Re: [dhcwg] IESG Discusses on draft-ietf-dhc-relay-server-security-04

"Bernie Volz (volz)" <volz@cisco.com> Thu, 20 April 2017 13:39 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30F2F129AF7; Thu, 20 Apr 2017 06:39:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JDjFCIYBeugC; Thu, 20 Apr 2017 06:39:09 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CBAE124BE8; Thu, 20 Apr 2017 06:39:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18900; q=dns/txt; s=iport; t=1492695549; x=1493905149; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=J4RxDbaWTS8qlzdTkujC9OEm6XFGyIXhqneeIHHdUvc=; b=BcZTC7OOYlasFyTSU/lwdkVAiBitJFk58dFPAeAb170WN2TV8sZtdvGp 486yBetojdbX+KB6M25BXrcWMtOPyLtpxudvDDBS12MCc65xCyhNvLxhQ kMFkTyYNmCXUf6Ko5dtTkgx4x5U+lb+nXnxdSZRH0oU79wFUfZa5vIA/P w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AqAQDAuPhY/4QNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgm5mYYELB4NgihWRY5AuhTWCDzCFdAIag2A/GAECAQEBAQEBAWs?= =?us-ascii?q?ohRUBAQEBAyMKTBACAQgOAwQBASgDAgICMBQJCAEBBA4FCIoUDqpOgiaLHwEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBARgFiDCDGYMAGIEREQEGTIJQgl8FkASNMAGHFIt?= =?us-ascii?q?lggmFM4hlgT2UEwEfOH0IYxUahw91AYZ/gSGBDQEBAQ?=
X-IronPort-AV: E=Sophos;i="5.37,225,1488844800"; d="scan'208,217";a="415121290"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Apr 2017 13:39:08 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id v3KDd8Uf032750 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 20 Apr 2017 13:39:08 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 20 Apr 2017 08:39:07 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Thu, 20 Apr 2017 08:39:07 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: The IESG <iesg@ietf.org>, "dhc-chairs@ietf.org" <dhc-chairs@ietf.org>, "draft-ietf-dhc-relay-server-security@ietf.org" <draft-ietf-dhc-relay-server-security@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: IESG Discusses on draft-ietf-dhc-relay-server-security-04
Thread-Index: AdK5Pr76PLardk2ISZm7qPiNR7mu5gAs9mUAAAYfFvA=
Date: Thu, 20 Apr 2017 13:39:07 +0000
Message-ID: <b11b9d34fe4c4132b608e6b43e853252@XCH-ALN-003.cisco.com>
References: <36c922c04bee4233b58e5185f0a4f9ad@XCH-ALN-003.cisco.com> <CABcZeBMZPqvK-z+ef=M=6So9bL7WJfa-rXOdghVaXjYER2kTDA@mail.gmail.com>
In-Reply-To: <CABcZeBMZPqvK-z+ef=M=6So9bL7WJfa-rXOdghVaXjYER2kTDA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.98.1.195]
Content-Type: multipart/alternative; boundary="_000_b11b9d34fe4c4132b608e6b43e853252XCHALN003ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/mg0NqrVF_7w7Oal7xqvyiPx61o8>
Subject: Re: [dhcwg] IESG Discusses on draft-ietf-dhc-relay-server-security-04
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 13:39:11 -0000

Eric:

I can’t say whether anyone would actually do this.

On the one hand, NOT having this document may make it less likely that anyone would, so having the document COULD mean someone will make use of it.

I also think that there may be little to add to a server or relay implementation to do this since it may just require some “host” configuration – as in https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-ipsec-host2host.html. Thus the bar to implement is low – just requires some additional host configuration. Of course, it may be more difficult to deploy on relays (on routers)?

One reason that I think that this may not be used heavily (if at all) is that most of the relay to server commination is in probably flowing in an operator’s infrastructure (data center) network and hence they likely have secured that infrastructure communication in general and thus the relay to relay / relay to server communication may be part of that – this may be the same path used to manage the relays, for example.


-          Bernie

From: Eric Rescorla [mailto:ekr@rtfm.com]
Sent: Thursday, April 20, 2017 7:25 AM
To: Bernie Volz (volz) <volz@cisco.com>;
Cc: The IESG <iesg@ietf.org>;; dhc-chairs@ietf.org; draft-ietf-dhc-relay-server-security@ietf.org; dhcwg@ietf.org
Subject: Re: IESG Discusses on draft-ietf-dhc-relay-server-security-04

Hmm... I don't think this really resolves my concern, which is: is anyone going to actually do this.

I don't think that has to be in the draft, but I'd like understand it.

-Ekr


On Wed, Apr 19, 2017 at 3:00 PM, Bernie Volz (volz) <volz@cisco.com<mailto:volz@cisco.com>> wrote:
Hi:

I've posted a -05 which tries to address the Discusses (except perhaps for Ben Campbell's about which I sent a separate email on 4/12). Please review and let me know if this helps or whether more changes are needed.

A new version of I-D, draft-ietf-dhc-relay-server-security-05.txt
has been successfully submitted by Bernie Volz and posted to the IETF repository.

Name:           draft-ietf-dhc-relay-server-security
Revision:       05
Title:          Security of Messages Exchanged Between Servers and Relay Agents
Document date:  2017-04-19
Group:          dhc
Pages:          8
URL:            https://www.ietf.org/internet-drafts/draft-ietf-dhc-relay-server-security-05.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-server-security/
Htmlized:       https://tools.ietf.org/html/draft-ietf-dhc-relay-server-security-05
Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-dhc-relay-server-security-05
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-relay-server-security-05

- Bernie Volz