[Anima-signaling] 2 day last call on SONN constrained instance
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 12 December 2016 19:08 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima-signaling@ietfa.amsl.com
Delivered-To: anima-signaling@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8689B129704 for <anima-signaling@ietfa.amsl.com>; Mon, 12 Dec 2016 11:08:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fsu1q-bDX6OF for <anima-signaling@ietfa.amsl.com>; Mon, 12 Dec 2016 11:08:39 -0800 (PST)
Received: from mail-pf0-x232.google.com (mail-pf0-x232.google.com [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A79CF1296C7 for <anima-signaling@ietf.org>; Mon, 12 Dec 2016 11:08:39 -0800 (PST)
Received: by mail-pf0-x232.google.com with SMTP id 189so13956489pfz.3 for <anima-signaling@ietf.org>; Mon, 12 Dec 2016 11:08:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=ChvcVWweEdFYLfoeFNftJE4StRsG43ab54j/+VWBbBY=; b=aAiXzUlZ/+KDDosOGSmGjIX40qRVtK6cVeqFp80DLRtq+cyvXCTz3T+rjb3yMkHM1O wV3a5wvreQtOd5PosaZCukzSe2X9Jn1pHV8FR0E2ZOqhVSoYQkm+LTqo+NYSdWNdqp2k /jbeDGjMrD5XWtoMGezR69SwiJ1Mv5+nyL/E5y7pczwjAhzuoOxcVyW/870RVUOmtjsq rJHLSkSp1/IPH7xFIJBjqLqMtTHWnhxyptDzK+1KsxYS+RRhBXf1kfblQqE5X1Deuryo CpPLOfpxb1ZRzYNAV8d/qX9zr10n+dzCS6v7qagbOAKC62rrDXGS/lSBpE3IFZkgBpt2 BtmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=ChvcVWweEdFYLfoeFNftJE4StRsG43ab54j/+VWBbBY=; b=SLL4fckK5KEA7FNs75w12GKs0StiIaopr04LVGk2GFEBmKr8YGJIgUKwKXV5t/Ea3V whiNEjOoBPkbzFXr0JAN5cxSiB7yay+LlGx12Nde+NRr3nfX0fdXTsISIqF+g3w4IgCT 2MjtODi/ENFbKVsVyoJHz9f3z8TUShyO283VGKtnDwLa4tt+CL4W799B6O9fThyNXrEO n8o9pglabLkd6Fr3wzArCtHkhDuWNzLykjgL+eloeq8XNWYmMryivkv0la61s4RW5Ujb WAMv5S2SDn7sjm4pGSbRQjL3aOPYbFMoKdmajrUyvdWhjeIyOMDx9QV7yeUYFH9Ve1QW wXRw==
X-Gm-Message-State: AKaTC03x6FANRlnU/Q2yuxgQudEcX3e2AV1MIPIQi1kYM13XXFLQ5/UbqJz3hzu/SqlY5w==
X-Received: by 10.99.170.79 with SMTP id x15mr169082222pgo.14.1481569718976; Mon, 12 Dec 2016 11:08:38 -0800 (PST)
Received: from ?IPv6:2406:e007:6fd6:1:28cc:dc4c:9703:6781? ([2406:e007:6fd6:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id x90sm77290713pfk.73.2016.12.12.11.08.37 for <anima-signaling@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Dec 2016 11:08:38 -0800 (PST)
To: Anima signaling DT <anima-signaling@ietf.org>
References: <d394fc61-edb7-eb3c-85fb-cd7c10fb2927@gmail.com> <2658.1480552478@obiwan.sandelman.ca> <d76de5d2-cf9f-09ef-653f-098d4c0a3ca0@gmail.com> <243c1ad6-47c4-9b19-1606-551a24fb0d8d@gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <b51e454e-da3f-64a9-8317-47ebffdb3791@gmail.com>
Date: Tue, 13 Dec 2016 08:08:39 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <243c1ad6-47c4-9b19-1606-551a24fb0d8d@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-signaling/Vuxjr6guTb-Sgfo7Ioz4jDoqOMY>
Subject: [Anima-signaling] 2 day last call on SONN constrained instance
X-BeenThere: anima-signaling@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the signaling design team of the ANIMA WG <anima-signaling.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-signaling>, <mailto:anima-signaling-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-signaling/>
List-Post: <mailto:anima-signaling@ietf.org>
List-Help: <mailto:anima-signaling-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-signaling>, <mailto:anima-signaling-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2016 19:08:41 -0000
Hi,
We need to move ahead with the GRASP draft. Therefore, I have reworked the
text in a way that doesn't remove the SONN description but does not make
it a requirement either. Please comment on the new version of the whole
section that follows. I'm going to take silence as consent 48 hours from now.
Regards
Brian
3.5.2. Constrained Instances
This section describes some examples of cases where additional
instances of GRASP subject to certain constraints are appropriate.
3.5.2.1. No ACP
As mentioned in Section 3.3, some GRASP operations might be performed
across an administrative domain boundary by mutual agreement, without
the benefit of an ACP. Such operations MUST be confined to a
separate instance of GRASP with its own copy of all GRASP data
structures. Messages MUST be authenticated and SHOULD be encrypted.
TLS [RFC5246] and DTLS [RFC6347] based on a Public Key Infrastructure
(PKI) [RFC5280] are RECOMMENDED for this purpose. Further details
are out of scope for this document.
3.5.2.2. Discovery Unsolicited Link-Local
Some services may need to use insecure GRASP discovery, response and
flood messages without being able to use pre-existing security
associations. Such operations being intrinsically insecure, they
need to be confined to link-local use to minimise the risk of
malicious actions. Possible examples include discovery of candidate
ACP neighbors [I-D.ietf-anima-autonomic-control-plane], discovery of
bootstrap proxies [I-D.ietf-anima-bootstrapping-keyinfra] or perhaps
initialisation services in networks using GRASP without being fully
autonomic (e.g., no ACP). Such usage MUST be limited to link-local
operations and MUST be confined to a separate insecure instance of
GRASP with its own copy of all GRASP data structures. This instance
is nicknamed DULL - Discovery Unsolicited Link-Local.
The detailed rules for the DULL instance of GRASP are as follows:
o An initiator MUST only send Discovery or Flood Synchronization
link-local multicast messages with a loop count of 1. A responder
SHOULD NOT send a Discovery Response message unless it cannot be
avoided. Other GRASP message types MUST NOT be sent.
o A responder MUST silently discard any message whose loop count is
not 1.
o A responder MUST silently discard any message referring to a GRASP
Objective that is not directly part of a service that requires
this insecure mode.
o A responder MUST NOT relay any multicast messages.
o A Discovery Response MUST indicate a link-local address.
o A Discovery Response MUST NOT include a Divert option.
o A node MUST silently discard any message whose source address is
not link-local.
GRASP traffic SHOULD be minimized by using only Flood Synchronization
to announce objectives and their associated locators, rather than by
using Discovery and Response. Further details are out of scope for
this document
3.5.2.3. Secure Only Neighbor Negotiation
Some services might use insecure on-link operations as in DULL, but
also use unicast synchronization or negotiation operations protected
by TLS. A separate instance of GRASP is used, with its own copy of
all GRASP data structures. This instance is nicknamed SONN - Secure
Only Neighbor Negotiation.
The detailed rules for the SONN instance of GRASP are as follows:
o Any type of GRASP message MAY be sent.
o An initiator MUST send any Discovery or Flood Synchronization
link-local multicast messages with a loop count of 1.
o A responder MUST silently discard any Discovery or Flood
Synchronization message whose loop count is not 1.
o A responder MUST silently discard any message referring to a GRASP
Objective that is not directly part of the service concerned.
o A responder MUST NOT relay any multicast messages.
o A Discovery Response MUST indicate a link-local address.
o A Discovery Response MUST NOT include a Divert option.
o A node MUST silently discard any message whose source address is
not link-local.
Further details, including TLS and PKI usage, are out of scope for
this document.
--
- [Anima-signaling] Next step on GRASP draft - feed… Brian E Carpenter
- Re: [Anima-signaling] Next step on GRASP draft - … Michael Richardson
- [Anima-signaling] SONN constrained instance Michael Richardson
- Re: [Anima-signaling] SONN constrained instance Brian E Carpenter
- Re: [Anima-signaling] Next step on GRASP draft - … Brian E Carpenter
- [Anima-signaling] Remove SONN constrained instanc… Brian E Carpenter
- [Anima-signaling] 2 day last call on SONN constra… Brian E Carpenter