IETF Logo Mail Archive

Re: [Lsr] Paul Wouters' Discuss on draft-ietf-lsr-ospfv3-srv6-extensions-12: (with DISCUSS)

Paul Wouters <paul.wouters@aiven.io> Thu, 08 June 2023 01:03 UTC

Return-Path: <paul.wouters@aiven.io>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0064C14CF1C for <lsr@ietfa.amsl.com>; Wed, 7 Jun 2023 18:03:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6cG-PoTq9Z-q for <lsr@ietfa.amsl.com>; Wed, 7 Jun 2023 18:03:54 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70D9CC1519BE for <lsr@ietf.org>; Wed, 7 Jun 2023 18:03:54 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id ffacd0b85a97d-30ad8f33f1aso38791f8f.0 for <lsr@ietf.org>; Wed, 07 Jun 2023 18:03:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1686186232; x=1688778232; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+5GjCEvAZictg1pwT9eF8ONoAvMQXY6OiC4nEITnTCw=; b=hO52XAoL5Tt1hsECRqCgt4/C+AGBvCN6FVOViWsccuDgwVPrSHHkkulpkKPW5HmpqF L1ivoYjSBZ6ZfMpcF/CXgexm2IMRLIXwruw74sdDBmSYZJ6ws87csDKiPB//I5G+nXdr hvkePZ7IdLV0ozakpDwVgTUp2a4KVZwHh5c/4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686186232; x=1688778232; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+5GjCEvAZictg1pwT9eF8ONoAvMQXY6OiC4nEITnTCw=; b=c+Hd/JVJPPt4wCG7pA/iI64lTEmQLCatBahjHaaOSFQDYh1EKj/ATZUGNQgIjShEUw 4auQ7QzPIpqvRcjjnlhn+sS2SL3coLReUWcf0BXG+DO17HSWbIbrNLxYXzMTSeE8yrfx ITR6Z9+s72rXOBB7l6gAPfcU+dKLfAypOAm0TDNKvdjsyrGiHrTtL/rK7StlzdUgmQ2y gJ63Cj85KstYsRbFnFYsaNxp/1WkEI62PQdPSO5se/JvJvq+Bavr5RJDoy68PV5hQZZ3 G7Ej32O2SeyO43JDoMIyNlmj9oGQ9tgu7b3YERi0c+r9kJE3/jdpN09VVJIkKSnz8ORC BeRg==
X-Gm-Message-State: AC+VfDzqYZxEALTreltsGDqMF5C2o2+vAw9zpKMKAZylg88LbVmFKPo+ 78A9s/hrj8S0t8JjnBSRseSw7STbBbv08gAIteKZWQ==
X-Google-Smtp-Source: ACHHUZ43DFk6GiwWxpuOOsUqETzmFaBAmgTvZGEMyezSbps0/IDu+A61VuXlT5YF1AwYqn12V5pRZarBfU0BmF2mPP8=
X-Received: by 2002:adf:fc4a:0:b0:306:41d3:fca8 with SMTP id e10-20020adffc4a000000b0030641d3fca8mr5813242wrs.69.1686186232262; Wed, 07 Jun 2023 18:03:52 -0700 (PDT)
MIME-Version: 1.0
References: <168610220338.34430.15072739455708201495@ietfa.amsl.com> <CAH6gdPxgCCJ5ERmy-nx-S2iA1TFEqqm-O=WTUHmT=hWHrJQqKQ@mail.gmail.com>
In-Reply-To: <CAH6gdPxgCCJ5ERmy-nx-S2iA1TFEqqm-O=WTUHmT=hWHrJQqKQ@mail.gmail.com>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Wed, 07 Jun 2023 21:03:41 -0400
Message-ID: <CAGL5yWZYQx9V2i-fEdRVmBOUigHW6tCBw60WfjgWPVDjKUHrvQ@mail.gmail.com>
To: Ketan Talaulikar <ketant.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-lsr-ospfv3-srv6-extensions@ietf.org, lsr-chairs@ietf.org, lsr@ietf.org, acee@cisco.com
Content-Type: multipart/alternative; boundary="000000000000664a2505fd93d343"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/L5zSnx2E7ZI5-GxsKmRuEAtAuew>
Subject: Re: [Lsr] Paul Wouters' Discuss on draft-ietf-lsr-ospfv3-srv6-extensions-12: (with DISCUSS)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 01:03:59 -0000

On Wed, Jun 7, 2023 at 2:17 AM Ketan Talaulikar <ketant.ietf@gmail.com>
wrote:

> Hi Paul,
>
> This document is specifying extensions for OSPFv3 for SRv6. Any discussion
> related to changing or improving security for base OSPFv3 protocol would be
> outside the scope of this document.
>

I agree, but then perhaps the Security Considerations could indicate that
more clearly. Right now it is making claims that if you want to use this
draft (so this extension) securely, go look at these IKEv1 things. I am
fine with an extension that uses whatever the core and other extensions use
for security. (and that hopefully someone will look at upgrading those
oudated security methods references in the core protocol in the near
future).


> Regarding IPSec and IKE, FWIW, lately I have seen operators requesting
> RFC7166 (OSPFv3 Auth Trailer) over the IPSec method of RFC5340.
>

7166 does seem like a better method than the 4552 Manual Keying for IPsec
method. Please consider giving that recommendation a bit
more weight than 4552.


>
> That said, can you please check on my response and proposed text changes
> to Roman and let me know if those work for you?
>
> https://mailarchive.ietf.org/arch/msg/lsr/51bzckFrw_YCtIGiA1BikDVhyoU/
>

As that is still recommending 4552 equally to 7166, I think it is a bit
problematic. As per RFC 8221:
https://datatracker.ietf.org/doc/html/rfc8221#section-3

   Manual keying SHOULD NOT be used, as it is inherently dangerous.
   Without any secure keying protocol, such as IKE, IPsec does not offer
   Perfect Forward Secrecy (PFS) protection; there is no entity to
   ensure the refreshing of session keys, the tracking of Security
   Parameter Index (SPI) uniqueness, and the single use of nonces,
   Initialization Vectors (IVs), and counters.  This document was
   written for deploying ESP/AH using IKE [RFC7296
<https://datatracker.ietf.org/doc/html/rfc7296>] and assumes that
   keying happens using IKEv2 or higher.

   If manual keying is used regardless, Counter Mode algorithms such as
   ENCR_AES_CTR, ENCR_AES_CCM, ENCR_AES_GCM, and ENCR_CHACHA20_POLY1305
   MUST NOT be used, as it is incompatible with a secure and persistent
   handling of the counter (as explained in the Security Considerations
   section of [RFC3686
<https://datatracker.ietf.org/doc/html/rfc3686>]).  This particularly
applies to IoT devices that
   have no state across reboots.  At the time of writing, ENCR_AES_CBC
   is the only mandatory-to-implement encryption algorithm suitable for
   manual keying.


If 4552 is mentioned, perhaps caveat it with a reference to RFC 8221
Section 3 ?

Paul

On Wed, Jun 7, 2023 at 7:13 AM Paul Wouters via Datatracker <
> noreply@ietf.org> wrote:
>
>> Paul Wouters has entered the following ballot position for
>> draft-ietf-lsr-ospfv3-srv6-extensions-12: Discuss
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>>
>>
>> Please refer to
>> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
>> for more information about how to handle DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-lsr-ospfv3-srv6-extensions/
>>
>>
>>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>> I have a DISCUSS similar to Roman:
>>
>> Existing security extensions as described in [RFC5340] and [RFC8362]
>> apply to
>> these SRv6 extensions. While OSPFv3 is under a single administrative
>> domain,
>> there can be deployments where potential attackers have access to one or
>> more
>> networks in the OSPFv3 routing domain. In these deployments, stronger
>> authentication mechanisms such as those specified in [RFC4552] or
>> [RFC7166]
>> SHOULD be used.
>>
>> RFC5340 does say to use IPsec, but because of the "group" setting, IKE
>> could
>> not be used (I guess it pre-dates or didn't want to use Group DOI (GDOI)
>> RFC3547 and Group Secure Association Key Management Protocol (GSAKMP)
>> RFC4535).
>> But RFC 4552 is recommending IPsec with manual keying, which is no longer
>> really possible with AEAD ciphers (eg AES-GCM, which you would want to
>> use for
>> performance). It does state:
>>
>>    Future specifications can explore the usage of protocols like
>>    Kerberized Internet Negotiation of Keys/Group Secure Association Key
>>    Management Protocol (KINK/GSAKMP) when they are widely available.
>>
>> But I don't think KINK/GSAKMP became widely available. GDOI has seen some
>> but
>> not much implementation.
>>
>> Furthermore, RFC4535 is also a (not widely implemented) IKEv1 extension.
>> This
>> cannot be recommended anymore because IKEv1 itself is obsolete (see
>> RFC9395)
>>
>> Updated advise would be to use draft-ietf-ipsecme-g-ikev2 "Group Key
>> Management
>> using IKEv2, but again we don't know yet if this will be widely
>> available. That
>> puts us back at "use manual keying or this soon to hopefully be available
>> IKEv2
>> RFC", except that with AEADs, we also cannot recommend manual keying
>> anymore.
>>
>> I am not sure what to recommend as text here. Removing all IKEv1
>> references and
>> putting draft-ietf-ipsecme-g-ikev2 there and saying manual keying MUST
>> NOT be
>> used is not a good security recommendation either.
>>
>>
>>
>>
>>
>>

v2.23.0 | Report a Bug | By Email