IETF Logo Mail Archive

[babel] Early review on draft-ietf-babel-dtls ...

Antoni Przygienda <prz@juniper.net> Wed, 26 September 2018 21:37 UTC

Return-Path: <prz@juniper.net>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CBD9130DC0; Wed, 26 Sep 2018 14:37:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zpD0gYQL3Mw6; Wed, 26 Sep 2018 14:37:26 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABC481294D7; Wed, 26 Sep 2018 14:37:26 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w8QLZvn2019816; Wed, 26 Sep 2018 14:37:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=PPS1017; bh=nX9mFCrhk91KFWrPZUcP9pFigu+mwDRhitSAOp1Wihg=; b=B37zvpok4/uqWo+NXsEyktIcROZ8kXPNWVMb0Pf+/u2RjbHPYMpUBJgcuXRODmtXTsdB dH2dVeCcYM+KO42qLiwm5rVq8OXduAVLnf00cix3XNlFiP2207XfO0petm8tr6a7ujyJ lsx7x6GmapMymZS0yK/mr+EZO+c+x/nj8swyhZzj6YvqCFOCYVmHL+7RGcbGJptnrU+l 7Mm6D4E+O/evlJnnrasmsE47nAvsFm/JG0HoXy7kHTrI18InMwxaFOYgHpyvszlkGuoC T7OX3w8Df/isTJ/SWH10dMbiTEXaakSsqWySmycc3ITpFRdas3X4exXwmmuD32lwTWru fg==
Received: from nam01-by2-obe.outbound.protection.outlook.com (mail-by2nam01lp0175.outbound.protection.outlook.com [216.32.181.175]) by mx0a-00273201.pphosted.com with ESMTP id 2mrg6rg6j5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 26 Sep 2018 14:37:26 -0700
Received: from MWHPR05MB3279.namprd05.prod.outlook.com (10.173.230.18) by MWHPR05MB3310.namprd05.prod.outlook.com (10.174.174.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1185.12; Wed, 26 Sep 2018 21:37:24 +0000
Received: from MWHPR05MB3279.namprd05.prod.outlook.com ([fe80::b9e4:ccb1:66f8:1011]) by MWHPR05MB3279.namprd05.prod.outlook.com ([fe80::b9e4:ccb1:66f8:1011%5]) with mapi id 15.20.1185.019; Wed, 26 Sep 2018 21:37:24 +0000
From: Antoni Przygienda <prz@juniper.net>
To: "babel-wg-chairs@ietf.org" <babel-wg-chairs@ietf.org>
CC: "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "babel@ietf.org" <babel@ietf.org>
Thread-Topic: Early review on draft-ietf-babel-dtls ...
Thread-Index: AQHUVeEdQGSty3jDwkadC93ad3cNWQ==
Date: Wed, 26 Sep 2018 21:37:24 +0000
Message-ID: <AC0D10DA-6225-4441-9B08-5127689D4BE1@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.239.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR05MB3310; 6:uu2ANlz29emjm9f1KCFzCjBqv4XdeTiN3DeY+fvsjOZ3pG5W7vLlbKy52mBmbsRx/TgC/urK2+pkzRDqlGORpQbXdf3+FwJ2ig8fj3S7KN1lQwWtWlZ3mp/0GyNXn5mGp9tcrZOGbYBe+hcgRXpmZdz2w0BCf/mfkfjqPhAGFfpiyyDUmpSXoFp8ibtrBK2hCbbdRhdIQFZ7xdHlA4aeAjNHkeKlVltsxjAxJfyX8c37+GBd1s5pQ+6mW+teAdHJWA9KUnNVxY4s+BKQaYEMGhXniBMeN0WOocoMAa8ez/xMWdBBe9ACI4YQ0TNcph4hweXHLDEc/6HLZo6UbkJWl1aBYC7bDG3bwDNYbxXzMtVBolzrdNML1BLIvm+nz+Madd0xQ4sO5DP7X3TsaDKoobUEbhCO5At7nKkyoqyqoBBNGrg0SuwpsRRgJxDZA/G65mA1RLLKgCcA9TIeeLCiWw==; 5:9JGgoQrYAaoJnlYeV+7Uum3k6N+8KOGs4wxTGCTQ1S6abiZ3g+Z6F8Rot/i1gAPrW95L7TTBmWKeCyUpEyJ5vHMbrG10lR/K8Iosz6KRIMWEbecjxCAD3s0GOgAFCmQpLawSvnW91R85JrT+p0rDl4PjvBkCx0u8lSQw75Q/dVE=; 7:THwt6Bbe10IcEtRr/L0RaWpQIJ1/R6EfzCpLJp5IV8Nf7y+naoNCYgnWxHeqqyilJBMR2kWAb+JJQ7E8uUbmr00OxZfAGAVg7GGXMkz+KF2PcsE1Ya0j7Fs8f15wbM6qUtO0jHtTSeBoFiZl/9gA7uvl2ERSZUVPtZKr5JpL7y10Ph8+JK9M/jyva2MguB9R8DwUSKkFN6ZfmJBQeVWPX856v/TJuZfotO00ZbdEL9XCpUsXm5bPKSxJoPf1is8+
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 9badbd98-d5d0-4eb9-fff1-08d623f83f8b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:MWHPR05MB3310;
x-ms-traffictypediagnostic: MWHPR05MB3310:
x-microsoft-antispam-prvs: <MWHPR05MB33109E341A18CC72C1233429AC150@MWHPR05MB3310.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(192374486261705)(148717330147763)(21748063052155)(28532068793085)(190501279198761)(227612066756510);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231355)(944501410)(52105095)(3002001)(10201501046)(6055026)(149066)(150057)(6041310)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(201708071742011)(7699051); SRVR:MWHPR05MB3310; BCL:0; PCL:0; RULEID:; SRVR:MWHPR05MB3310;
x-forefront-prvs: 08076ABC99
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(346002)(366004)(396003)(376002)(189003)(199004)(51444003)(2906002)(58126008)(5640700003)(7736002)(25786009)(14444005)(6116002)(478600001)(97736004)(3846002)(5250100002)(8936002)(316002)(486006)(476003)(186003)(34290500001)(256004)(83716004)(81156014)(68736007)(71190400001)(2501003)(8676002)(71200400001)(2616005)(66066001)(26005)(102836004)(81166006)(4326008)(2900100001)(14454004)(36756003)(99286004)(450100002)(2351001)(82746002)(4743002)(6486002)(86362001)(54906003)(105586002)(6916009)(6306002)(5660300001)(106356001)(6512007)(54896002)(33656002)(6506007)(53936002)(6436002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR05MB3310; H:MWHPR05MB3279.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Sj4DUDJejRMJhl2ax1RJx36f9ifP4NGyyLAMQBmUEgzjVZ5zDqRUMLddRBYn5fFV87hj2CXwrOBZMIze7i6r1nV7gGos7C6mMWk+Li5yxGc0fBvJn1Fri5wPE3yYQq0OODX9ce0TVCb/L+FcXRohfTfCpyDcgsBMvlzAJP4KB+Pm/1aGFlZVS9kxqDJcdhcx7gIX87x3FusLcSb+o7xCuDL4eY2TTY63wLFaqg1AaG2mn/VLrkZF/QTBNxfJIPNzRmQGVKLltW9NhuVmXnKwnKZTHlIkfZ/AU80p1PmtgaDM3S4T3CTnWXXb/zvCi+8osLkWROTMteYCTCeL5ADspcbW62dxKbXhw/smmutuLQg=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AC0D10DA622544419B085127689D4BE1junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 9badbd98-d5d0-4eb9-fff1-08d623f83f8b
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2018 21:37:24.4036 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB3310
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-09-26_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809260202
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/cKA2BYaRP08UPgPSeIWp7K-ci6A>
Subject: [babel] Early review on draft-ietf-babel-dtls ...
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2018 21:37:29 -0000

I have been selected to do a routing directorate “early” review of this draft.
​https://datatracker.ietf.org/doc/draft-ietf-babel-dtls

Document: draft-ietf-babel-dtls
Reviewer: Tony Przygienda
Intended Status: STD
Summary:
Choose from this list...

  *   I have some minor concerns about this document that I think should be resolved before it is submitted to the IESG. Concerns are not defects but basically request for some clarification in document and reconsideration on minor issues
Comments:

·         Draft makes inherent sense, of significance for future work in the routing area IMO for other protocols if the security requirements for routing keep on tightening

·         I think that the draft will benefit from an explicit justification why I solution based on SHA-1 cannot satisfy the security profile desired. Reading the draft I assumed that the main requirement was confidentiality which was incorrect. Discussions with the authors let to quite interesting insights that should be captured in the draft IMO.

·          The section explaining that all the babel frames must be unicast with DTLS could benefit from a small rewrite to read easier

·         I recommend the authors to rethink where they want to change base spec babel MTU by a hard offset. Even the DTLS can evolve in a Backwards compatible manner changing sizes. From experience with tunnels and routing protocols it may be better  to just keep the original spec and imply than an implementation supporting DTLS has to deal with the according size overhead

thanks

--- tony

v2.23.0 | Report a Bug | By Email