Re: Last Call: <draft-ietf-sidr-bgpsec-threats-06.txt> (Threat Model for BGP Path Security) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 15:26 09-09-2013, The IESG wrote:
The IESG has received a request from the Secure Inter-Domain Routing WG
(sidr) to consider the following document:
- 'Threat Model for BGP Path Security'
  <draft-ietf-sidr-bgpsec-threats-06.txt> as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2013-09-23. Exceptionally, comments may be

I read this draft to find out whether we have met the enemy, and he is us [1].

The draft mentions PATHSEC in the Introduction section without explaining the term. I suggest using the following (edited) which is already in the Abstract:

  "The term PATHSEC is used to refer to any BGP path security
   technology that makes use of the RPKI."

According to Section 2 anyone or any thing can be an adversary. I would not use "threat" to determine "adversary" as motivation can change. I am not sure whether the average reader will understand the nuance. Please note that I am not suggesting any change.

In Section 3:

  'Hackers may be motivated by a desire for "bragging rights" or for
   profit or to express support for a cause.'

The above may be applicable for any person.

  "The staff could be motivated to do this based on political pressure
   from the nation in which the registry operates (see below)
   or due to criminal influence (see above)."

Wouldn't the profit angle also be applicable for registries? The above focuses on staff instead of the registry. Political pressure would apply for the organization (see definition of entity in Section 2).

  "Nations - A nation may be a threat.  A nation may control one or more
   network operators that operate in the nation, and thus can cause them
   to act as rogue network operators."

The are also network operators that operate outside the nation. That can be used to get the operator to act as a dishonest network operator outside the nation.

 "A nation may have a technical active wiretapping capability (e.g.,
  within its territory) that enables it to effect MITM attacks on
  inter-network traffic.  (This capability may be facilitated by
  control or influence over a telecommunications provider operating
  within the nation.)"

There is an emphasis that this (the nation) threat only applies within the territory. There is a sentence after the quoted text that the nation has the ability to take control in other countries. Would a reference to NSL be appropriate in that paragraph?

In Section 4.2:

  "False (Route) Origination: A router might originate a route for a
   prefix, when the AS that the router represents is not authorized
   to originate routes for that prefix.  This is an attack, but it is
   addressed by the use of the RPKI [RFC6480]."

Wouldn't the way to address the attack open the way for other attacks (see Section 3)?

In Section 4.5:

  "Some adversaries might effect an attack on a CA by violating
   personnel or physical security controls as well. The distinction
   between CA as adversary vs. CA as an attack victim is important.
   Only in the latter case should one expect the CA to remedy problems
   caused by a attack once the attack has been detected.  (If a CA
   does not take such action, the effects are the same as if the
   CA is an adversary.)"

I gather that the CA would have a CPS and that CPS would take into consideration the possible attacks and describe the measures to prevent them. The above looks at it from an after-the-fact perspective; i.e. once the damage is done, action is taken.

This draft is well-thought. There's a cryptography angle to one of the references. I wondered about the why for that reference.

Regards,
-sm

1. The explanation was that "each individual is wholly involved in the democratic process, work at it or no. The results of the process fall on the head of the public and he who is recalcitrant or procrastinates in raising his voice can blame no one but himself".




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]