IETF Logo Mail Archive

Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)

Christopher Morrow <christopher.morrow@gmail.com> Sun, 01 November 2015 06:20 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 868941B684C; Sat, 31 Oct 2015 23:20:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id La_CJwKsV2ba; Sat, 31 Oct 2015 23:20:51 -0700 (PDT)
Received: from mail-yk0-x236.google.com (mail-yk0-x236.google.com [IPv6:2607:f8b0:4002:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E99151B685F; Sat, 31 Oct 2015 23:20:50 -0700 (PDT)
Received: by ykft191 with SMTP id t191so112323035ykf.0; Sat, 31 Oct 2015 23:20:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=0qhe2oBjjOevtYzSyGAAkfR6V1Jvfo8Mm0RerZPxLZw=; b=uX4XzDNJsLNde/ZA6W2vhLsi61mlWZqqF+w2c4E+YIYKlAT8qabAHmlgOBcwwexA5X LtDtZCys2nnsk3t6394WFFfMTa7WXaGbHMUTRlI629RM/h+NtFfhWpLM7A6lLkkZHGft 47FQHe3dORkK8Crvk1qFEqRx17ceZR72fC67nyhYKmSdmE1tKirR+yM46507rJjpI9sE fmHSNFL1QTFMYf7vty5ZyXAet1FKGiEcflbL6seD7hD26O2AZg3kF6fpIfF/cYXUhIpI qzpcJY49M6WDeBHPSAxRoa05VTHoObZ0FMJfRVClNIoqkiK8PwHGZsWvjS+u28BOVVoR p1IQ==
MIME-Version: 1.0
X-Received: by 10.13.195.134 with SMTP id f128mr13711586ywd.45.1446358850278; Sat, 31 Oct 2015 23:20:50 -0700 (PDT)
Received: by 10.13.202.16 with HTTP; Sat, 31 Oct 2015 23:20:50 -0700 (PDT)
In-Reply-To: <20151014203537.GH28921@pfrc.org>
References: <20151014164401.10921.20308.idtracker@ietfa.amsl.com> <20151014203537.GH28921@pfrc.org>
Date: Sun, 01 Nov 2015 17:20:50 +1100
Message-ID: <CAL9jLab6tzKOz6g50pWh+kOi+8jhh9NM1ruC39xntpzcfQyK6A@mail.gmail.com>
From: Christopher Morrow <christopher.morrow@gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/grow/wzZ2wb1S-utiAUHMTpqMLoEkEFQ>
Cc: draft-ietf-grow-bmp.ad@ietf.org, "grow-chairs@ietf.org" <grow-chairs@ietf.org>, "grow@ietf.org grow@ietf.org" <grow@ietf.org>, draft-ietf-grow-bmp.shepherd@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-grow-bmp@ietf.org, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [GROW] Stephen Farrell's Discuss on draft-ietf-grow-bmp-15: (with DISCUSS and COMMENT)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Nov 2015 06:20:52 -0000

Jumping in a bit late, but... (and only for this one point really)

On Thu, Oct 15, 2015 at 7:35 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:
>> Why is using TLS not a no-brainer for this?  Given the likes
>> of the Belgacom and Gemalto reports, I would love to

TLS is a great plan, now you have to:
  1) get certificates to devices (and keys)
  2) mint said certs from your internal CA (probably, maybe)
  3) update ca certificate data on devices and clients
  4) check AND FAIL WHEN BAD THINGS HAPPEN certs presented to clients

TLS is great, but its not simple in operational use especially if you
want to deal with the full lifecycle of the tls world.

The above only matters (really) for 'inside my span of control' bmp
monitoring (to my devices from my servers, etc), and doesn't apply in
a sane fashion to the 'public service' bmp providers.

>> understand why people are still willing to buy and sell
>> equipment without such basic features. The "explanation"
>> that nobody needs it or nobody provides it seems off base
>> here - this is new code and a new interface, and the

where's tcp/ao support in the vendor gear in the field?
where's tcp/ao support in even one popular unix derivative? windows?

I'd love to do AO for this and bgp and my ssh sessions and such...
but... there's zero support for a protocol that landed in RFC (where
are it's 2 competing implementations? how did it make it to Standard
without running code?) in june 2010.

>> relevant security protocols (SSH, IPsec and TLS) are all
>> nearly or more than 20 years old.

it's not clear that ssh is viable here, it's also clear that IPSEC is
fairly heavyweight and likely not in the code path for management /
control-plane traffic on devices, and TLS has it's host (above) of
lifecycle issues.

The security stuff is important, by verbiage alone, but by actually
useful code and standards? not so much.

The BMP draft says:
  "Where the security considerations outlined above are a concern, users
   of this protocol should consider using some type of transport that
   provides mutual authentication, data integrity and transport
   protection, such as IPsec [RFC4303] or TCP-AO [RFC5925].  If
   confidentiality is considered a concern, a transport providing that
   as well could be selected."

which actually seems spot on, despite my ranty-bits above.

is it time to lift the DISCUSS here? or can we go around the rosebush
again about how we would love better security in a world where we are
clearly not important enough to actually get better security by
default?

-chris

v2.23.0 | Report a Bug | By Email