IETF Logo Mail Archive

Re: [Dots] Eric Rescorla's Discuss on draft-ietf-dots-requirements-18: (with DISCUSS and COMMENT)

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 22 February 2019 11:42 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0985B12DD85; Fri, 22 Feb 2019 03:42:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oPOMy3p5ojGt; Fri, 22 Feb 2019 03:41:59 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC5BA1277CC; Fri, 22 Feb 2019 03:41:58 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1550835583; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:x-originating-ip: x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-exchange-diagnostics: x-microsoft-antispam-prvs:x-forefront-prvs: x-forefront-antispam-report:received-spf:authentication-results: x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=tQeH398KHL5BXKyeXeZgaYzeN8aaFJUuMum4BZ dsY78=; b=osNgsyHBZ1FVH0tBFvi3qC9UPKo09+auXPgTdRDS gE3dJG8XNFkuvRGt8HiDpv8M2F46RomtcDEbcUcAoQ2kQcuo7T h/jFK0zRZdvASS1sUc62nHz40FsB6pWxxTmksoo1GrfzhD6Onp 23tYlWYDvIjUrE8h7PB7QOe0yae8czw=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 2098_cb0d_c3e84a10_760a_4f2e_a356_1d385da24152; Fri, 22 Feb 2019 04:39:43 -0700
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 22 Feb 2019 04:41:48 -0700
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Fri, 22 Feb 2019 04:41:48 -0700
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 22 Feb 2019 04:41:47 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2821.namprd16.prod.outlook.com (20.178.233.211) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.15; Fri, 22 Feb 2019 11:41:47 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39%2]) with mapi id 15.20.1622.020; Fri, 22 Feb 2019 11:41:47 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Eric Rescorla <ekr@rtfm.com>, The IESG <iesg@ietf.org>
CC: "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "frank.xialiang@huawei.com" <frank.xialiang@huawei.com>, Liang Xia <frank.xialiang@huawei.com>, "draft-ietf-dots-requirements@ietf.org" <draft-ietf-dots-requirements@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Eric Rescorla's Discuss on draft-ietf-dots-requirements-18: (with DISCUSS and COMMENT)
Thread-Index: AQHUyfabISbEMvRzDk6nelzTde89MqXrVJcw
Date: Fri, 22 Feb 2019 11:41:47 +0000
Message-ID: <BYAPR16MB27907AFCEC70695076EFD2B9EA7F0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155076138334.8654.4433425046363509880.idtracker@ietfa.amsl.com>
In-Reply-To: <155076138334.8654.4433425046363509880.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [49.37.201.107]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 768c092f-a13e-4c96-ac40-08d698baba01
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2821;
x-ms-traffictypediagnostic: BYAPR16MB2821:
x-ms-exchange-purlcount: 3
x-microsoft-exchange-diagnostics: 1;BYAPR16MB2821;23:XkGqo7F75aBqAVrDjlYY5zKAhl6tQcVBiyoysweawW4MgYn6Rl69mvjVW4aU2vmU3C3hIwJbsisomh4vVFbNGtqpt4DkCRrP5xlIMcWRYpgE58HTJd8KPrQbjfnZoKqiwtu/gHhgl0WO5ZDBkpi+5VepXQsEeeNhKQjIhdUp0K/pR4MRI/W50HZ4pG5qvLyceB+6J75xL+KDWn/AlomU4NxGsvLYm+fJUgNO94Orco6nS6jzpUE6oQQPWCGNSliysUD7lLQShJHQsEmNVjaQ7do7oZxo0kNGtnE6nrgEJ7HqR9+OIi4x6sHFSF+8El7Aii5NvXJFofpTbw+DlLi444GZUXR9Um3AwLuhWuqWWKamNp/YzjJI5R19Imq4Q223coRm3QfheYk2IbkCZfsD18lazfjQYBCO3Ncn9bHp5TDbN/Aqr60c05oxpLPsDaw7Tjo+IkPaACA0Fw/KEwrIYwnnD85ynP2fcyYJi1KK77piCf8UzQlZwUuSbvllBPpf2+NvcPbPw4zKX2XgNUJ559LI55+Wm0ayiHCQQlH/ZwTynnWxjyaF/lp1edbwyB5Hdop7LsWa0eZc34dFQe8Y5HtjjlDfRL0FElW9H0ux6Nae7YrtkBTIMSEaaH/obWefJGpAt9jqY5bv1ZwNi4Dyzwp0Swt+ssSPJfPIsH+PjoTxrWLsvQh07z1prHdbWPRFAyVgxQvXEXJEa/WdNFq/icyGnRGO6fB2KfS6c5Wl5ydX3NC41sE6V58Sfs76Nz5PPHcgLwtFfJYtFYqnQ+uCxXiyxDVi2TyNsnWvwf1XZ/hsIigvwAW6si/Rn4HIa2p0a9Btjoc0svb66bW6GlwUL7n8f3u06nC4fYW3vRtERWnJb/XFgp9V6IO3iyPeY0NKzJsMrjPK/ac1C9rjTGfZLmTgC6189DH8raCK22tIeVS5KkN0eoYjqQZlUQySmU6+KJt3pHM1Rz+DSAmhLD1ZyBKvwiWn1smvsAFhQYSJzWVtmlA7DO2TTssJrPnYjdtoqZgtmZW6b8U1PnQQecOHTqahJ52qlLzhjWHS3u5J6s7jVLVMGj0gFXE6UmDJ2SyBklGPsgTwzvocbPJC2VfKAtFk8zNEV5iSl1IyqJEiPM6u4o7zgF6d/4ojxpUAUSHbSvGXAfVVEWVOES9uiJoGhdXtYxUbuQhRffFaYPzLW5Ynf5PUBlUuF6f0BCgboaIa7k+pevohyyx4mBX8ZX9QvksGoQwScsi9bL0rQnd9RBJ66w+Wl4aotRLxtc2cd2qS5nEadC+ORVa5c5oMdwLJrHuMvJFs98Iszvc93Fq/Z3G+7RSMzNoxpDHWdSCN8jSC3QuCtmw4KVzgQ/HrdlJDMriO0DpCvV+xRoR6zkVN13ASaIBPw7CGctStZc4k5HLiXdMZY2y6sLUusPBGPDeOGQ==
x-microsoft-antispam-prvs: <BYAPR16MB28218DBF793A2724E9BF4CEBEA7F0@BYAPR16MB2821.namprd16.prod.outlook.com>
x-forefront-prvs: 09565527D6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(396003)(39860400002)(366004)(376002)(346002)(13464003)(32952001)(199004)(189003)(5660300002)(33656002)(9686003)(7736002)(25786009)(305945005)(74316002)(81156014)(71200400001)(81166006)(53936002)(8676002)(76176011)(54906003)(110136005)(105586002)(8936002)(6306002)(71190400001)(66066001)(106356001)(316002)(7696005)(99286004)(55016002)(2906002)(229853002)(476003)(72206003)(11346002)(3846002)(486006)(6116002)(446003)(6436002)(80792005)(966005)(14454004)(5024004)(14444005)(256004)(53546011)(68736007)(6506007)(6246003)(97736004)(26005)(4326008)(478600001)(86362001)(102836004)(6346003)(186003)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2821; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: S/TROwwA9QfeMrH6fJsBEMw8SfOw9DbzizsBghskwE+Sxh5YAaTZJdlyp8RSq+sPUcqx+5ONf5yGgNas5dK4rJZz++oFOnksEzW9irDxT7qrLb6QrQxImJFTkw1bmWRQ/FWnBokAuxPvz6g3OztXTs7kAoZ5zKkyYSM975cf6QXMF0EFMU6LfW5hOxgNal88fhYrbt2LHjRN0ncGeR/JxhhYI6cJzBoG/SC28wMKcWy90SM/CGk3UgxcNi9g9yyq17bF1aQDWLt5MSnU+B4eiiY+bM1RrycEQKQDWkg+81KloIo06SaQwcKnsPRX37hgvnpStnjY4SoayDnOabOGKxUj3AgeHPy8PZZcasFMylH6mFjTzV/xVd7VqkTJNSo1t9w1OczhgrMbPH2GtdkRkrAQUQV94unA/1xkyNlBFmU=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 768c092f-a13e-4c96-ac40-08d698baba01
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2019 11:41:47.0564 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2821
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.3
X-NAI-Spam-Version: 2.3.0.9418 : core <6489> : inlines <7019> : streams <1813770> : uri <2800478>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/hCNKMzc0CvoJ_CsyyLcVhzxP82w>
Subject: Re: [Dots] Eric Rescorla's Discuss on draft-ietf-dots-requirements-18: (with DISCUSS and COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 11:42:02 -0000

Hi Eric,

Please see inline

> -----Original Message-----
> From: Eric Rescorla <ekr@rtfm.com>
> Sent: Thursday, February 21, 2019 8:33 PM
> To: The IESG <iesg@ietf.org>
> Cc: dots-chairs@ietf.org; frank.xialiang@huawei.com; Liang Xia
> <frank.xialiang@huawei.com>; draft-ietf-dots-requirements@ietf.org;
> dots@ietf.org
> Subject: Eric Rescorla's Discuss on draft-ietf-dots-requirements-18: (with
> DISCUSS and COMMENT)
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is safe.
> 
> Eric Rescorla has entered the following ballot position for
> draft-ietf-dots-requirements-18: Discuss
> 
> When responding, please keep the subject line intact and reply to all email
> addresses included in the To and CC lines. (Feel free to cut this introductory
> paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-dots-requirements/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Rich version of this review at:
> https://mozphab-ietf.devsvcdev.mozaws.net/D3543
> 
> 
> I only had a short time to read this, but I find myself confused about the
> COMSEC requirements here.
> 
> There is no COMSEC requirement for the signaling channel in S 2.2.
> DATA-002 requires a secure COMSEC protocol for the data channel.

Both signal and data channel require confidentiality and have the same data privacy and integrity requirements.

> SEC-001 and SEC-002 require "peer mutual authentication" and "message
> confidentiality, integrity, and authentication" according to "industry best
> practices". This doesn't seem to be a requirement which I can verify or
> evaluate. If "industry best practices" were to use raw TCP, would such an
> implementation be conformant.
> 
> I think what needs to be required here is cryptographic authentication of both
> sides and of the messages on both channels. 

Yes, both the protocols using (D)TLS to mutually authenticate both sides and the messages on both channels are encrypted.

> Generally I would prefer to require
> confidentiality on both, but I could maybe see an argument for why that wasn't
> needed.

Removed DATA-002 and updated security requirements to discuss confidentiality for both DOTS protocols.

   SEC-003  Data privacy and integrity: Transmissions over the DOTS
      protocols are likely to contain operationally or privacy-sensitive
      information or instructions from the remote DOTS agent.  Theft,
      modification, or replay of message transmissions could lead to
      information leaks or malicious transactions on behalf of the
      sending agent (see Section 4 below).  Consequently data sent over
      the DOTS protocols MUST be encrypted using secure transports 
      (like TLS and DTLS).  DOTS servers MUST enable means to prevent leaking
      operationally or privacy-sensitive data.  Although administrative
      entities participating in DOTS may detail what data may be
      revealed to third-party DOTS agents, such considerations are not
      in scope for this document.

> 
> DETAIL
> S 2.2.
> >         free to attempt abbreviated security negotiation methods supported
> >         by the protocol, such as DTLS session resumption, but MUST be
> >         prepared to negotiate new security state with the redirection
> >         target DOTS server.  The authentication domain of the redirection
> >         target DOTS server MUST be the same as the authentication domain
> >         of the redirecting DOTS server.
> 
> what is an "authentication domain"?

We are trying to say both the redirecting and redirected target DOTS server belong to the same administrative domain.

Modified the last line as follows:
The redirection DOTS server and redirecting DOTS server MUST belong to the same administrative domain.

> 
> 
> S 2.4.
> >      SEC-002  Message Confidentiality, Integrity and Authenticity: DOTS
> >         protocols MUST take steps to protect the confidentiality,
> >         integrity and authenticity of messages sent between client and
> >         server.  While specific transport- and message-level security
> >         options are not specified, the protocols MUST follow current
> >         industry best practices for encryption and message authentication.
> 
> This is not a verifiable conformance requirement

When the requirements draft is initially drafted, the WG wanted to select the current IETF best practices for encryption and message authentication of DOTS messages.  The DOTS WG has decided to use (D)TLS for signal channel and TLS  for data channel.  I can modify the text to say "current IETF best practices for encryption and message authentication" for both SEC-001 and SEC-002.


> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> S 2.1.
> >         proprietary DDoS defenses.  Future extensions MUST be backward
> >         compatible.  Implementations of older protocol versions MUST
> >         ignore optional information added to DOTS messages as part of
> >         newer protocol versions.  Implementations of older protocol
> >         versions MUST reject mandatory information added to DOTS messages
> >         as part of newer protocol versions.
> 
> MUST reject the information or MUST reject the messages.
> Conventionally, it's the latter.

Yes, modified the line as follows:
Implementations of older protocol versions MUST reject DOTS messages carrying mandatory information as part of newer protocol versions.

> 
> 
> S 2.2.
> >         discussed in [I-D.ietf-intarea-frag-fragile].  If the PMTU cannot
> >         be discovered, DOTS agents MUST assume a PMTU of 1280 bytes for
> >         IPv6.  If IPv4 support on legacy or otherwise unusual networks is
> >         a consideration and the PMTU is unknown, DOTS implementations MAY
> >         rely on a PMTU of 576 bytes for IPv4 datagrams, as discussed in
> >         [RFC0791] and [RFC1122].
> 
> I'm having trouble reading this text. You say above "MUST assume" and "MAY
> rely" here. Are you saying "send no more than 576" or "you can assume you can
> send at least 576 and we're not saying anything about the upper bound"

I have replaced the above lines with the text suggested by Suresh.

> 
> 
> S 2.2.
> >         active DOTS client has not requested mitigation, in order to
> >         control load.
> >
> >         Following mutual authentication, a signal channel MUST be
> >         considered active until a DOTS agent explicitly ends the session.
> >         During peace time, signal channel MUST be considered active
> > until
> 
> "peace time" is probably not the right word here. After all, my country might
> be at peace but still subject to a DoS attack

Added the following term to avoid confusion :
Peacetime: In DDoS, ‘peacetime’ refers to the period during which the target network is not under DDoS attack.

Cheers,
-Tiru

>

v2.23.0 | Report a Bug | By Email