On Nov 13, 2016, at 1:40 AM, Alvaro Retana (aretana) <aret...@cisco.com> wrote:
> C1. The reference to rfc7607 should be Informative.
Done (in -10 candidate source).
> C2. [Major] Security Considerations. I think that there is one consideration
> that should be mentioned in this section: Given that the largest value is
> preferred (2 = invalid), there is an attack vector where a router in the path
> (yes, even an internal router) can inject a community indicating that the
> route is invalid; the communities are not protected. This action could
> result in inconsistent routing or in even a DoS. I know the document is not
> explicit about what to do with the validation state (which is ok), but the
> clear intention (from rfc6811 and rfc7115) is that it will be used to make
> routing decisions. Please add some text about this potential issue.
I started to write something about this and then realized I don't understand
what you mean. At first I thought you were saying that an attacker that can
forge an OV community can bias route selection. While this is true of course,
it's also not unique to OV (Localpref has this property for example). It
probably wouldn't be hard to write a sentence to summarize this, if necessary.
However, you specifically refer to the invalid state: "a router in the path ...
can inject a community indicating that the route is invalid". This makes me
think you think there's something special about "invalid", and I don't know
what it is. You also say something about the sorting order, which I'm also not
sure why that would matter.
As far as I can tell, injecting "a community indicating that the route is
invalid" is kind of boring attack -- it just makes the route less likely to be
selected by the downstream router. The "bad" router could also just fail to
propagate the route at all ("underclaiming") making it flat-out impossible for
the downstream to select it, or could use any number of other path attribute
manipulations (Localpref, AS path, etc) to make the route less preferable. Are
you suggesting there is some fancier attack than this, or are you just asking
us to acknowledge BGP doesn't work very well in the face of an on-path attacker?
By all means, if anyone has text to send, do.
Thanks,
--John
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
