Re: [Anima-signaling] GRASP issue 52: Insecure instance text
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 02 August 2016 20:52 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima-signaling@ietfa.amsl.com
Delivered-To: anima-signaling@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 5FE4312D959
for <anima-signaling@ietfa.amsl.com>; Tue, 2 Aug 2016 13:52:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 2QSHJaoAn6b1 for <anima-signaling@ietfa.amsl.com>;
Tue, 2 Aug 2016 13:52:22 -0700 (PDT)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com
[IPv6:2607:f8b0:400e:c00::22e])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 61CAF12D8C5
for <anima-signaling@ietf.org>; Tue, 2 Aug 2016 13:52:21 -0700 (PDT)
Received: by mail-pf0-x22e.google.com with SMTP id x72so69806447pfd.2
for <anima-signaling@ietf.org>; Tue, 02 Aug 2016 13:52:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=subject:to:references:cc:from:organization:message-id:date
:user-agent:mime-version:in-reply-to:content-transfer-encoding;
bh=0uVjST5B2Y6n11bDhJpQ0fdGZSSv0uMaXpYl9ZNA8H0=;
b=TGIO40EasdsM7GReDap6V+EUfWLs7OrBmQ3w5QKTPMKBYaGV4L7bY/9ELbLgI+sPK9
TGS+Q0n+4UOAYU3loJn0NQAEP4FULV8EbdGBueSkPt4Batt5vugxD8TW0BONPndKpIwI
r0Vntv1Kc1k+pj2A4namSm/o+3PnGHAi7Ytkz8l+y5JJvJLEjNYT2KTI+wG3dm6g/lq9
XySm7OZDRv/EEAZyvEIoaJ01Gd3WW4ciBfuC290vPaYvGluDCs7fF2tL2QSVU991uD4g
F7OBQavZMCJyKqJ1E6Hzp+Xcr1MUOSbOt8zRRDlhGf/xcf6RA9p1UcPrKennOSXv2v87
iEHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:subject:to:references:cc:from:organization
:message-id:date:user-agent:mime-version:in-reply-to
:content-transfer-encoding;
bh=0uVjST5B2Y6n11bDhJpQ0fdGZSSv0uMaXpYl9ZNA8H0=;
b=QQX8sSW7DS7f1nBCMXIOlsMunMYZtv21nLuOHluyKPl6DzfxH21riRL8Fm5qpTkH23
1/FqGXuMxxaC1wXdXGoWJr/EOnycI94JSsbxDKwfcGT38CwcTRG1u28aOFwC+9S0F+Zf
sMUNT1ZVpxSS8L3bjcOKdBzUoEMSUDTkXFY4N8pdgiq1FUQuG/L8ua9LBlq66+lgn6qJ
sia7AXR+yXDMo3S9LsL1Uujyo0Kh5Kd9Z/qm8H34UpdvVhwAgKLMCUmbkeqijmLyTH5b
fWCA8hRvGPVt2uEsIhNwh6JPf3CcP6ZilENqlT/sm7wLy1uFKMPO0iVgZwD7aJhjhTUh
ctvA==
X-Gm-Message-State: AEkoout5H4pWTMB8bk5tg1fPqc+DOntIba7YnDDIz/33vBfeHVREw1gY7UAxr0LlD7GnNg==
X-Received: by 10.98.90.133 with SMTP id o127mr109049104pfb.61.1470171140783;
Tue, 02 Aug 2016 13:52:20 -0700 (PDT)
Received: from [192.168.178.23] ([118.148.76.250])
by smtp.gmail.com with ESMTPSA id y3sm6917350pfd.65.2016.08.02.13.52.18
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 02 Aug 2016 13:52:19 -0700 (PDT)
To: Toerless Eckert <eckert@cisco.com>
References: <fbc9727c-c4c0-1cd1-b015-382c33a5a90a@gmail.com>
<20160801092907.GV21039@cisco.com>
<96d3a8f9-eca8-ed02-eff2-a0f586e8bea3@gmail.com>
<20160802115436.GB21039@cisco.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <93718cdd-4906-418b-ce5c-ef7113b51df4@gmail.com>
Date: Wed, 3 Aug 2016 08:52:22 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <20160802115436.GB21039@cisco.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-signaling/Y85DzxVJT0pghFV_TRNuVl55oww>
Cc: Anima signaling DT <anima-signaling@ietf.org>
Subject: Re: [Anima-signaling] GRASP issue 52: Insecure instance text
X-BeenThere: anima-signaling@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the signaling design team of the ANIMA WG
<anima-signaling.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-signaling>,
<mailto:anima-signaling-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-signaling/>
List-Post: <mailto:anima-signaling@ietf.org>
List-Help: <mailto:anima-signaling-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-signaling>,
<mailto:anima-signaling-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2016 20:52:24 -0000
On 02/08/2016 23:54, Toerless Eckert wrote:
> On Tue, Aug 02, 2016 at 02:26:51PM +1200, Brian E Carpenter wrote:
>>> SONN - Secure Only Neighbor Negotiation
>>> For use when negotiating (securely) an ACP channgel:
>>> loopcount=1 only. All messages permitted.
>>
>> Does that really need to be a separate instance? It can be controlled
>> completely via the API.
>
> How ? How would i inhibit that anything but the ACP-negotiation (TBD) objective
> is going to be offered ? Lets assume inside the ACP the nodes do have
> a bunch of other objectives they offer.
When do you expect to use this instance? Only when a node initially joins
the ACP, or at any time (e.g. if a new link comes up)?
> Also: Assume i have between two ACP nodes two parallel links, and the nodes
> do have on both links the same link-local IPv6 addresses. For Objectives
> of the ACP instnce of GRASP i do not care about those link-local addresses,
> all ACP objectives should be bound to the routeable ULA off the AN node.
> But when setting up the ACP in parallel across both links, then that has
> to use the link-local addresses. Which would be overlapping.
Well, they should always be distinguished by the interface ID; that is always
available in the socket interface*. So I think you can have one instance that
handles all interfaces.
*However, the way you discover it is different in Posix and Winsock.
> This problem is solved for free when we define those ACP setup GRASP to be
> separate instances on every interface in the same way as the DULL (insecure)
> instances are.
Well, you still need to discover which interfaces you have, before you create
those instances. So I'm not convinced there is any benefit in one instance
per interface.
Rgds,
Brian
>
> Cheers
> Toerless
>
>> Regards
>> Brian
>>
>> On 01/08/2016 21:29, Toerless Eckert wrote:
>>> Maybe Max has more details, he did take some notes.
>>>
>>> >From my side:
>>>
>>> - Define different "Modes" of GRASP, where each Mode has
>>> specific limitation (or none). Every Instance of GRASP has a particular Mode:
>>>
>>> DULL - Discovery Unsolicited Link Local
>>>
>>> This is the "insecure" mode, aka: Only Unsolicited Link Local Discovery Response
>>> Messages are permitted. Loop Count = 1. No redirects are permitted.
>>>
>>> (i don't think we need to constrain the announcements further to only bootstrap
>>> proxy etc. This should be nicely reuseable for any similar announcements, not
>>> only bootstrap proxy).
>>>
>>> FULL - Instance inside ACP. No restrictions.
>>>
>>> SONN - Secure Only Neighbor Negotiation
>>> For use when negotiating (securely) an ACP channgel:
>>> loopcount=1 only. All messages permitted.
>>>
>>> Cheers
>>> Toerless
>>>
>>> On Mon, Aug 01, 2016 at 09:01:56AM +1200, Brian E Carpenter wrote:
>>>> Hi,
>>>>
>>>> Here's another issue for design team comments.
>>>>
>>>> I have a specific request from the bootstrap team to described in detail
>>>> what is allowed and disallowed in an insecure instance of GRASP. The idea is
>>>> that during bootstrap a separate instance of GRASP will run in its own memory
>>>> space, such that it cannot contaminate the normal secure instance. For example
>>>> it will have its own discovery cache. I will work on the text as soon as
>>>> possible, based on some input from Max Pritikin. Any input welcome.
>>>>
>>>> Regards
>>>> Brian
>>>>
>>>> _______________________________________________
>>>> Anima-signaling mailing list
>>>> Anima-signaling@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/anima-signaling
>>>
>
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Max Pritikin (pritikin)
- [Anima-signaling] Fwd: Re: GRASP issue 52: Insecu… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Toerless Eckert
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Toerless Eckert
- [Anima-signaling] GRASP issue 52: Insecure instan… Brian E Carpenter