino Farinacci <farinacci@gmail.com>
Message-Id: <9BDCA5D2-01C6-41F0-BC04-7C1378675236@gmail.com>
Content-Type: multipart/mixed; boundary="Apple-Mail=_BB69CA2C-1A69-4FDF-BB7E-9DD708634236"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Tue, 28 Aug 2018 09:53:29 -0700
In-Reply-To: <CE7ECD23-E8A2-4D48-B752-0D246C02F27E@gmail.com>
Cc: draft-ietf-lisp-rfc6830bis.all@ietf.org, tsv-art@ietf.org, IETF Discussion Mailing List <ietf@ietf.org>, "lisp@ietf.org list" <lisp@ietf.org>
To: "Brian Trammell (IETF)" <ietf@trammell.ch>
References: <153538054829.30074.15428909912816972228@ietfa.amsl.com> <ED34F830-1FEF-42BB-BB6E-805D724AB339@gmail.com> <79FA52C8-94AC-43CE-B052-9F921A65E0D5@trammell.ch> <23680BD5-0DD3-4404-888D-D1C78A0A437D@gmail.com> <130902C2-9CEE-4931-8957-D32446723B89@trammell.ch> <CF5E3C7B-E492-4EE9-A2E6-A2D823C6610F@gmail.com> <1514B576-87FD-475F-B6C5-BBA1C2CA94ED@trammell.ch> <CE7ECD23-E8A2-4D48-B752-0D246C02F27E@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/Kd4jwtoeznEPXiFfLUshNH0ZprY>
Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-lisp-rfc6830bis-15
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2018 16:53:48 -0000

Here is the latest diff for -17.

Dino


> On Aug 28, 2018, at 9:49 AM, Dino Farinacci <farinacci@GMAIL.COM> wrote:
> 
>> I'd suggest inserting a new paragraph after paragraph 2 of section 5, something like:
>> 
>> 
>> NEW:
>> 
>> As LISP uses UDP encapsulation to carry traffic between ITRs and ETRs across the Internet, implementors should be aware of the provisions of [RFC8085], especially those given in section 3.1.11 on congestion control for UDP tunneling.
> 
> Consider it added to Section 5 “LISP Encapsulation Details”, last paragraph.
> 
>> 
>>>>>>>> (2) This is not transport-specific. Reading the document, it struck me that the
>>>>>>>> design of the protocol has a few inherently unsafe features related to the fact
>>>>>>>> that its wire image is neither confidentiality- nor integrity-protected. I
>>>>>>>> think that all of the potential DDoS and traffic focusing attacks I could come
>>>>>>>> up with in the hour I spent reviewing the document are indeed mentioned in the
>>>>>>>> security considerations section, but as the security considerations section
>>>>>>>> does not give any practical mitigation for dataplane overload attacks, it seems
>>>>>>>> to be saying that RLOC addresses shouldn't be Internet-accessible, which as I
>>>>>>>> understand it is not the point of LISP. I haven't seen a secdir review on this
>>>>>>>> document yet, but I'd encourage the authors to do everything it asks.
>>>>>>> 
>>>>>>> RFC 8061 goes along with RFC6830bis. It addresses data-plane confidentiality.
>>>>>> 
>>>>>> I haven’t read 8061 yet, but I probably should before continuing this thread.
>>>>>> 
>>>>>> I will say that I’m far less concerned about LISP header confidentiality than I am about LISP header integrity, given the opportunities for on-path meddling and off-path spoofing. If the common solution to both is something like sticking everything on the ITR-ETR path in IPSec then this is less of a concern.
>>>>> 
>>>>> Well RFC8061 does AEAD on the payload. All data *after* the LISP header.
>>>>> The encryption is a more integrated model than IPsec, so we can be more efficient by not using extra IP headers and extra control/key exchange protocols.
>>>> 
>>>> Okay, that's all well and good. The LISP header itself isn't integrity protected, though?
>>> 
>>> It is not, unless the outer UDP checksum is used. Which we suggest to be 0 and when NATs make it non-zero, ETRs ignore it.
>> 
>> Ah. Okay, so two things:
>> 
>> (1) By "integrity protection" I mean "cryptographic integrity protection", in the sense of "preventing on-path attackers or off-path spoofers from being able to influence ITR/ETR state through crafted LISP headers to the detriment of the traffic of others". Looking over 8061, it seems to only cover confidentiality of the data-plane payload, which is extremely useful but not sufficient to prevent these attacks.
> 
> Well at this point in the generation of LISP, the only text I think to mitigate LISP header corruption is to indicate that a LISP ITR can use an outer IPsec header if protection of the UDP and LISP headers need protection. Or is that not a strong enough statement?
> 
>> The attacks seem to be well enumerated in 6830bis, but the lack of a stated mitigation beyond "be careful" seems to suggest that the mitigation is "don't use LISP", which is of course less than desirable. I'm trying to understand whether the deployment scenarios envisioned for LISP make these attacks less likely (for instance, because the ITR/ETR path itself is generally cryptographically protected with its own outer tunnel), or whether this is something that this document (or a future companion to 8061) needs to worry about.
> 
> I think so because of 8061.
> 
>> (2) Checksums provide what I'd call "corruption protection". On "setting the outer UDP checksum to zero", please be aware that this may have undesirable interactions with IPv6 headers; see also section 3.4 (Checksum Guidelines) of 8085.
> 
> If we don’t go IPsec route, we go with the checksum route. What do you think? Meaning, that if LISP header protection is desiriable, use UDP checksums. 
> 
>> Thanks, cheers,
>> 
>> Brian
> 
> Thanks for the commentary and discussion,
> Dino
> 
>