[i2rs] draft-mglt-i2rs-security-environment-reqs-00 Thoughts on AAA
Jeffrey Haas <jhaas@pfrc.org> Thu, 27 August 2015 21:30 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F2661B2C94 for <i2rs@ietfa.amsl.com>; Thu, 27 Aug 2015 14:30:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.178
X-Spam-Level:
X-Spam-Status: No, score=-0.178 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, IP_NOT_FRIENDLY=0.334, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id btoJ5hzIJOdj for <i2rs@ietfa.amsl.com>; Thu, 27 Aug 2015 14:30:48 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 592791B2C7B for <i2rs@ietf.org>; Thu, 27 Aug 2015 14:30:48 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id A94EB1E48F; Thu, 27 Aug 2015 17:33:44 -0400 (EDT)
Date: Thu, 27 Aug 2015 17:33:44 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: i2rs@ietf.org
Message-ID: <20150827213344.GF19039@pfrc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/lKfGnCY0ycL91z71TMJTjbcnabw>
Subject: [i2rs] draft-mglt-i2rs-security-environment-reqs-00 Thoughts on AAA
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2015 21:30:49 -0000
I have some contrary thoughts on the AAA section of this document. Section 4.1 tries to describe requirements wherein the I2RS Clients may request for subsets of AAA policy to be exported to the Client so that the client may enforce them. While this seems like a nice way to scale the operations, in some cases disclosing those policies (even if we find a good way to encode the AAA validation in a generic enough way to distribute) may accidentally disclose information that is otherwise intended to be secure. I would seek comment from the security directorate, but I suspect we don't want to do this. But in section 4.4, we try to discuss availability. The first sentence immediately says "enforcement should not remain local", while one way to enable security in some environments is to distribute and synchronize policy to be enforced locally. It then goes on to talk about general availability mechanisms and then we further dive into security against DoS. I believe we may be boiling the ocean a bit to try to go into too many details about the design of secure AAA systems. It seems a bit out of scope for I2RS to do such work; we should defer to work done elsewhere on the topic, if it exists. If it doesn't exist, I'm not sure we should do it. What is right for us to point out is, "If we use a remote AAA mechanism, it must be robust in hostile environments". Expand that as you will, but being too proscriptive is not our job. -- Jeff
- [i2rs] draft-mglt-i2rs-security-environment-reqs-… Jeffrey Haas
- Re: [i2rs] draft-mglt-i2rs-security-environment-r… Daniel Migault