Hi all,
I think I found an issue with draft-ietf-sidr-bgpsec-protocol-13's
security guarantees. Apologies that I didn't catch this earlier, before
WGLC ended.
The security guarantee with the issue is in section 7.1, "For each AS
in the path, a BGPsec speaker authorized by the holder of the AS number
intentionally chose (in accordance with local policy) to propagate the
route advertisement to the subsequent AS in the path."
It appears that this guarantee will not always hold. Specifically, if
two non-adjacent ASes conspire, and they are separated by a sequence of
ASes that sign path data that they have not verified, then the
conspiring ASes can violate the guarantee. The ASes that signed path
data they didn't verify are behaving properly, since the spec says "In
particular, the BGPsec attribute SHOULD NOT be removed even in the case
where the BGPsec update message has not been that has not successfully
validated." I have not yet been able to come up with a practical attack
that uses this issue to do anything particularly bad, but I am concerned
that one might exist.
I think this problem might be fixed if we modify the protocol to sign
all of the preceding signed data (rather than just the immediate,
previous signature).
Thoughts?
--
David Eric Mandelberg / dseomn
http://david.mandelberg.org/
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
