IETF Logo Mail Archive

Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-access-network-identifier-10: (with DISCUSS)

"Sri Gundavelli (sgundave)" <sgundave@cisco.com> Tue, 08 December 2015 23:06 UTC

Return-Path: <sgundave@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 836F31ACDDB; Tue, 8 Dec 2015 15:06:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.509
X-Spam-Level:
X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P17qp9Wkn_DW; Tue, 8 Dec 2015 15:06:40 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06A3C1ACDCD; Tue, 8 Dec 2015 15:06:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11708; q=dns/txt; s=iport; t=1449616000; x=1450825600; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=B1byD4esel8oRp2IqlbXPys77xGo21QVQts74rEz13I=; b=mzXD827NGzpULzT7L0hswmlTKIph+/y9EQvwpwb9gSO0/Ffbs+OpL7d9 km20whM+OgAJYPRZkw/CynxFZJ6uHhGFa6Dy4wOGPMum5Zzo+Nta8fmn4 az6niyh0v49AXzs8iTCq0SWb5VEyQlzKxDJbQ7w9a63Vg2/UM8vpB5Ibs E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D+AQB9YWdW/4wNJK1egm5MU3S7H4IaAQ2BboYOAoE/OBQBAQEBAQEBgQqENQEBBGsOEAIBCEYyJQIEDog0vxcBAQEBAQEEAQEBAQEBAQEbhlSDd4EGhDQOhHkFjSk5hRWDagGNO4FbhEOSXYNxAR8BAUKCDAUdFoFAhRdDgQcBAQE
X-IronPort-AV: E=Sophos; i="5.20,400,1444694400"; d="scan'208,217"; a="57248284"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Dec 2015 23:06:38 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id tB8N6cOa030526 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 8 Dec 2015 23:06:38 GMT
Received: from xch-aln-007.cisco.com (173.36.7.17) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 8 Dec 2015 17:06:37 -0600
Received: from xch-aln-007.cisco.com ([173.36.7.17]) by XCH-ALN-007.cisco.com ([173.36.7.17]) with mapi id 15.00.1104.009; Tue, 8 Dec 2015 17:06:37 -0600
From: "Sri Gundavelli (sgundave)" <sgundave@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: Ben Campbell's Discuss on draft-ietf-dhc-access-network-identifier-10: (with DISCUSS)
Thread-Index: AQHRMg0XXPN91JRVvUGo6pOE6Wj3ww==
Date: Tue, 08 Dec 2015 23:06:37 +0000
Message-ID: <D28C9CDC.1FA630%sgundave@cisco.com>
References: <D28C940C.1FA5DF%sgundave@cisco.com>
In-Reply-To: <D28C940C.1FA5DF%sgundave@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.8.151023
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.32.246.210]
Content-Type: multipart/alternative; boundary="_000_D28C9CDC1FA630sgundaveciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/FNBMhOI3UnVgQmgAaVF2DkXifeA>
Cc: "Bernie Volz (volz)" <volz@cisco.com>, "dhc-chairs@ietf.org" <dhc-chairs@ietf.org>, "draft-ietf-dhc-access-network-identifier.shepherd@ietf.org" <draft-ietf-dhc-access-network-identifier.shepherd@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-dhc-access-network-identifier.ad@ietf.org" <draft-ietf-dhc-access-network-identifier.ad@ietf.org>, "<dhcwg@ietf.org>" <dhcwg@ietf.org>, "draft-ietf-dhc-access-network-identifier@ietf.org" <draft-ietf-dhc-access-network-identifier@ietf.org>
Subject: Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-access-network-identifier-10: (with DISCUSS)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2015 23:06:43 -0000

Hi Stephen,

Thank you for your review. We probably addressed most of these issues as part of addressing Alissa's comments as there is overlap. Any case, please let us know if you are not happy with the changes.



(1) Did the DHC working group consider how this information,
when sent without adequate protection between relay and dhcp
server, could help in pervasive monitoring? If so, what was the
conclusion reached? We have seen http header field information
sent between infrastructure nodes being intercepted for that
purpose, so this has to be similarly at risk.  If the answer is
that this is only to be used within a single network operator's
setup (or a roaming arrangement) then that needs to be
justified (as practical) and, if it can be justified (I'm not
sure tbh), also made explicit.

[Sri] I believe this issue is now resolved after discussions with Alissa Cooper and the newly agreed text that introduces the "same operator" assumption.



(2) I had a DISCUSS on the draft that became rfc 6757 about
protection of this kind of data. In that context I think I was
assured that everything (in PMIPv6) was IPsec protected so it
was fine.  Why, in what we now know is a more threated
environment, is it ok to now have weaker protection when I was
assured then that IPsec was in fact quite usable in PMIPv6? I
think you maybe need to put in a MUST use IPsec requirement for
this to be as safe.


[Sri] No, its not. We are still identifying the information that is at risk in certain operating environments. We are also listing the tools that operator has their disposal as per the below text. The question is that determination on when the information is at risk, if its an operator call, or IETF call. I'm OK, but I will let Bernie and other DHCP experts comment on this MUST requirement.


   "In deployments where this information is considered secure
   and when such threat cannot be mitigated using IPsec [RFC4301] or
   other security protocols, then the administrators have to consider
   disabling the capability specified in this document on the DHCP
   entities."


(3) section 7: MAY store - this is possibly sensitive
information so you ought say that it SHOULD NOT be stored
unless needed, and if stored, SHOULD be deleted as soon as
possible. Storing sensitive information when not needed just
shouldn't be considered acceptable anymore I think - is that
reasonable?


[Sri] Ok.

Looking at RFC 7268, SSID (Network-Id-Name attribute) can be present in accounting records. So, this information is stored by network functions.



  *

I (strongly) support Alissa's DISCUSS and will be interested
in watching how that is resolved. Some of my DISCUSS points do
overlap though so from my POV feel free to mix'n'match the
discussions. Or to process first one then the other, whatever
you think is best.



[Sri] We resolved it; hope you are OK with the conclusion.


- RFC6757 defines exactly this for PMIPv6. That implies that
PMIPv6 should not be used to illustrate or motivate this, as
that problem is solved. Perhaps you would be better off if you
limited the scope of this to be used for networks that are some
kind of extension to PMIPv6 only? (You'd need to define what
kind I think.)

[Sri] I believe with all the text around "single operator", "IPsec" and other assumptions, I think we have resolved this issue.

Thanks for the reviews.

Regards
Sri

v2.23.0 | Report a Bug | By Email