Re: [CCAMP] Stephen Farrell's No Objection on draft-ietf-ccamp-flexi-grid-fwk-05: (with COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 09 August 2015 23:52 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ccamp@ietfa.amsl.com
Delivered-To: ccamp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 721161B2CB8; Sun, 9 Aug 2015 16:52:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uXtwSabsWfiN; Sun, 9 Aug 2015 16:52:36 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8207F1B2CB7; Sun, 9 Aug 2015 16:52:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id D2341BE4D; Mon, 10 Aug 2015 00:52:34 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PGSn-vZR-Jh9; Mon, 10 Aug 2015 00:52:33 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.29.218]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D68CDBE33; Mon, 10 Aug 2015 00:52:32 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1439164353; bh=gF5hdjXMQDYBtCCZLLXlnMduzM86Cxlwmpeuq82iLGY=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=F/SuFMpXzLDPKwqdSbXzAwKBPyU74kbHC0sDgfGYrTuIJEYnNbrqmnHFUBglnzORr M3WFSGj/9YGCMXAdcj33MGuWtPz9+Q88orBqcHllkcwZWkwsA8EX7HjQX+AwEfDbOM vfaQB3qBzLPSiwFO6/ciEx2egTTbP/Q3gxCgHCP0=
Message-ID: <55C7E7C0.10506@cs.tcd.ie>
Date: Mon, 10 Aug 2015 00:52:32 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: adrian@olddog.co.uk, 'The IESG' <iesg@ietf.org>
References: <20150805220817.431.69640.idtracker@ietfa.amsl.com> <022401d0d2b4$aebe55c0$0c3b0140$@olddog.co.uk>
In-Reply-To: <022401d0d2b4$aebe55c0$0c3b0140$@olddog.co.uk>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ccamp/phYVqe89VQHVlzwjuTRQR9obW1k>
Cc: draft-ietf-ccamp-flexi-grid-fwk.ad@ietf.org, ccamp-chairs@ietf.org, ccamp@ietf.org, draft-ietf-ccamp-flexi-grid-fwk.shepherd@ietf.org, draft-ietf-ccamp-flexi-grid-fwk@ietf.org
Subject: Re: [CCAMP] Stephen Farrell's No Objection on draft-ietf-ccamp-flexi-grid-fwk-05: (with COMMENT)
X-BeenThere: ccamp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion list for the CCAMP working group <ccamp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ccamp>, <mailto:ccamp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ccamp/>
List-Post: <mailto:ccamp@ietf.org>
List-Help: <mailto:ccamp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ccamp>, <mailto:ccamp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Aug 2015 23:52:39 -0000
Hiya, On 09/08/15 16:04, Adrian Farrel wrote: > Stephen, > > Thanks for not placing a Discuss. No problem. Had there been specific issues I had to raise, it would have been a discuss. In this case, I had neither the time to explore sufficiently nor enough background on this topic, as you point out. But frankly I think your criticism of my criticism is off the mark. The point I made was that the lack of any evidence of a security analysis having been done is unimpressive. That remains the case. The examples were not claimed to be problems that need fixing but questions about which one ought wonder when doing this kind of thing. (As an aside, I don't think kite-flying is a reasonable description of that, and I note that you don't say that any of the possible issues I mentioned have in fact been considered.) As to whether my approach of honestly expressing my genuine disappointment is the most productive, you do make a fair point. In my partial defence, it is the case that I and others recently had quite a difficult time dealing with a discuss on another routing architecture document that suffered from what appeared to me to a similar lack of security analysis, but nonetheless that ought not have influenced my comment here. My apologies to the authors/WG for that. OTOH, it is a couple of decades past the time when doing basic security analysis is expected as part of engineering good practice in IT. I see no reason at all why routing should be some kind of exception there. But I will really be delighted if someone sends me a link to the WG archive where I find that all that work has in fact been done but simply resulted in there being nothing much new to mention. Cheers, S. > >> - (Nearly a discuss) Section 7 refers back to RFC5920 >> (from 5 years ago) and RFC6163 (presumably the 3 paragraph >> section 7) and also claims that there is "no substantial >> reason to to expect the security considerations to be any >> different." That's pretty unimpressive to be honest. Don't >> you think it'd be reasonable to expect that a new >> architecture, framework and set of protocols for high >> speed networks should today include a thorough security >> and privacy analysis done afresh and not simply referring >> back to previous work? For example, is it not likely that >> in some cases new IGP security primitives might be needed, >> or that virtualisation and data centre trends would mean >> that some additional isolation between different folks' >> data was desirable or that some kind of automated key >> management be finally required to be included from the >> start of the design of any new control plane? (This isn't >> a discuss as it's probably better to hold that kind of >> discussion for a next stage when some architecture or >> protocols are defined.) > > I find your kite-flying tiresome in the extreme! > If you have specific issues or concerns that you can see need to be addressed > then please do raise them. > If you know of people who are control plane experts who believe that the > security of the GMPLS control plane has degraded or that new vulnerabilities > exist please do get them to engage on the TEAS working group mailing list > because those concerns will likely apply across all uses of GMPLS. > If you are aware of vulnerabilities in this new data plane you should make sure > that ITU-T SG15 is informed so that they can fix them and, at the same time, we > can look at how the control plane might be used to circumvent these issues. > > But "is it not likely that in some cases new IGP security primitives might be > needed?" is a meaningless question without details. What cases have you in mind? > Why is a flexi-grid more in need of such security primitives than another > network? Why would the addition of such security primitives not be a generic > addition to GMPLS or even to the native IGP? In short, if you believe that new > IGP security primitives are needed you need to hurry to the OSPF and ISIS > working groups and ensure that those primitives are made available since their > applicability is surely wider than one particular data plane technology. > > And you ask "or that virtualisation and data centre trends would mean that some > additional isolation between different folks' data was desirable?" Is isolation > a data plane feature? Are you concerned that there might be leakage between one > lambda slot and another? You do realise that the V in VPN means "virtual" and > that the packets all get jumbled up in one great big friendly Internet? Or do > you believe that the "additional isolation" should apply to the control plane as > well? And lastly, while optical data center connections are growing in > popularity, we may be a short distance yet from a flexi-grid data center with a > GMPLS back plane. > > And lastly you ask "or that some kind of automated key management be finally > required to be included from the start of the design of any new control plane?" > And who could argue with this except to note that no "new control plane" is > being designed (which is why all the references to GMPLS etc. are made). The > fact is that a flexi-grid network is not substantially different from a lambda > network dating back 15 years. There are some minor differences in how the > optical spectrum is chopped up and this makes for very interesting economic > benefits achieved through flexibility and through maximal use of resources. But > the control plane modifications to turn a GMPLS control plane for an old-style > lambda network into a GMPLS control plane for flexi-grid network are small. > This is not a new control plane. > > So, when you say "Don't you think it'd be reasonable to expect that a new > architecture, framework and set of protocols for high speed networks should > today include a thorough security and privacy analysis done afresh and not > simply referring back to previous work?" I am bound to respond, yes, but I do > think it reasonable for an AD to read and understand a document before > commenting. This is not the new architecture or set of protocols that you claim > it to be, and the network is not of higher speed (necessarily) than what has > gone before. > > > Don't get me wrong. I think it is great that a Security AD worries about the > security present in our toolbox of routing and signaling protocols. But I think > you are aiming your worries entirely wrongly. The result of your poor aim is > that: > - you simply build resentment to any discussion of security > - you do not find the people who should be doing this work > - your concerns are lost because they are not heard > > Can I suggest that you hold a BoF in Yokohama entitled "Security of the Routing > and Signaling Infrastructure". You can invite to this meeting the relevant > routing experts, and you can arrange for presentations from the security experts > who can show what the problems are. > > There now. I have now spent much longer responding to your Comment than you > spent typing it. I am also much less inclined to listen the next time you have a > security concern about any of my documents. In short: a poor job done badly. > > Thanks, > Adrian >
- [CCAMP] Stephen Farrell's No Objection on draft-i… Stephen Farrell
- Re: [CCAMP] Stephen Farrell's No Objection on dra… Adrian Farrel
- Re: [CCAMP] Stephen Farrell's No Objection on dra… Adrian Farrel
- Re: [CCAMP] Stephen Farrell's No Objection on dra… Stephen Farrell
- Re: [CCAMP] Stephen Farrell's No Objection on dra… Stephen Farrell
- Re: [CCAMP] Stephen Farrell's No Objection on dra… Kathleen Moriarty
- Re: [CCAMP] Stephen Farrell's No Objection on dra… Kathleen Moriarty
- Re: [CCAMP] Stephen Farrell's No Objection on dra… Ramon Casellas