Re: [karp] New Version Notification for draft-mahesh-karp-rsvp-te-analysis-00.txt
Sean Turner <turners@ieca.com> Thu, 28 February 2013 14:30 UTC
Return-Path: <turners@ieca.com>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA9F321F85AF for <karp@ietfa.amsl.com>; Thu, 28 Feb 2013 06:30:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.238
X-Spam-Level:
X-Spam-Status: No, score=-102.238 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHLIP-qDj6Uv for <karp@ietfa.amsl.com>; Thu, 28 Feb 2013 06:30:53 -0800 (PST)
Received: from gateway15.websitewelcome.com (gateway15.websitewelcome.com [67.18.44.26]) by ietfa.amsl.com (Postfix) with ESMTP id 1B65B21F84B8 for <karp@ietf.org>; Thu, 28 Feb 2013 06:30:53 -0800 (PST)
Received: by gateway15.websitewelcome.com (Postfix, from userid 5007) id AB9AEA4AD5EB8; Thu, 28 Feb 2013 08:30:52 -0600 (CST)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway15.websitewelcome.com (Postfix) with ESMTP id 9646EA4AD5E4D for <karp@ietf.org>; Thu, 28 Feb 2013 08:30:52 -0600 (CST)
Received: from [108.45.16.214] (port=49733 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1UB4VY-0004rU-10; Thu, 28 Feb 2013 08:30:52 -0600
Message-ID: <512F6A1A.4020001@ieca.com>
Date: Thu, 28 Feb 2013 09:30:50 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: Mahesh Jethanandani <mjethanandani@gmail.com>
References: <B015CEEC-6440-4865-9E45-5D6739CDAEC8@cisco.com> <A22E9FFF-965B-491D-908C-D9CF88531793@gmail.com>
In-Reply-To: <A22E9FFF-965B-491D-908C-D9CF88531793@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (thunderfish.local) [108.45.16.214]:49733
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 4
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: karp@ietf.org
Subject: Re: [karp] New Version Notification for draft-mahesh-karp-rsvp-te-analysis-00.txt
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2013 14:30:54 -0000
Mahesh, Thanks to you and your co-authors for beating me to this. Stephen Farrell and I actually met with Lou Berger at IETF 85 to lament how RSVP is always the last one pick. We figured if anybody was going to do this analysis it's be one of us - very glad we were wrong. Couple questions (Q#) and some nits (N#): Q1: I think s2 basically says that RSVP-TE uses RSVP so the rest of the draft is just going to talk about RSVP. If that's the case why not move the idea of the 2nd paragraph of s2 to the 2nd to paragraph last in the intro. Maybe something like: Resource Reservation Protocol (RSVP) is a resource reservation setup protocol designed for an integrated services [RFC2205]. RSVP Cryptographic Authentication [RFC2747] describes the format and use of RSVP's INTEGRITY objects to provide hop-by-hop integrity and authentication of RSVP messages. RSVP-TE [RFC3209] is an extension of the RSVP protocol to establish Multi-Protocol Label Switching (MPLS) Label Switch Paths (LSPs). RSVP-TE signaling is used to establish both intra- and inter-domain TE LSPs. NOTE: RSVP is not discussed in this document because it is not in scope for the KARP WG. N1: abstract/intro: expand RSVP and RSVP-TE N2: abstract: r/[RFC6518]/RFC 6518 (no reference in abstract) N3: s1: r/suggests/suggested (matches with described) N4: s1: Maybe instead of "The OPSEC working group ... This document builds on several previous analysis efforts into routing security: o [RFC6039] describes issues with existing cryptographic protection methods for routing protocols o [draft-ietf-karp-ospf-analysis-03] analyzes OSPF security according to KARP Design Guide o [draft-ietf-karp-routing-tcp-analysis] analyzes TCP based protocols including BGP, LDP, PCEP, and MSDP Q2: s2: Don't we need a section on underlying transport where we can use the text from RFC 2205 tell everybody that it runs directly over IP: 2.1. Transport Layer RSVP operates on top of IPv4 or IPv6, occupying the place of a transport protocol in the protocol stack. However, RSVP does not transport application data but is rather an Internet control protocol, like ICMP, IGMP, or routing protocols. ... Q3: Do we need to discuss UDP encapsulation? Q4: s2: How about a new subsection (kind of matches the tcp analysis draft): 2.2. Keying mechanisms There is no automated key management (AKM) mechanism for RSVP. If implemented manual key management is used. and grab the 2nd to last paragraph and stick it in this section. Q5: s2: Is there a current requirement (that came before the IAB workshop) on authenticating RSVP headers and payloads? In this section maybe we just say: 2.3. Message Integrity and Node Authentication RSVP-TE makes use of the RSVP Cryptographic Authentication [RFC2747]. Note that there is currently no RSVP-TE specific security mechanism. RSVP Cryptographic Authentication defines the use of HMAC-MD5 for both message integrity and node authentication. The length of the keyed digests is 128 bits and the RSVP checksum can be disabled in lieu of message digest. No algorithm agility is supported. There is no requirement that the RSVP-TE headers and payload be encrypted. Q6: RSVP discusses user authentication for policy control and secure data streams. Is the policy control stuff used? N5: I'd also probably just have subsections for: 2.* Replay Protection 2.* Out-of-Order Protection 2.* Denial Of Service Protection Where the appropriate text from the existing section gets copied. N6: s3 2nd para: I think the point is that the current mechanism doesn't support cryptographic agility: OLD: In RSVP Cryptographic Authentication [RFC2747], only the usage of MD5 to generate digests for RSVP-TE messages is mentioned. In order to fulfill the requirement of supporting strong algorithms, at least the support of SHA-2 needs to be provided. NEW: In RSVP Cryptographic Authentication [RFC2747], only the usage of MD5 to generate digests for RSVP-TE messages is defined. In order to fulfill the requirement of supporting strong algorithms and cryptographic algorithm agility, at least the support of SHA-2 and the ability to indicate additional algorithms needs to be provided. spt On 12/19/12 11:52 PM, Mahesh Jethanandani wrote: > > >> >> A new version of I-D, draft-mahesh-karp-rsvp-te-analysis-00.txt >> has been successfully submitted by Mahesh Jethanandani and posted to the >> IETF repository. >> >> Filename: draft-mahesh-karp-rsvp-te-analysis >> Revision: 00 >> Title: Analysis of RSVP-TE Security According to KARP Design Guide >> Creation date: 2012-12-16 >> WG ID: Individual Submission >> Number of pages: 12 >> URL: >> http://www.ietf.org/internet-drafts/draft-mahesh-karp-rsvp-te-analysis-00.txt >> Status: http://datatracker.ietf.org/doc/draft-mahesh-karp-rsvp-te-analysis >> Htmlized: http://tools.ietf.org/html/draft-mahesh-karp-rsvp-te-analysis-00 >> >> >> Abstract: >> This document analyzes RSVP-TE according to guidelines set forth in >> section 4.2 of KARP Design Guidelines [RFC6518]. >> >> >> >> >> The IETF Secretariat >> >> > > Mahesh Jethanandani > mjethanandani@gmail.com <mailto:mjethanandani@gmail.com> > > > > > > _______________________________________________ > karp mailing list > karp@ietf.org > https://www.ietf.org/mailman/listinfo/karp >
- [karp] New Version Notification for draft-mahesh-… Mahesh Jethanandani
- Re: [karp] New Version Notification for draft-mah… Sean Turner