IETF Logo Mail Archive

Re: [IPsec] a new IKEv2 labeled security draft is published

"David P. Quigley" <dpquigl@tycho.nsa.gov> Mon, 02 August 2010 14:42 UTC

Return-Path: <dpquigl@tycho.nsa.gov>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9961F3A6A8E for <ipsec@core3.amsl.com>; Mon, 2 Aug 2010 07:42:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j968m7YYcetH for <ipsec@core3.amsl.com>; Mon, 2 Aug 2010 07:42:28 -0700 (PDT)
Received: from msux-gh1-uea01.nsa.gov (msux-gh1-uea01.nsa.gov [63.239.65.39]) by core3.amsl.com (Postfix) with ESMTP id 1515C3A69D0 for <ipsec@ietf.org>; Mon, 2 Aug 2010 07:42:28 -0700 (PDT)
Received: from tarius.tycho.ncsc.mil (localhost [127.0.0.1]) by msux-gh1-uea01.nsa.gov (8.12.10/8.12.10) with ESMTP id o72EgnXs001376; Mon, 2 Aug 2010 14:42:49 GMT
Received: from [144.51.25.2] (moss-terrapins [144.51.25.2]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id o72EgsGN032674; Mon, 2 Aug 2010 10:42:54 -0400
From: "David P. Quigley" <dpquigl@tycho.nsa.gov>
To: Paul Moore <paul.moore@hp.com>
In-Reply-To: <1280758344.3998.23.camel@flek.lan>
References: <4C4FDC80.5020603@oracle.com> <1280522982.4029.24.camel@flek.lan> <1280751488.2673.77.camel@moss-terrapins.epoch.ncsc.mil> <1280756168.3998.8.camel@flek.lan> <1280756248.2673.92.camel@moss-terrapins.epoch.ncsc.mil> <1280758344.3998.23.camel@flek.lan>
Content-Type: text/plain
Organization: National Security Agency
Date: Mon, 02 Aug 2010 10:32:29 -0400
Message-Id: <1280759549.2673.102.camel@moss-terrapins.epoch.ncsc.mil>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.3 (2.26.3-1.fc11)
Content-Transfer-Encoding: 7bit
Cc: ipsec@ietf.org, jarrett.lu@oracle.com
Subject: Re: [IPsec] a new IKEv2 labeled security draft is published
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2010 14:42:29 -0000

On Mon, 2010-08-02 at 10:12 -0400, Paul Moore wrote:
> On Mon, 2010-08-02 at 09:37 -0400, David P. Quigley wrote:
> > On Mon, 2010-08-02 at 09:36 -0400, Paul Moore wrote:
> > > On Mon, 2010-08-02 at 08:18 -0400, David P. Quigley wrote:
> > > > On Fri, 2010-07-30 at 16:49 -0400, Paul Moore wrote:
> > > > > On Wed, 2010-07-28 at 00:30 -0700, jarrett.lu@oracle.com wrote:
> > > > > > A new 00 version of IKEv2 extension for security label has just been 
> > > > > > published:
> > > > > > 
> > > > > > http://tools.ietf.org/html/draft-jml-ipsec-ikev2-security-label-00
> > > > > > 
> > > > > > Authors welcome comments from IPsec community.
> > > > > 
> > > > > Having just read the draft I think it is a bit difficult to perform any
> > > > > in-depth review without the LFS document (which is described as a work
> > > > > in progress); there just isn't any real substance in this draft in my
> > > > > opinion.
> > > > 
> > > > What sort of substance are you looking for? The whole point of the LFS
> > > > document was that we could abstract the actual semantics and format of
> > > > labeling away and focus on the actual protocol instead. The Labeled
> > > > IPSec document should be able to be looked at without having to do so in
> > > > the context of a specific label type.
> > > 
> > > Basically I'm looking for the kind of substance that one could use to
> > > implement the protocol; reading this draft I just don't have that
> > > information.  Perhaps the best example is in section 4.1, "Attribute
> > > Negotiation"; there is only some very vague text about failing
> > > negotiations if the label format is unrecognized, no concrete details
> > > about how to deal with recognized label formats with invalid and/or
> > > unauthorized labels.  I could go on, but hopefully this is enough to
> > > demonstrate my point.
> > 
> > The point of bringing this to the list for discussion is for issue like
> > this to come to the surface so I would ask that you give an extensive
> > list of comments. Handling unauthorized labels has nothing to do with
> > the LFS work so it is definitely something worth bringing to light.
> 
> I only mentioned your LFS draft because it was referenced a few times in
> the IKEv2 security label draft and without a copy of the LFS draft it
> was difficult to determine if it had any additional detail that might
> help in reviewing the IKE draft.
> 
> I would encourage you to publish the LFS draft as soon as possible so
> that we can take a look at both specifications together since the IKE
> draft does have some reliance on the LFS draft.
> 

That's a good idea. I just published the document. You can find it at
the link below[1]. I also posted an email about it to the SAAG so
hopefully there will be some review from there as well.

[1]http://www.ietf.org/id/draft-quigley-label-format-registry-00.txt

> > Now the question is that kind of information would be something
> > traditionally given in the Security Architecture document. When I was
> > talking with Paul Hoffman about the Labeled IPSec document he said that
> > we should remove information that is traditionally associated with the
> > SA document as his assertion was if you're using security labels you
> > already know how to use them. He was of the belief that this document
> > should just be the protocol information and security labels and their
> > usage are not important for this document.
> 
> While leaving large chunks of the protocol out of the specification
> definitely makes it easier to draft (and review for that matter), it
> makes me very nervous when people start implementing the specification
> later down the line as the assumptions you make when developing
> implementation "A" might not work well with the assumptions I make with
> developing implementation "B".  For something as critical as a security
> label protocol, this could have very serious repercussions for users.
> 
> Granted, it is probably foolish (and perhaps not very desirable either)
> to ask for a specification that completely removes all ambiguity, but I
> think the IKE security label draft as currently written is far too vague
> to be useful.  Look at the CALIPSO RFC or even the other IPsec/IKE RFCs
> to see the level of specification detail that, in my opinion, should be
> present in an IETF RFC.
> 

We are accepting text for the document so if there is something you
believe that should be in it such as handling unauthorized labels feel
free to write up some text and send it our way.

Dave

v2.23.0 | Report a Bug | By Email