IETF Logo Mail Archive

Re: [Idr] [secdir] Secdir early review of draft-ietf-idr-te-pm-bgp-13

Robert Raszuk <robert@raszuk.net> Fri, 19 October 2018 19:08 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9626B131103 for <idr@ietfa.amsl.com>; Fri, 19 Oct 2018 12:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 46_yX7gNaudd for <idr@ietfa.amsl.com>; Fri, 19 Oct 2018 12:08:07 -0700 (PDT)
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1CC51310B1 for <idr@ietf.org>; Fri, 19 Oct 2018 12:08:06 -0700 (PDT)
Received: by mail-qk1-x72d.google.com with SMTP id y8-v6so21642627qka.11 for <idr@ietf.org>; Fri, 19 Oct 2018 12:08:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=92VgnNQG6Nvb8HC/53uTAN9lNf9DVMprREZOoV6o56g=; b=bSLC7C27cn+nJsmgIQVDV9FCGK1d1bx0pxvKCZJh5ETOC7CDi/0NLvzG5kou3ZfRNg TnRQ7WqmXkgVMbY4Xob3+dSntv3P/mEDYwD+ldZGbXyCJIrHSO76Ao3QldoC0N7TBUjy CHluzfZq/ZQ68yHfx68v6j7Z84fnzjRXgLij8Ij9LyOW9WLCFd3+rR44hoYOZMiZGgih 5AZ5FaXAATkGapHU8f3Ycuds4VvpbDex7UcwoML0FO+/8M0k0g/dj6HFaMBZYlgsN9AK jF9wJGXp8h60p4MnRRe+64JNBAclGRbzvZ1j7BX63+mZENcMQHF7UIRz1pbdj6drn/Vs z1cw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=92VgnNQG6Nvb8HC/53uTAN9lNf9DVMprREZOoV6o56g=; b=U3krS7pkPSbR5NLqid1CaYoWzZLENAxuNy81hnwtTmp3ZqSziIdoZC935LkwIns7yE imVwVOtrTCO1KrmybGs1cw/A9otc1nLX1BKo/bXClqk/NuAmVLM6cqjr2i0GYK5mnVuj V++GKR1D9a8nrn9vUqjf00jk4HhuAgGdlXJlkkNJTw/2uhKBKtaJrOReYK+qVWcMavLb 03anHYiEHo5DI9MnZrWREB6sQeMORDQ6lgC0h9/8YXnfvQKqdccMa2Eu5bhetk2jKinP 52rYi3rjOgtsGfMOvMb8mRGDA7JC0+6QQjsnAhKJIL3+8uZnoUT47sjLULOVZ/cp141F EaAw==
X-Gm-Message-State: ABuFfogU7V8ULjxxp0dX0AG1sAKoTrmqn/gC2ICytgELkmJu7Rd0SnIC iTqtdHQq88YFP3FgWSjtwvLbIzfDPqD8ZKsYLK5K+g==
X-Google-Smtp-Source: ACcGV62jACARDjYS3tBkUR4tYuA8HJlh1Glaa88tR80BUPUOTmHcCfm868VGX9w28q5ucL1D5ymPBqhNtwnIRlLqndY=
X-Received: by 2002:a37:9203:: with SMTP id u3-v6mr33219275qkd.72.1539976085804; Fri, 19 Oct 2018 12:08:05 -0700 (PDT)
MIME-Version: 1.0
References: <153972468642.9298.14442375581871750001@ietfa.amsl.com> <ec43e712e8024930831a206f8e843cbb@XCH-ALN-001.cisco.com> <7655493D-9EF0-42FF-B2D3-B9CE4E78178D@gmail.com> <feec42a72bd64f31afbcb3b340dad52b@XCH-ALN-001.cisco.com> <1FFA9449-D03C-4EB6-9D08-BA4A1AA93FE3@gmail.com> <92af26fef2da470d853f292c84f026a0@XCH-ALN-001.cisco.com> <20181019002642.GX19309@kduck.kaduk.org> <CAOj+MMH1=SBV=ikiNE6UHEe1mzf5xKLPOZXnnqPEvyFHTC=83A@mail.gmail.com> <00a601d467af$3c4b90f0$b4e2b2d0$@ndzh.com> <b718ffb671c446adb1666ad9f73f4f82@XCH-ALN-001.cisco.com> <028b01d467ce$402b2400$c0816c00$@ndzh.com>
In-Reply-To: <028b01d467ce$402b2400$c0816c00$@ndzh.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 19 Oct 2018 21:07:56 +0200
Message-ID: <CAOj+MMF-GO6FkLzU4Eh7MDnnOhqKtaSGNVLhGEUQCMKjCXi6qw@mail.gmail.com>
To: shares@ndzh.com
Cc: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>, kaduk@mit.edu, idr@ietf.org, Yoav Nir <ynir.ietf@gmail.com>, secdir@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008ebf0a0578999f1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ctSlLIFBFbI2nJw8nhwByQV_kII>
Subject: Re: [Idr] [secdir] Secdir early review of draft-ietf-idr-te-pm-bgp-13
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 19:08:14 -0000

Hi Sue,

It seems that we have arrived here at a point that indeed further
discussion and clarification is needed.

Yes RFC7752 has issues in the way it is designed ... those issues are there
since day one.

Just to name a few:

* Point to multipoint protocol is used as a container to distribute point
to point information.
* Fate sharing separation is not enforced in any way and various address
families are send via the same BGP infrastructure
* The growth of the amount of information being carried by BGP-LS can
impact bgp processing (ex: update generation) of other types of SAFIs
* More and more applications want have a free ride on this transport -
othen only because it is already there.

We should discuss those in a separate thread if RFC7752bis is needed or
perhaps other work can offer alternate transport for BGP-LS be it
an enforced different TCP session or in general for link state type of data
(BMP analogy for IGP).

*However IMO non of the above is about security. *

SAFIs just do not get advertised automagically to attackers. For further
scoping tools like local BGP policy is already in place today. As mentioned
use of NO-EXPORT can be applied today with no new draft needed.

So to proceed I would like to see a list of valid security issues of
RFC7752. If none will be produced all companion work should be progressed
with their current security sections just referencing RFC7752 or RFC4271.

Kind regards,
Robert



On Fri, Oct 19, 2018 at 7:07 PM Susan Hares <shares@ndzh.com> wrote:

> Les:
>
>
>
> I apologize if my email message was unclear.   We both agree that your
> draft is not related to SR routing.   SR routing is related to BGP-LS as a
> transport mechanism for information.
>
>
>
> I agree that RFC7752 had traffic engineering information.  However, that
> traffic engineering information almost got that draft rejected by the IESG
> at the time.  As my previous message to this list indicated, we got
> agreement on RFC7752 based on limiting that information and the assurance
> that BGP-LS nodes were deployed on a separate set of nodes.  Expanding the
> traffic engineering information beyond RFC7752 re-opens all the security
> issues and questions from RFC7752’s original review.
>
>
>
> The security directorate reviewer is asking these security questions.  The
> security directorate does have people with both routing and security
> experts.
>
>
>
> SR routing is also expanding the information past the original RFC7752.
> The expansions requested by SR routing also re-open those original security
> questions and issues.
>
>
>
> One way to answer these questions is to provide a  RFC7752bis with an
> updated security section.  If you agree with this approach, I suggest
> simply referring to a RFC7752bis that in your security section.   If you
> disagree that an update to the RFC7752bis is required, we can start a
> thread on that point.
>
>
>
> Did this message clarify my earlier brief message?  Do you want to
> continue to discuss the need for RFC7752bis?
>
>
>
> Cheerily, Sue
>

v2.23.0 | Report a Bug | By Email