IETF Logo Mail Archive

Re: [karp] Last Call: <draft-ietf-ospf-auth-trailer-ospfv3-05.txt> (Supporting Authentication Trailer for OSPFv3) to Proposed Standard

Sam Hartman <hartmans-ietf@mit.edu> Mon, 15 August 2011 17:25 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDBBB21F8CAB; Mon, 15 Aug 2011 10:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.899
X-Spam-Level:
X-Spam-Status: No, score=-103.899 tagged_above=-999 required=5 tests=[AWL=-1.634, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t58oAqMT3bPq; Mon, 15 Aug 2011 10:25:32 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id F06C621F8C9E; Mon, 15 Aug 2011 10:25:31 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 1BF3D2014E; Mon, 15 Aug 2011 13:28:43 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 6355742B7; Mon, 15 Aug 2011 13:25:58 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf@ietf.org
References: <20110719145739.5942.53564.idtracker@ietfa.amsl.com>
Date: Mon, 15 Aug 2011 13:25:58 -0400
In-Reply-To: <20110719145739.5942.53564.idtracker@ietfa.amsl.com> (The IESG's message of "Tue, 19 Jul 2011 07:57:39 -0700")
Message-ID: <tsl7h6ed1sp.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: ospf@ietf.org, karp@ietf.org
Subject: Re: [karp] Last Call: <draft-ietf-ospf-auth-trailer-ospfv3-05.txt> (Supporting Authentication Trailer for OSPFv3) to Proposed Standard
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2011 17:25:33 -0000

Hi. I've reviewed the draft-ietf-ospf-auth-trailer-ospfv3-05 for
consistency with draft-ietf-karp-ospf-analysis.  KARP is chartered to
figure out what improvements we need in routing protocol
authenticationq. While draft-ietf-karp-ospf-analysis has not been
approved by the WG, I think it's fairly close to our current thinking on
what needs to be done to OSPF authentication.  I believe we should
either be consistent with that thinking or  if during the discussion we
discover that what we're doing in KARP is incorrect decide to update the
KARP document.

Based on this review I have a few recommendations for the OSPF v3
authentication trailers document.

1) The v3 authentication trailer takes a step back in the ability to
rekey security associations both from OSPF v2, from IPsec for OSPF v3
and from draft-ietf-karp-crypto-tables. At the top of page 231 of RFC
2328, OSPF v2 security associations are defined with four lifetimes:
KeyStartGenerate, KeyStartAccept, KeyStopGenerate and
KeyStopAccept. Similarly, RFC 4301 defines a lifetime value for the SAs
used by OSPFv3; in that case, whether an SA is an outbound or inbound SA
controls whether it can be used for reception, generation or both at the
current time. In the KARP crypto tables, lifetimes related to when
packets can be sent are included: SAs are deleted from the crypto table
to prevent reception. However the V3 auth trailer draft leaves this all
up to implementation defined behavior.
draft-ietf-karp-ospf-analysis indicates that we're going to remind
people of the existing OSPF requirements for keylifetimes because they
are necessary for key rollover.

I believe that draft-ietf-ospf-auth-trailer-ospfv3-05 needs to be
revised to require implementation behavior at least as flexible as
draft-ietf-karp-crypto-tables. That is, associated with each security
association is a time for when sending packets can start with a given SA
and for when it must stop. Infinity and 0 should of course be supported
for the appropriate times.

2) I notice terminology inconsistency between key identifier  and
security association identifier. This should probably be cleaned up,
although it's not that big of a deal.


3) draft-ietf-ospf-analysis says that we are going to solve related
protocol attacks. That is, we recognize that it's quite likely that some
people will use the same preshared key both for OSPF authentication and
for something else. We need to mix something into the key or hash or
something that is unlikely to appear in any other use in order to make
it cryptographically unlikely for the resulting OSPF authentication hash
to be a hash useful in some other protocol or for the hash from some
other protocol to be useful in OSPF.  This draft does not do that.  One
possible way to solve this would be to prepend a constant in front of
the key in the key preparation step or a constant in front of every
packet that gets hashed. The constant should be the same for OSPFv3 and
not used for any other purpose.

v2.23.0 | Report a Bug | By Email