Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

control: accepts beacons and path segment registrations from past or future #4538

Open
matzf opened this issue Jun 3, 2024 · 0 comments
Open
Labels
bug Something isn't working c/control i/learning op i/needs investigation Issues/proposals that need to be confirmed/explored

Comments

@matzf
Copy link
Contributor

matzf commented Jun 3, 2024

As far as I can tell from reading the control service code, there is no check that a beacon or path segment registration is from the distant past or future.
I've not yet attempted to verify this with a practical reproduction scenario.

Note that the lifetime of the path segment is enforced to be contained in the lifetime of the certificate signing the AS entry. As only certificates under an active TRC are considered, this somewhat limits the accepted range of timestamps (IIUC, a few days into the future, up to some months in the past).

Accepting a beacon or path segment with a timestamp in the past may be mostly benign; it won't have operational effects (I think), but it could potentially still be abused in attempts to falsify records that might be relevant to auditing.
Beacons/path segments with timestamp in the future will be inserted into the database, however, and will be preferred over current path segments. A temporary compromise or misconfiguration of a control service can thus "poison" all path databases with a path segment that is not yet valid.

When receiving beacons and path segment registrations, the control service should check that beacons / path segments that are currently valid. The check should account for some clock drift, on the order of the hop expiration granularity (~5.5 minutes), to ensure that we don't require finely synchronized clocks.

@matzf matzf added bug Something isn't working i/needs investigation Issues/proposals that need to be confirmed/explored labels Jun 3, 2024
@jiceatscion jiceatscion added i/good first issue Good for newcomers c/control i/learning op and removed i/good first issue Good for newcomers labels Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working c/control i/learning op i/needs investigation Issues/proposals that need to be confirmed/explored
Projects
None yet
Development

No branches or pull requests

2 participants