Re: [karp] [OPSEC] FW: WG LC: draft-ietf-karp-ops-model-05 to Informational

"George, Wes" <wesley.george@twcable.com> Wed, 03 April 2013 15:21 UTC

Return-Path: <wesley.george@twcable.com>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58C2721F8F35 for <karp@ietfa.amsl.com>; Wed, 3 Apr 2013 08:21:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.713
X-Spam-Level:
X-Spam-Status: No, score=-0.713 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oe3epJ2pu0mu for <karp@ietfa.amsl.com>; Wed, 3 Apr 2013 08:21:49 -0700 (PDT)
Received: from cdpipgw02.twcable.com (cdpipgw02.twcable.com [165.237.59.23]) by ietfa.amsl.com (Postfix) with ESMTP id 7A71521F8F41 for <karp@ietf.org>; Wed, 3 Apr 2013 08:21:47 -0700 (PDT)
X-SENDER-IP: 10.136.163.10
X-SENDER-REPUTATION: None
X-IronPort-AV: E=Sophos;i="4.87,402,1363147200"; d="scan'208";a="51302005"
Received: from unknown (HELO PRVPEXHUB01.corp.twcable.com) ([10.136.163.10]) by cdpipgw02.twcable.com with ESMTP/TLS/RC4-MD5; 03 Apr 2013 11:21:17 -0400
Received: from PRVPEXVS15.corp.twcable.com ([10.136.163.78]) by PRVPEXHUB01.corp.twcable.com ([10.136.163.10]) with mapi; Wed, 3 Apr 2013 11:21:36 -0400
From: "George, Wes" <wesley.george@twcable.com>
To: "draft-ietf-karp-ops-model@tools.ietf.org" <draft-ietf-karp-ops-model@tools.ietf.org>
Date: Wed, 3 Apr 2013 11:21:35 -0400
Thread-Topic: [OPSEC] FW: [karp] WG LC: draft-ietf-karp-ops-model-05 to Informational
Thread-Index: AQHOLxXw3vWrcjE1GEWl9qEmYdf7sZjCpHeQgAHiHVA=
Message-ID: <2671C6CDFBB59E47B64C10B3E0BD5923042D13FDBA@PRVPEXVS15.corp.twcable.com>
References: <FCD2CF6A-993E-49EE-8888-1A5384191462@cisco.com> <E8D17DEB-2CD2-47C8-8CB7-2F47FA094E9B@cisco.com> <67832B1175062E48926BF3CB27C49B240C8C7837@xmb-aln-x12.cisco.com>
In-Reply-To: <67832B1175062E48926BF3CB27C49B240C8C7837@xmb-aln-x12.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Wed, 03 Apr 2013 08:27:38 -0700
Cc: "karp@ietf.org" <karp@ietf.org>
Subject: Re: [karp] [OPSEC] FW: WG LC: draft-ietf-karp-ops-model-05 to Informational
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2013 15:21:50 -0000

I've reviewed this draft before at Sam's request, so I don't have a lot of comments, but here are a few items I see in the most recent version in WGLC.

3.2 key expiration -- Might be useful to have a pointer to 6.2 where handling expiration faults is discussed in more detail. Also, would it be appropriate to discuss a config knob to more finely control expiration handling? I'm thinking of something that would allow a fail-open or fail-safe condition, where expiration generates a fairly insistent warning but instead of immediately tearing down that session, the implementation will maintain the session as long as it stays up, but if it goes down for some other reason (lost connectivity, etc.) it will not be permitted to re-establish until the expired key is addressed. I'm sure there are some security risks to this, but it might be a useful tradeoff for folks still getting the hang of managing key expiration.

5. Grouping peers - need to be able to ungroup a peer or peers without impacting routing - one of the problems with things like BGP Peer groups using a common MD5 password today is that if you need to change the password, you affect the entire peer group at once. The ability to override a group config with a peer-specific config as an extension of key rollover provides a lot of flexibility, such that it may be useful to make that an explicit requirement. This is discussed some in Section 7, but may need some companion text here.

6.1 - not sure I'd assume that proper procedures are in place to be followed. The overlap between "Router people" and "security people" is often limited, so I'm of the mind that some amount of specifics in terms of rules of thumb are useful, or at least discussing what if anything might be different in handling this provisioning step.
see also draft-ietf-sidr-rtr-keying's discussion of provisioning a router. Discussion on some of that in my review of that document. Thread here: http://www.ietf.org/mail-archive/web/sidr/current/msg05659.html


Thanks,

Wes George


> -----Original Message-----
> From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf
> Of Gunter Van de Velde (gvandeve)
> Sent: Tuesday, April 02, 2013 5:11 AM
> To: opsec@ietf.org
> Cc: Joel Halpern
> Subject: [OPSEC] FW: [karp] WG LC: draft-ietf-karp-ops-model-05 to
> Informational
>
> Dear OPSEC WG,
>
> Please take some time to comment upon draft-ietf-karp-ops-model-05.
>
> Make take your comments direct to the authors and copy the KARP WG.
>
> The KARP working group is designing improvements to the cryptographic
> authentication of IETF routing protocols.  These improvements include
> improvements to how integrity functions are handled within each protocol
> as well as designing an automated key management solution.
>
> Kind Regards,
> G/ (OPSEC Co-chair)
>
> > From: Brian Weis <bew@cisco.com>
> > Subject: [karp] WG LC: draft-ietf-karp-ops-model-05 to Informational
> > Date: March 26, 2013 5:00:19 PM PDT
> > To: "karp@ietf.org" <karp@ietf.org>
> >
> > This begins a two week WG last call to determine if folks will support
> the chairs to submit
> >     <http://tools.ietf.org/html/draft-ietf-karp-ops-model-05>
> > to our AD for publication as an Informational RFC.
> >
> > Please send comments of support, or raising issues or concerns, to the
> WG email list by 5pm PDT on 9-April-2013.
> >
> > Thank you,
> > Joel M. Halpern
> > and Brian Weis
> > co-chairs
> > _______________________________________________
> > karp mailing list
> > karp@ietf.org
> > https://www.ietf.org/mailman/listinfo/karp
>
> --
> Brian Weis
> Security Engineering, SRG, Cisco Systems
> Telephone: +1 408 526 4796
> Email: bew@cisco.com
>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec

This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.