IETF Logo Mail Archive

Re: [Idr] [secdir] Secdir early review of draft-ietf-idr-te-pm-bgp-13

Robert Raszuk <robert@raszuk.net> Fri, 19 October 2018 22:27 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A624131053 for <idr@ietfa.amsl.com>; Fri, 19 Oct 2018 15:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S29gzxZ9UVpl for <idr@ietfa.amsl.com>; Fri, 19 Oct 2018 15:27:51 -0700 (PDT)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0276113102B for <idr@ietf.org>; Fri, 19 Oct 2018 15:27:51 -0700 (PDT)
Received: by mail-qk1-x72e.google.com with SMTP id m8-v6so21976353qka.12 for <idr@ietf.org>; Fri, 19 Oct 2018 15:27:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2jYczE4HcbxNaJgUzTi4Fc0cWIl2qaMzvSLz/Cvqyt4=; b=TbwGCqtG0e2Hy3+PaT7Joof8Xe7UU4Pll85g3VhKKQxVE3nkNBzAXS/8kUq9UOu2Qs hZpim27VvX1744aowUePOJnLcRkfldfw+CejK0lQn7rQbt7RQPpovdU56TtcriwrtEGO Cw+nIIZ6RurLE7FS++kU7t/ZUgUfv3mRwF0k8+j5qF+0sj0tgpoWdbeAx8AUuffn22Li VR7Fdp1EljZyueen5BQK2RBZes1iYty0SDzZ6tqN/kdZOjSYhtlGtvtmbX8LWYvkcQU0 7xpjzTToFYhgx2aPH38HN5EV+yRzVZjBzHESYocdlq8R7Iw01/rj4oiBY0NHEuGldwDW PdZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2jYczE4HcbxNaJgUzTi4Fc0cWIl2qaMzvSLz/Cvqyt4=; b=Z45Wt294Ojtgkb1icHQZuv6axaiUdfyICbZGkJB1dT5er8+UeWgfqBcPGHO+552Ery qElncdtOAmBqNlq3wwUWd40W8WB8eV6U6QTWO8XYazlmy0BrVjmkksK0LlDNmNGPfEqS Sv3atSDha4hkHHs+WBbP23rBTCrcicXZdUXsOWfB8hmZR0HiZnbNUsooOWINZ2Do7QGm VafPJQjL8TjjboHBr3XtpL/FmHVHrRMR4izLRejpcICcDPSbys8NvfrHcdljOMkuY1jO +PpqjnW62D37D0tRumzwatiaNvbokMsUbLk6V0bpiMSL7BfQczf355U8AyANXJn7CD0F s/HA==
X-Gm-Message-State: ABuFfog9lLUoQLYdz1zomtMHPBihUJz42aoM0yOnBLZsrHC+z5NbADJG Y55ESrnkXa7NLhX+hvbWsXMCKyFcLFioH4NZ1x4NRg==
X-Google-Smtp-Source: ACcGV61cnZ4/uAkcP6QbFsoJXFvzSNir21iClbkqbE22H0S9CMqmJEGcG1FeTraGqk3NsDnIJ1F5VP8CqtXtVNbfK98=
X-Received: by 2002:a37:694:: with SMTP id 142-v6mr32868680qkg.189.1539988070098; Fri, 19 Oct 2018 15:27:50 -0700 (PDT)
MIME-Version: 1.0
References: <153972468642.9298.14442375581871750001@ietfa.amsl.com> <ec43e712e8024930831a206f8e843cbb@XCH-ALN-001.cisco.com> <7655493D-9EF0-42FF-B2D3-B9CE4E78178D@gmail.com> <feec42a72bd64f31afbcb3b340dad52b@XCH-ALN-001.cisco.com> <1FFA9449-D03C-4EB6-9D08-BA4A1AA93FE3@gmail.com> <92af26fef2da470d853f292c84f026a0@XCH-ALN-001.cisco.com> <20181019002642.GX19309@kduck.kaduk.org> <CAOj+MMH1=SBV=ikiNE6UHEe1mzf5xKLPOZXnnqPEvyFHTC=83A@mail.gmail.com> <00a601d467af$3c4b90f0$b4e2b2d0$@ndzh.com> <b718ffb671c446adb1666ad9f73f4f82@XCH-ALN-001.cisco.com> <028b01d467ce$402b2400$c0816c00$@ndzh.com> <f20b00331cbf42f49dcc5ab61c8d2d8f@XCH-ALN-001.cisco.com> <03e101d467f3$2bff9130$83feb390$@ndzh.com>
In-Reply-To: <03e101d467f3$2bff9130$83feb390$@ndzh.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Sat, 20 Oct 2018 00:27:41 +0200
Message-ID: <CAOj+MMH79aD2jzeVEWzv=WQS0y6N4VZyoeRmncPna1BtKmCeaA@mail.gmail.com>
To: shares@ndzh.com
Cc: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>, kaduk@mit.edu, idr@ietf.org, draft-ietf-idr-te-pm-bgp.all@ietf.org, ietf@ietf.org, Yoav Nir <ynir.ietf@gmail.com>, secdir@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e09fbd05789c6904"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/iIlDYX0MU18xfswWiogdWokL89Q>
Subject: Re: [Idr] [secdir] Secdir early review of draft-ietf-idr-te-pm-bgp-13
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 22:27:53 -0000

Hello Sue,

However, I would like your feedback on whether you believe RFC7752 has
> security that is equivalent to, less than, or greater than a trusted
> domain?
>
>
>
> The spring routing architecture (RFC8402) indicates that be default SR
> operates within a trusted domain.
>
>
>
> “Traffic MUST be filtered at the domain boundaries. The use of best
> practices to reduce the risk of tampering within the trusted domain is
> important.  Such practices are discussed in [RFC4381
> <https://tools.ietf.org/html/rfc4381>] and are applicable to both SR-MPLS
> and SRv6.”
>


Reading your comments I am also similarly to Les's feelings quite not sure
what the point here is.

SR Architecture while completely irrelevant to this thread talks about
trusted domain in the context of data plane. Bringing in L3VPNs out of the
sudden only because some SR document referred to it's security analysis is
also quite a bizarre maneuver.

With control plane and especially with BGP the notion of trusted vs
untrusted domain is not something anyone can just pick or state on what his
or her believe is.

The short answer is that BGP operates on a per AFI/SAFI basis and level of
trust is directly related to the actual configuration applied including
level of policy inserted when using such apparatus to distribute various
forms of information.

Same SAFI can be configured by one operator quite strictly limiting it to
one AS and someone else will like to share his information with entire
world publishing it to a looking glass. Are we here to restrict this ? What
means of control is there to enforce such restrictions other then perhaps
stating simple recommendation in an advisory fashion that one should be a
bit careful when publishing content of his LSDB or TED beyond devices he
trusts ? **

** Note that even if TE infrastructure addresses or other information are
accidentally leaked - there should be no great immediate harm - since well
managed network prevents on ingress to the domain any flows which would aim
at internal infrastructure address space.

Thx,
R.

v2.23.0 | Report a Bug | By Email