Christian Huitema <huit...@huitema.net> wrote: > How do you know that a specific URL is a rollback? It looks easy when > the example say "revision1" and "revision2", but I am sure there are > cases where you cannot tell by just looking at the URL. You may be able > to download the "old" and "new" URL, and check the date of the > signature. But then, please describe the process so implementers are > not confused.
I've added some text to explain this rollback attack. Attackers can only change the URL, they can't change the content of the file on the server, so I don't really have to worry about situations where the contents of the file have changed. I agree that if we use HTTP links that an active on-path attacker on the Internet side of the MUD manager could substitute old files and old files. This could be done with a DNS poisoning attack. Use DNSSEC or use HTTPS links? I don't feel that explaining this attack is worthwhile, do you? https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-acceptable-urls/pull/5/files One problem with these small changes is that malware could still express a MUD file that was previously valid, but which should no longer considered accurate. This is a rollback attack. This might result in the malware being able to reach destinations that turned out to be a mistake; a security fault. In order to combat, this, MUD managers SHOULD keep track of the list of MUD-URLs that they have successfully retrieved, and if a device ever suggests a URL that was previously used, then the MUD manager should suspect that is a rollback attack. MUD managers are not typically not particularily constrained, and while the list of URLs could grow without bound, it is unlikely to be a burden. A site with thousands of similar devices could keep a common list of URLs. -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg