Re: [OPSAWG] Last Call Review of draft-ietf-opsawg-mud-acceptable-urls-10

Thu, 29 Feb 2024 16:38:21 -0800 

Christian Huitema <huit...@huitema.net> wrote:
    > How do you know that a specific URL is a rollback? It looks easy when
    > the example say "revision1" and "revision2", but I am sure there are
    > cases where you cannot tell by just looking at the URL. You may be able
    > to download the "old" and "new" URL, and check the date of the
    > signature. But then, please describe the process so implementers are
    > not confused.

I've added some text to explain this rollback attack.
Attackers can only change the URL, they can't change the content of the file
on the server, so I don't really have to worry about situations where the
contents of the file have changed.

I agree that if we use HTTP links that an active on-path attacker on the
Internet side of the MUD manager could substitute old files and old files.
This could be done with a DNS poisoning attack.  Use DNSSEC or use HTTPS links?
I don't feel that explaining this attack is worthwhile, do you?

https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-acceptable-urls/pull/5/files

  One problem with these small changes is that malware could still express a
  MUD file that was previously valid, but which should no longer considered
  accurate.
  This is a rollback attack.
  This might result in the malware being able to reach destinations that turned
  out to be a mistake; a security fault.
  In order to combat, this, MUD managers SHOULD keep track of the list of
  MUD-URLs that they have successfully retrieved, and if a device ever
  suggests a URL that was
  previously used, then the MUD manager should suspect that is a rollback 
attack.
  MUD managers are not typically not particularily constrained, and while the
  list of URLs could grow without bound, it is unlikely to be a burden.
  A site with thousands of similar devices could keep a common list of URLs.

--
Michael Richardson <mcr+i...@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

Attachment: signature.asc
Description: PGP signature

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to