[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures



On 18.1.2008, at 5.32, Sandy Murphy wrote:
Considering the BGP+TCP-MD5 is considered 'secure enough' by the
people around these days, while it is in truth about as secure as
sending data in envelopes made of clear plastic, I don't think this
system needs to be more ambitious if it means orders of magnitude
worse performance.
I lurk here occasionally, but I had to chime in on this one.

TCP MD5 protects the links between routers.  It does nothing at all,
de nada, zero, zip, about protecting what the routers
say.  (What's more, it is cryptographically unsophisticated and
outmoded.)

Yes.. This is what I was trying to point out, with a broken example.

Anyway, even with the admittedly broken key handling (static manual keying), broken protocol (replay attacks and such), and partially broken digest algorithm, it seems to be still working well enough. I haven't heard about any attacks against the BGP+TCP-MD5 really happening out there in the wild.

I'm not sure if this effort should aim for anything insanely complex and computationally expensive (global CA hierarchy is typically an example of that - there is only one that has been really deployed), as that's unlikely to work out in practise, but the downside of any piggybacking scheme is that _does_ need to be authenticated in some way, as it comes directly from potentially untrustworthy source. Attacks using that mechanism (traffic redirection/DoS/blackholing) seem both more desirable and easier to implement in practise than attacks on BGP (which is unavailable to be attacked for most people, I suppose).

Conclusion? I'd prefer to keep piggybacking out of the picture altogether, if security framework that it requires makes the solution more complex (and CA hierarchy is typically no-no if you want things to happen in real world anyway).

Cheers,

-Markus




--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg