Re: [Anima-signaling] GRASP issue 52: Insecure instance text
Toerless Eckert <eckert@cisco.com> Tue, 02 August 2016 11:54 UTC
Return-Path: <eckert@cisco.com>
X-Original-To: anima-signaling@ietfa.amsl.com
Delivered-To: anima-signaling@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 0A38E12D556
for <anima-signaling@ietfa.amsl.com>; Tue, 2 Aug 2016 04:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.808
X-Spam-Level:
X-Spam-Status: No, score=-15.808 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01,
RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001,
USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id RFQCR6BKHxL9 for <anima-signaling@ietfa.amsl.com>;
Tue, 2 Aug 2016 04:54:39 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76])
(using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id E138212D544
for <anima-signaling@ietf.org>; Tue, 2 Aug 2016 04:54:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=cisco.com; i=@cisco.com; l=3109; q=dns/txt; s=iport;
t=1470138878; x=1471348478;
h=date:from:to:cc:subject:message-id:references:
mime-version:in-reply-to;
bh=tFzVWA/1m5Kq5QgFVPoJ56GlVXLCRqcdJZ1yRu7OfPY=;
b=Snc6ObkkrDa1O63MTpEyVL4IBehHgf6bT/dCgY0Kya/NTdqGdwzEwalW
RY6JgdpyC02aODyNzXO68xX3AnsJFf3mXZ44i7CUcMpSQtNbFNRRCkftY
vKLCbO6YCiurgUtyEHzqMpuC3w49YOhuYFDCxaBQ5Y+8xOqkiSZHwjcPx U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BNAgAziaBX/4QNJK1cg0VWfLkpgX0kh?=
=?us-ascii?q?XkCgTk4FAEBAQEBAQFdJ4ReAQEEAQEBODQLBQsLGAklDwUTNhOIKQgOwCUBAQE?=
=?us-ascii?q?BAQEBAQEBAQEBAQEBAQEBAQEXBYp3h2yCLwWPC4oojnUKjz+MMIN3HjaCEhyBb?=
=?us-ascii?q?BwyiBcBAQE?=
X-IronPort-AV: E=Sophos;i="5.28,460,1464652800"; d="scan'208";a="133265677"
Received: from alln-core-10.cisco.com ([173.36.13.132])
by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA;
02 Aug 2016 11:54:36 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121])
by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u72Bsasr000809
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
Tue, 2 Aug 2016 11:54:36 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1])
by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id u72BsaUD025537;
Tue, 2 Aug 2016 04:54:36 -0700
Received: (from eckert@localhost)
by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id u72Bsauq025536;
Tue, 2 Aug 2016 04:54:36 -0700
Date: Tue, 2 Aug 2016 04:54:36 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <20160802115436.GB21039@cisco.com>
References: <fbc9727c-c4c0-1cd1-b015-382c33a5a90a@gmail.com>
<20160801092907.GV21039@cisco.com>
<96d3a8f9-eca8-ed02-eff2-a0f586e8bea3@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <96d3a8f9-eca8-ed02-eff2-a0f586e8bea3@gmail.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-signaling/Jwo9DExfYb5Mx0h9CN76JO5yjpw>
Cc: Anima signaling DT <anima-signaling@ietf.org>
Subject: Re: [Anima-signaling] GRASP issue 52: Insecure instance text
X-BeenThere: anima-signaling@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the signaling design team of the ANIMA WG
<anima-signaling.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-signaling>,
<mailto:anima-signaling-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-signaling/>
List-Post: <mailto:anima-signaling@ietf.org>
List-Help: <mailto:anima-signaling-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-signaling>,
<mailto:anima-signaling-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2016 11:54:41 -0000
On Tue, Aug 02, 2016 at 02:26:51PM +1200, Brian E Carpenter wrote:
> > SONN - Secure Only Neighbor Negotiation
> > For use when negotiating (securely) an ACP channgel:
> > loopcount=1 only. All messages permitted.
>
> Does that really need to be a separate instance? It can be controlled
> completely via the API.
How ? How would i inhibit that anything but the ACP-negotiation (TBD) objective
is going to be offered ? Lets assume inside the ACP the nodes do have
a bunch of other objectives they offer.
Also: Assume i have between two ACP nodes two parallel links, and the nodes
do have on both links the same link-local IPv6 addresses. For Objectives
of the ACP instnce of GRASP i do not care about those link-local addresses,
all ACP objectives should be bound to the routeable ULA off the AN node.
But when setting up the ACP in parallel across both links, then that has
to use the link-local addresses. Which would be overlapping.
This problem is solved for free when we define those ACP setup GRASP to be
separate instances on every interface in the same way as the DULL (insecure)
instances are.
Cheers
Toerless
> Regards
> Brian
>
> On 01/08/2016 21:29, Toerless Eckert wrote:
> > Maybe Max has more details, he did take some notes.
> >
> >>From my side:
> >
> > - Define different "Modes" of GRASP, where each Mode has
> > specific limitation (or none). Every Instance of GRASP has a particular Mode:
> >
> > DULL - Discovery Unsolicited Link Local
> >
> > This is the "insecure" mode, aka: Only Unsolicited Link Local Discovery Response
> > Messages are permitted. Loop Count = 1. No redirects are permitted.
> >
> > (i don't think we need to constrain the announcements further to only bootstrap
> > proxy etc. This should be nicely reuseable for any similar announcements, not
> > only bootstrap proxy).
> >
> > FULL - Instance inside ACP. No restrictions.
> >
> > SONN - Secure Only Neighbor Negotiation
> > For use when negotiating (securely) an ACP channgel:
> > loopcount=1 only. All messages permitted.
> >
> > Cheers
> > Toerless
> >
> > On Mon, Aug 01, 2016 at 09:01:56AM +1200, Brian E Carpenter wrote:
> >> Hi,
> >>
> >> Here's another issue for design team comments.
> >>
> >> I have a specific request from the bootstrap team to described in detail
> >> what is allowed and disallowed in an insecure instance of GRASP. The idea is
> >> that during bootstrap a separate instance of GRASP will run in its own memory
> >> space, such that it cannot contaminate the normal secure instance. For example
> >> it will have its own discovery cache. I will work on the text as soon as
> >> possible, based on some input from Max Pritikin. Any input welcome.
> >>
> >> Regards
> >> Brian
> >>
> >> _______________________________________________
> >> Anima-signaling mailing list
> >> Anima-signaling@ietf.org
> >> https://www.ietf.org/mailman/listinfo/anima-signaling
> >
--
---
Toerless Eckert, eckert@cisco.com
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Max Pritikin (pritikin)
- [Anima-signaling] Fwd: Re: GRASP issue 52: Insecu… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Toerless Eckert
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Toerless Eckert
- [Anima-signaling] GRASP issue 52: Insecure instan… Brian E Carpenter