https://www.linkedin.com/posts/shulman_inter-domain-routing-connects-the-dif... "We found that the current RPKI deployments are vulnerable - cyber criminals can disable RPKI in any network in the Internet. We evaluated such RPKI disabling attacks in the global Internet and found all the RPKI protected networks to be vulnerable. Often such attacks are extremely stealthy and do not trigger alerts. These attacks can be launched not only by governments, but also by cybercriminals and hackers. We are working with large network providers and registrars on mitigating the vulnerabilities in RPKI deployments. Nevertheless, until the RPKI in the global Internet is patched, we caution that the operators should use additional measures to ensure that they do not fall prey to prefix hijacks." Hmmmm. -Hank
Hank Nussbacher wrote on 18/02/2022 07:39:
We are working with large network providers and registrars on mitigating the vulnerabilities in RPKI deployments.
Has anyone from the RIPE NCC been in contact with this group? Nick
Hi Nick,
On 18 Feb 2022, at 09:53, Nick Hilliard <nick@foobar.org> wrote:
Hank Nussbacher wrote on 18/02/2022 07:39:
We are working with large network providers and registrars on mitigating the vulnerabilities in RPKI deployments.
Has anyone from the RIPE NCC been in contact with this group?
Nick
No, we haven’t. This also sparked our curiosity, so we’re trying to contact them. Kind regards, Nathalie Trenaman RIPE NCC
Hi all, It might be the case that the vulnerability is in the realm of disagreement with some design choices of the past, rather than a traditional CVE hole in one or more software packages. I found the following paper which touches upon the “assumed trust” aspect of RPKI in the relationship between Relaying Party and Trust Anchor(s). https://www.researchgate.net/publication/349045074_Privacy_Preserving_and_Re... I’m very interested in discussion about cross-signing schemes. Kind regards, Job
On Fri, Feb 18, 2022 at 4:09 AM Job Snijders via routing-wg < routing-wg@ripe.net> wrote:
Hi all,
It might be the case that the vulnerability is in the realm of disagreement with some design choices of the past, rather than a traditional CVE hole in one or more software packages.
I'd certainly hope that it isn't that you can just spoof the valid origin AS... I recently had someone come to me with this *shocking* discovery and ask about how to disclose it. This was the same person who alerted me to the also *shocking* discovery that longest-match wins, and so just twiddling local-pref doesn't save you. W
I found the following paper which touches upon the “assumed trust” aspect of RPKI in the relationship between Relaying Party and Trust Anchor(s).
https://www.researchgate.net/publication/349045074_Privacy_Preserving_and_Re...
I’m very interested in discussion about cross-signing schemes.
Kind regards,
Job --
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/routing-wg
-- Perhaps they really do strive for incomprehensibility in their specs. After all, when the liturgy was in Latin, the laity knew their place. -- Michael Padlipsky
Warren Kumari wrote on 18/02/2022 15:02:
This was the same person who alerted me to the also *shocking* discovery that longest-match wins, and so just twiddling local-pref doesn't save you.
Ye gods, do we have a CVE number for this? Nick
No, we don't, because then we'd have to more widely disclose the issue. Needs to be handled under extreme secrecy and embargoed disclosure while we design a mitigation... :-p W On Fri, Feb 18, 2022 at 9:11 AM Nick Hilliard <nick@foobar.org> wrote:
Warren Kumari wrote on 18/02/2022 15:02:
This was the same person who alerted me to the also *shocking* discovery that longest-match wins, and so just twiddling local-pref doesn't save you.
Ye gods, do we have a CVE number for this?
Nick
-- Perhaps they really do strive for incomprehensibility in their specs. After all, when the liturgy was in Latin, the laity knew their place. -- Michael Padlipsky
I'd certainly hope that it isn't that you can just spoof the valid origin AS...
I recently had someone come to me with this *shocking* discovery and ask about how to disclose it. This was the same person who alerted me to the also *shocking* discovery that longest-match wins, and so just twiddling local-pref doesn't save you.
the next one will be the shocking discovery that route origin validation is not meant to deter malicious attack. and rov will not fix world hunger either. folk need to get a grip. randy
Haya Shulman wrote on Linkedin:
The closely relevant developers are those of the different relying party implementations.
Looks like there's a good chance the disclosure process will be even more messed up then the last one. Lukas
It could also be that all 5 RIRs have trust roots for 0/0, so if you get a different RIR to sign with a different origin (including AS 0), that network is going to be unreachable at a lot of locations. Rubens On Fri, Feb 18, 2022 at 7:09 AM Job Snijders via routing-wg <routing-wg@ripe.net> wrote:
Hi all,
It might be the case that the vulnerability is in the realm of disagreement with some design choices of the past, rather than a traditional CVE hole in one or more software packages.
I found the following paper which touches upon the “assumed trust” aspect of RPKI in the relationship between Relaying Party and Trust Anchor(s).
https://www.researchgate.net/publication/349045074_Privacy_Preserving_and_Re...
I’m very interested in discussion about cross-signing schemes.
Kind regards,
Job --
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/routing-wg
Hello! On 2/18/22 9:54 AM, Nathalie Trenaman wrote:
Hi Nick,
On 18 Feb 2022, at 09:53, Nick Hilliard <nick@foobar.org> wrote:
Hank Nussbacher wrote on 18/02/2022 07:39:
We are working with large network providers and registrars on mitigating the vulnerabilities in RPKI deployments.
Has anyone from the RIPE NCC been in contact with this group?
Nick
No, we haven’t. This also sparked our curiosity, so we’re trying to contact them.
I also haven't known before so I'm trying to contact them as well. There is no info what part of RPKI infrastructure is affected and whether BIRD may be also vulnerable. Maria
On 18/02/2022 10:54, Nathalie Trenaman wrote:
Hi Nick,
On 18 Feb 2022, at 09:53, Nick Hilliard <nick@foobar.org> wrote:
Hank Nussbacher wrote on 18/02/2022 07:39:
We are working with large network providers and registrars on mitigating the vulnerabilities in RPKI deployments.
Has anyone from the RIPE NCC been in contact with this group?
Nick
No, we haven’t. This also sparked our curiosity, so we’re trying to contact them.
Haya posted on her Linkedin posting (3 hours ago) "RIPE NCC is on our list" in response to Ivo Dijkhuis asking "Dear Haya, we would certainly appreciate an invitation to that workshop." So I guess RIPE NCC needs to find out who within the NCC has been getting Haya's emails. Regards, Hank
Kind regards, Nathalie Trenaman RIPE NCC
Dear Hank,
On 18 Feb 2022, at 14:34, Hank Nussbacher <hank@interall.co.il> wrote:
On 18/02/2022 10:54, Nathalie Trenaman wrote:
Hi Nick,
On 18 Feb 2022, at 09:53, Nick Hilliard <nick@foobar.org> wrote:
Hank Nussbacher wrote on 18/02/2022 07:39:
We are working with large network providers and registrars on mitigating the vulnerabilities in RPKI deployments.
Has anyone from the RIPE NCC been in contact with this group?
Nick No, we haven’t. This also sparked our curiosity, so we’re trying to contact them.
Haya posted on her Linkedin posting (3 hours ago) "RIPE NCC is on our list" in response to Ivo Dijkhuis asking "Dear Haya, we would certainly appreciate an invitation to that workshop."
So I guess RIPE NCC needs to find out who within the NCC has been getting Haya's emails.
As I stated this morning, no-one within the RIPE NCC has received Haya’s e-mails, or any e-mails from this research group regarding this research. This is why our Senior Security Officer Ivo Dijkhuis posted that message. Kind regards, Nathalie Trenaman RIPE NCC
participants (9)
-
Hank Nussbacher -
Job Snijders -
Lukas Tribus -
Maria Matejka -
Nathalie Trenaman -
Nick Hilliard -
Randy Bush -
Rubens Kuhl -
Warren Kumari