Re: [CCAMP] Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)
Alvaro Retana <aretana.ietf@gmail.com> Fri, 01 December 2017 18:33 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: ccamp@ietfa.amsl.com
Delivered-To: ccamp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 396CE127873; Fri, 1 Dec 2017 10:33:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P_S3bL_oRGYc; Fri, 1 Dec 2017 10:33:51 -0800 (PST)
Received: from mail-ot0-x242.google.com (mail-ot0-x242.google.com [IPv6:2607:f8b0:4003:c0f::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 982F712762F; Fri, 1 Dec 2017 10:33:51 -0800 (PST)
Received: by mail-ot0-x242.google.com with SMTP id j2so9791433ota.13; Fri, 01 Dec 2017 10:33:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=TJ15yTka8tEY3ZpftwtEoh9wVISp1Fomr7HC5YSflZQ=; b=QDk6mwjgppcWnN+qoFdbFR0/ksFnQMAKVtr0UUSbQciDACCgb5OBkqeJhRwrKhVtVg CnO7Ue23E1zW9lUyFbyzT8FNxJ3YbbFx7jJShfMJuTMUem/PA1OC1duW3R9dBxM6M/N6 Blg1vZjySxottKX0+V/0jNDKNFgmFIhoy41FW1FQo48G+0VHiSaWCIG2WqJhzSne1Sbt An6yR7/UfzjsSShC3MNy4PeEfK7IVc3M9APJ0POMW3we8C9G6py8DMcjIlyYy+cLX+U4 jVHI21h1qjXa8WiBFIehE6sIt7n4+5nIguvjs7EP/u57R3rjjYbjrsIakavGZ7m/7X4T vFsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=TJ15yTka8tEY3ZpftwtEoh9wVISp1Fomr7HC5YSflZQ=; b=RMruyO/032uCq87WQWVhVv2Qr8GhXDs+0N5bajYdA5yWRAUL10HtM1k30BmbaYQFQW 2cm+nMnrcSmlXhwIl0C1yE8vvm/DUsXVsVwpI/iFeIQGCH3anHR1y27KLorJZbhAkuqn BhjpDRj5eyjHXIOlDDJuxkDzZHWpuAr3wbqMYqUNTZwDOR4fj73GIigY6+PAppoQRKfl aGjWyWOOuDVCvEZX1ALa2+Zkno+dDT54CwlYwubin4kpLs3OuY/tV2hA2b2yhGXR24DC 1wXOET0pgB674GjXT/iR3M0o+toZOHgCQwVZoyNWZJs0AqI+NA2ASA8s1PeCyYLdNWo2 PRXA==
X-Gm-Message-State: AJaThX6CFJKJe299Zx+hnaGTG+HllHGNYgy5AHfz9eZJjeNtxQpvlhBL fs6JXc4nfa+o0WWW+pNK6U3i4C254ZK7t3qtFAM=
X-Google-Smtp-Source: AGs4zMYm7SWZLGRFfnD/5p+OWwg4Xi9qCeiT9xON/zwAFj3YFOy4QbOsiUSHR0DBZw8OEE5gfKls6fW2foumE5PKIMU=
X-Received: by 10.157.53.16 with SMTP id o16mr9095037otc.307.1512153230778; Fri, 01 Dec 2017 10:33:50 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 1 Dec 2017 13:33:50 -0500
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <F64C10EAA68C8044B33656FA214632C8881D7A8C@MISOUT7MSGUSRDE.ITServices.sbc.com>
References: <150766267307.13579.9907623355727477623.idtracker@ietfa.amsl.com> <9C5FD3EFA72E1740A3D41BADDE0B461FC7591FFA@DGGEMA501-MBX.china.huawei.com> <CAMMESszqT+Tj6iVg8SBdAsmC3hkX9N7WDsMqZLo98H4H50uwPQ@mail.gmail.com> <HE1PR0701MB2714C95C04A08482402C103FF0480@HE1PR0701MB2714.eurprd07.prod.outlook.com> <CAMMESszDqJCkWg1yrgjxAuLr+bKEZU=r+cP1Xsi3U5GKVeByhg@mail.gmail.com> <F64C10EAA68C8044B33656FA214632C8881D7A8C@MISOUT7MSGUSRDE.ITServices.sbc.com>
X-Mailer: Airmail (461)
MIME-Version: 1.0
Date: Fri, 01 Dec 2017 13:33:50 -0500
Message-ID: <CAMMESsw5y+EiUqNF3JQoxNQ-d6tJQRzb6hRxdMTHd49m8DHUJg@mail.gmail.com>
To: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>, "Yemin (Amy)" <amy.yemin@huawei.com>, "BRUNGARD, DEBORAH A" <db3546@att.com>
Cc: Fatai Zhang <zhangfatai@huawei.com>, "draft-ietf-ccamp-ospf-availability-extension@ietf.org" <draft-ietf-ccamp-ospf-availability-extension@ietf.org>, "ccamp-chairs@ietf.org" <ccamp-chairs@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="001a113dff2c2aa580055f4b9c9a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ccamp/Z3sFQ2zco_78lA-GsYMX8fmWWMg>
Subject: Re: [CCAMP] Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)
X-BeenThere: ccamp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion list for the CCAMP working group <ccamp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ccamp>, <mailto:ccamp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ccamp/>
List-Post: <mailto:ccamp@ietf.org>
List-Help: <mailto:ccamp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ccamp>, <mailto:ccamp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2017 18:33:55 -0000
Hi! This works for me. Thanks! Alvaro. On November 28, 2017 at 6:13:15 PM, BRUNGARD, DEBORAH A (db3546@att.com) wrote: Hi, I’ve been following this discussion, and as many aspects, I was not sure if the concern was about IP routing impacts, IP traffic routed on a GMPLS controlled transport network, or (multi-layer) computation impacts (TED). As the authors note, this text has been used over and over. I think when they were GMPLS-authored, it was to clarify GMPLS opaque LSAs are used for GMPLS-control not (“normal/SPF”) IP-routing decisions. Going forward, it may not be so clearly separated (e.g. multi-layer TED, SDN, whatever). I think this is Alvaro’s concern – the (computation) user impact? So the previous answer while true may not be the answer to the question which Alvaro is asking. How about we remove the sentence on the impact to IP routing? And add specifically the computation impact (e.g. RFC3630 wording): “This document specifies the contents of Opaque LSAs in OSPFv2. Tampering with GMPLS TE LSAs may have an effect on traffic engineering computations. [OSPF-TE] suggests mechanisms such as [OSPF-SIG] to protect the transmission of this information, and those or other mechanisms should be used to secure and/or authenticate the information carried in the Opaque LSAs.” Ok? Deborah *From:* iesg [mailto:iesg-bounces@ietf.org] *On Behalf Of *Alvaro Retana *Sent:* Tuesday, November 28, 2017 3:15 PM *To:* Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>; Yemin (Amy) < amy.yemin@huawei.com> *Cc:* ccamp-chairs@ietf.org; ccamp@ietf.org; Fatai Zhang < zhangfatai@huawei.com>; The IESG <iesg@ietf.org>; draft-ietf-ccamp-ospf-availability-extension@ietf.org *Subject:* RE: Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT) Daniele/Amy: Hi! Sorry for the long delay. In short — no, the proposed text doesn’t address my concern because I think that the extension being defined here can have an impact on routing. Let me try and make my point (about the Security Considerations) again: This document defines an extension that "can be used for route computation in a network that contains links with variable discrete bandwidth” — but "the use of the distributed information for route computation are [sic] outside the scope of this document”. IOW, the intent of the extension is to provide information that can be used to calculate routes, even if the document doesn’t say how to figure out those routes. The Security Considerations then says that "This document does not introduce security issues beyond those discussed in [RFC4203]…the extensions specified here have no direct effect on IP routing.” If the extension can be used for route computation, how can it have no direct effect on routing? Maybe we’re just talking about semantics from the point of view that OSPF is not using the extensions for IP routing (which is true), but someone will be! From the point of view of someone using the extension to calculate routes, then tampering/changing the LSAs could have an impact on the routing decisions, right? IOW, I think that (even if OSPF is not using the information itself) there’s a threat that can be realized from changing the contents of this extension that may result in inconsistent or incorrect routing. Looking closer at rfc4203, the information there can clearly also be used for making routing decisions — again, not by OSPF but by the consumer of the information. I can’t of course do anything wrt that text… In summary, I can see the point that the extension doesn’t cause issues for OSPF…but I think the document is incomplete if it doesn’t address the potential risk to the consumer of the information. In the end, these are non-blocking comments — I’ll defer to whatever you decide. Thanks! Alvaro. On October 13, 2017 at 8:52:45 AM, Daniele Ceccarelli ( daniele.ceccarelli@ericsson.com) wrote: Hi Alvaro, thanks a lot for your review, the text is being improved significantly. I just wanted to add a comment to the discussion on the security section. The text Amy is proposing is exactly the one you can find in RFC4203: This document specifies the contents of Opaque LSAs in OSPFv2. As Opaque LSAs are not used for SPF computation or normal routing, the extensions specified here have no direct effect on IP routing. Tampering with GMPLS TE LSAs may have an effect on the underlying transport (optical and/or SONET-SDH) network. [OSPF-TE <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4203-23ref-2DOSPF-2DTE&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=5_Z-kEXVIiiwdIClSEqWVu4ZJeBrN8G31Hr9gX-epiY&s=4800_ytNzwILzJb3et85wgOtdPOTzm0yCbl9yZl-DyQ&e=>] suggests mechanisms such as [OSPF-SIG <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4203-23ref-2DOSPF-2DSIG&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=5_Z-kEXVIiiwdIClSEqWVu4ZJeBrN8G31Hr9gX-epiY&s=hNtWEwh7IAyTvrWImp4G_2AyyWGt6yvE7ahmB5MCtLE&e=>] to protect the transmission of this information, and those or other mechanisms should be used to secure and/or authenticate the information carried in the Opaque LSAs. I might agree or disagree with your concern (actually tend to agree), but this is not an issue we can solve in this draft, since it is inherited by a previous RFC. This draft is only defining a new sub-TLV inside the ISCD tlv, like many other existing RFCs. We have the same reference in many existing RFC, like for example RFC7138. What RFC 7138 adds is a reference to RFC5920 that could work also in our case: Please refer to [RFC5920 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5920&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=5_Z-kEXVIiiwdIClSEqWVu4ZJeBrN8G31Hr9gX-epiY&s=YAVnSItSKY0WtdbyE6wpf-IRtecHLUUVgTHxQWCFaXg&e=>] for details on security threats; defensive techniques; monitoring, detection, and reporting of security attacks; and requirements. Would this solve the issue? Thanks Daniele *From:* Alvaro Retana [mailto:aretana.ietf@gmail.com] *Sent:* giovedì 12 ottobre 2017 18:40 *To:* Yemin (Amy) <amy.yemin@huawei.com> *Cc:* The IESG <iesg@ietf.org>; draft-ietf-ccamp-ospf-availability-extension@ietf.org; Fatai Zhang < zhangfatai@huawei.com>; ccamp-chairs@ietf.org; ccamp@ietf.org *Subject:* Re: Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT) On Wed, Oct 11, 2017 at 10:48 PM, Yemin (Amy) <amy.yemin@huawei.com> wrote: Amy: Hi! 3) Where is this signaling defined? How does a node know that others support the Availability ISCD/LSA? The Interface Switching Capability Descriptor (ISCD) allows routing protocols such as OSPF and ISIS to carry technology specific information in the Switching Capability-specific information (SCSI) field. If a node received the Availability in the ISCD, it knows that the sender support Availability. Please add something like that, or point to the appropriate document. 4) Security Considerations, how about change the text as following: This document extends [RFC4203]. As with [RFC4203], it specifies the content of an Opaque LSAs in OSPFv2. As Opaque LSAs are not used for Shortest Path First (SPF) computation or normal routing, the extensions specified here have no direct effect on IP routing. Tampering with GMPLS TE LSAs may have an impact on the ability to set up connections in the underlying data plane network. Mechanisms such as [RFC2154] and [RFC5304] to protect the transmission of this information are suggested. As the additional availability information may represent information that an operator may wish to keep private, consideration should be given to securing this information. [RFC3630] notes that the security mechanisms described in [RFC2328] apply to Opaque LSAs carried in OSPFv2. An analysis of the security of OSPF is provided in [RFC6863] and applies to the extensions to OSPF as described in this document. Any new mechanisms developed to protect the transmission of information carried in Opaque LSAs will also automatically protect the extensions defined in this document. The text above (1) still says that the extensions have no direct effect on IP routing, and (2) don't address that threat. I think that the threat with tampering may not just impact the ability to set up a connection, but it may cause routing not to be correct: use a congested path or follow a path with not enough bw, etc.. It shouldn't result in 100% lost traffic, but the routing could definitely be suboptimal. Thanks! Alvaro.
- [CCAMP] Alvaro Retana's No Objection on draft-iet… Alvaro Retana
- Re: [CCAMP] Alvaro Retana's No Objection on draft… Yemin (Amy)
- Re: [CCAMP] Alvaro Retana's No Objection on draft… Alvaro Retana
- Re: [CCAMP] Alvaro Retana's No Objection on draft… Daniele Ceccarelli
- Re: [CCAMP] Alvaro Retana's No Objection on draft… Daniele Ceccarelli
- Re: [CCAMP] Alvaro Retana's No Objection on draft… Alvaro Retana
- Re: [CCAMP] Alvaro Retana's No Objection on draft… BRUNGARD, DEBORAH A
- Re: [CCAMP] Alvaro Retana's No Objection on draft… Alvaro Retana
- Re: [CCAMP] Alvaro Retana's No Objection on draft… Yemin (Amy)