[Anima-signaling] Fwd: Re: GRASP issue 52: Insecure instance text
Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 17 August 2016 22:44 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima-signaling@ietfa.amsl.com
Delivered-To: anima-signaling@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 68B8612B074
for <anima-signaling@ietfa.amsl.com>; Wed, 17 Aug 2016 15:44:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3ZvglR5IM4lq for <anima-signaling@ietfa.amsl.com>;
Wed, 17 Aug 2016 15:44:04 -0700 (PDT)
Received: from mail-pa0-x244.google.com (mail-pa0-x244.google.com
[IPv6:2607:f8b0:400e:c03::244])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id A4AA912D5BF
for <anima-signaling@ietf.org>; Wed, 17 Aug 2016 15:44:04 -0700 (PDT)
Received: by mail-pa0-x244.google.com with SMTP id hh10so179394pac.1
for <anima-signaling@ietf.org>; Wed, 17 Aug 2016 15:44:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=subject:references:to:from:organization:message-id:date:user-agent
:mime-version:in-reply-to:content-transfer-encoding;
bh=oOoWheuoHci10QOsBADgkkjh/FsGg/4XFfkh56xXc0s=;
b=lwLFaRFRelFDZTwBx+rd3m0oOLxOlNiATuINqYR85kHBlGdxfpO/wmxufhyZ+ZJZ+k
hIiXEI7eNMUXHJYScaB6LBUifv7352JjSFzhfH6ARFLw2+eafRV/2d76R/z/NWq3scR3
iLOtwRBZqRvf8JQQnJL8b2gp176YTZJ3yy/jBW4a3Og4LvVWGEZVYZFIaURuhdSDvXOX
BBKDyh7DLbsUi62P4gTkHsEvv0PYuARA+EBBA309fMYFDG0poazRyVHr5WEI7aVv3LEO
Dc1XjGy3le15WjLeRsqmzHxWjT8MOFAWaM/zKuTTBuI3CwVeGR77fffekdilh9l9whfu
dJwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:subject:references:to:from:organization
:message-id:date:user-agent:mime-version:in-reply-to
:content-transfer-encoding;
bh=oOoWheuoHci10QOsBADgkkjh/FsGg/4XFfkh56xXc0s=;
b=M7W+xHjaixIHxYD5P4/y1Wv4dSrJd8pB5lJU2QrHGllGsHZPp1bXIo7jx/G5MvBQt1
bdeheov85pc+r9QJQW15JSB6uwi1NqLQChEJSXd9+srkMGrlsVTf9bLPefs8SABDH0xW
jJKbNDATNOWxNheqJUi0AslJXEXEe19guxJVVuLow7osDwx+225CHm6QLcMNFwrJi5XI
7w4IodyrdPHURY5y4ucACpQLHKPh1K0lWUpT/6qRKRv1ae2uxkKL/KUl7ZbKOAlwc+GV
55Zuw3CnLfvOZZOqjygYkMlNHYjcRD5ajtit2mwMQrzL3BlCkIWLUQQTUlFvNoOO1BUm
/RVg==
X-Gm-Message-State: AEkoouuzq2/v29AfmnMPD4bk9rx6hWMNUZZNQsHUcDx1EWn78+5Uxrh6iQUe5+E7EmYSTA==
X-Received: by 10.66.88.73 with SMTP id be9mr26872552pab.121.1471473844119;
Wed, 17 Aug 2016 15:44:04 -0700 (PDT)
Received: from ?IPv6:2406:e007:6d22:1:28cc:dc4c:9703:6781?
([2406:e007:6d22:1:28cc:dc4c:9703:6781])
by smtp.gmail.com with ESMTPSA id e72sm49589442pfb.49.2016.08.17.15.44.01
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 17 Aug 2016 15:44:03 -0700 (PDT)
References: <9d8a40ff-f646-c745-c77f-da4682704b21@gmail.com>
To: Max Pritikin <pritikin@cisco.com>,
Anima signaling DT <anima-signaling@ietf.org>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
X-Forwarded-Message-Id: <9d8a40ff-f646-c745-c77f-da4682704b21@gmail.com>
Message-ID: <44fa4245-7c07-4175-c5fb-f1bff474e844@gmail.com>
Date: Thu, 18 Aug 2016 10:44:07 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <9d8a40ff-f646-c745-c77f-da4682704b21@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-signaling/vBXt471dADE7Kzo-_vWJBaSn7cU>
Subject: [Anima-signaling] Fwd: Re: GRASP issue 52: Insecure instance text
X-BeenThere: anima-signaling@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the signaling design team of the ANIMA WG
<anima-signaling.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-signaling>,
<mailto:anima-signaling-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-signaling/>
List-Post: <mailto:anima-signaling@ietf.org>
List-Help: <mailto:anima-signaling-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-signaling>,
<mailto:anima-signaling-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2016 22:44:15 -0000
Oops, I'm not sure Max will have seen this. Waiting for comments.
Brian
-------- Forwarded Message --------
Subject: Re: [Anima-signaling] GRASP issue 52: Insecure instance text
Date: Wed, 3 Aug 2016 14:42:02 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
To: Toerless Eckert <eckert@cisco.com>
CC: Anima signaling DT <anima-signaling@ietf.org>
OK, here is what I got from Max's notes and the discussion with
Toerless. This is a new section proposed for the GRASP spec. (It also
covers Issue 49.) Comments?
Brian
3.3.2. Limited Security Instances
This section describes three cases where additional instances of
GRASP are appropriate.
1) As mentioned in Section 3.2, some GRASP operations might be
performed across an administrative domain boundary by mutual
agreement. Such operations MUST be confined to a separate instance
of GRASP with its own copy of all GRASP data structures. Messages
MUST be authenticated and SHOULD be encrypted. TLS is RECOMMENDED
for this purpose.
2) During initialisation, before a node has joined the applicable
trust infrastructure, [I-D.ietf-anima-bootstrapping-keyinfra], it is
impossible to secure messages. Thus, the security bootstrap process
needs to use insecure GRASP discovery, response and flood messages.
Such usage MUST be limited to link-local operations and MUST be
confined to a separate insecure instance of GRASP with its own copy
of all GRASP data structures. This instance is nicknamed DULL -
Discovery Unsolicited Link Local.
The detailed rules for the DULL instance of GRASP are as follows:
o An initiator MUST only send Discovery or Flood Synchronization
link-local multicast messages with a loop count of 1. A
responder MAY send a Discovery Response message. Other GRASP
message types MUST NOT be sent.
o A responder MUST silently discard any message whose loop count is
not 1.
o A responder MUST silently discard any message referring to a GRASP
Objective that is not directly part of the bootstrap creation
process.
o A responder MUST NOT relay any multicast messages.
o A Discovery Response MUST indicate a link-local address.
o A Discovery Response MUST NOT include a Divert option.
o A node MUST silently discard any message whose source address is
not link-local.
3) During ACP formation [I-D.ietf-anima-autonomic-control-plane], a
separate instance of GRASP is used, with unicast messages secured by
TLS, and with its own copy of all GRASP data structures. This
instance is nicknamed SONN - Secure Only Neighbor Negotiation.
The detailed rules for the SONN instance of GRASP are as follows:
o Any type of GRASP message MAY be sent.
o An initiator MUST send any Discovery or Flood Synchronization
link-local multicast messages with a loop count of 1.
o A responder MUST silently discard any Discovery or Flood
Synchronization message whose loop count is not 1.
o A responder MUST silently discard any message referring to a GRASP
Objective that is not directly part of the ACP creation process.
o A responder MUST NOT relay any multicast messages.
o A Discovery Response MUST indicate a link-local address.
o A Discovery Response MUST NOT include a Divert option.
o A node MUST silently discard any message whose source address is
not link-local.
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Max Pritikin (pritikin)
- [Anima-signaling] Fwd: Re: GRASP issue 52: Insecu… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Toerless Eckert
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Brian E Carpenter
- Re: [Anima-signaling] GRASP issue 52: Insecure in… Toerless Eckert
- [Anima-signaling] GRASP issue 52: Insecure instan… Brian E Carpenter