Re: [Lsr] Paul Wouters' Discuss on draft-ietf-lsr-ospfv3-srv6-extensions-12: (with DISCUSS)
Ketan Talaulikar <ketant.ietf@gmail.com> Thu, 08 June 2023 06:50 UTC
Return-Path: <ketant.ietf@gmail.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 097D2C151B1E; Wed, 7 Jun 2023 23:50:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMSoHjm5_oyG; Wed, 7 Jun 2023 23:50:34 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21EC3C14CEED; Wed, 7 Jun 2023 23:50:34 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-977e0fbd742so38953166b.2; Wed, 07 Jun 2023 23:50:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686207032; x=1688799032; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=naqH38cktYrisWKNPoHs6rQ3PwrpeYRTUF/z7lWi4qI=; b=aP33vCeZhVIN2GR8eCSSQVB7SnJTkj5KaVwAUxB0lEriyM6eaPwmkAslfbjl8U2pmS Vi1KtXxSDCbKaZ3qEBB7ZOG8JWv8bClNJo3Dt2mCiPWTRs5dmOldCLyi2BFNyy6+nE2C E3W64JIk3Fi49rOLG7wLmWHJjL6UED08JdA/HI33PoZ2QuClnvRBy0EnxDzMP65WyuYX PDBKRKHPucb8d/7pyMnfaPkj0pdvjYUzrd/JpC4jKWDWFFMJVqfhKdgkAjUCn9XQgK4S 6KQdActMuAbf0FEyNKVIxJuXQJlZKnLUhiTIkWkXn+c6GY6+y1V2Ii3cDs5hNNPcHFTO zKEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686207032; x=1688799032; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=naqH38cktYrisWKNPoHs6rQ3PwrpeYRTUF/z7lWi4qI=; b=PVqoDZ/6QjXLxdH7az6OpTibdMPO5ETkZaY76RVizIqHEEeAtOjQx1JOsWDD06BX3h IcaTlYY2cqv+vgFno3Tyc+e36nwsGlnLu02tNTdMXnQV13Rocij2cSYOJ0ANGXzpie9F 8xvrPksYqcEEietrXtZrWHO89uzohjhJnOv/7k+98A80nynome75XQ1t6tRTScTc9ShG Hga+0mxIv8as/9lkjfQ514YezMaqA6mOEJLnXgx9rssRwE07JMoRpnf6drgT58i+Pcin 3bojisjTTi0p0mA6OBJ4H6xV2YLIyEeuntMKFlZlctt2C/83OIfZVsoHxCM40OaqOHnO SaRw==
X-Gm-Message-State: AC+VfDwaz/YxOZeXS4wc7uJzrOkRavAO83IJ/Pb63cZWrRPzYXiNWb0f T5vEkL3ZzuuEtZPcUoZ7mtZT0lUbWRgalaNdBmc=
X-Google-Smtp-Source: ACHHUZ5z7KMNVvxae2P6iE3p1/g8oX+4sd3FIinOOVvx2ObspjY3j1P289o8i6A+mwnuWcf/+ul7zFoRZEStwQZ64j0=
X-Received: by 2002:a17:907:7d87:b0:969:7739:2eb7 with SMTP id oz7-20020a1709077d8700b0096977392eb7mr8145967ejc.4.1686207031875; Wed, 07 Jun 2023 23:50:31 -0700 (PDT)
MIME-Version: 1.0
References: <168610220338.34430.15072739455708201495@ietfa.amsl.com> <CAH6gdPxgCCJ5ERmy-nx-S2iA1TFEqqm-O=WTUHmT=hWHrJQqKQ@mail.gmail.com> <CAGL5yWZYQx9V2i-fEdRVmBOUigHW6tCBw60WfjgWPVDjKUHrvQ@mail.gmail.com>
In-Reply-To: <CAGL5yWZYQx9V2i-fEdRVmBOUigHW6tCBw60WfjgWPVDjKUHrvQ@mail.gmail.com>
From: Ketan Talaulikar <ketant.ietf@gmail.com>
Date: Thu, 08 Jun 2023 12:20:18 +0530
Message-ID: <CAH6gdPx0ckAUgd_hq_Sq9RJeLi_8GmjhyFcu94V=D8BtcOHztw@mail.gmail.com>
To: Paul Wouters <paul.wouters@aiven.io>
Cc: The IESG <iesg@ietf.org>, draft-ietf-lsr-ospfv3-srv6-extensions@ietf.org, lsr-chairs@ietf.org, lsr@ietf.org, acee@cisco.com
Content-Type: multipart/alternative; boundary="000000000000271c2905fd98ab4a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/OyIatGSwnNi6Y9kc38ANNUkrsN8>
Subject: Re: [Lsr] Paul Wouters' Discuss on draft-ietf-lsr-ospfv3-srv6-extensions-12: (with DISCUSS)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 06:50:38 -0000
Hi Paul, I have posted an update with text changes to address your concerns: https://datatracker.ietf.org/doc/html/draft-ietf-lsr-ospfv3-srv6-extensions-13 I've tried to steer clear of specifics/details that are outside the scope of this document. Can you please let me know if this works and if not provide some suggestions? Thanks, Ketan On Thu, Jun 8, 2023 at 6:33 AM Paul Wouters <paul.wouters@aiven.io> wrote: > > On Wed, Jun 7, 2023 at 2:17 AM Ketan Talaulikar <ketant.ietf@gmail.com> > wrote: > >> Hi Paul, >> >> This document is specifying extensions for OSPFv3 for SRv6. Any >> discussion related to changing or improving security for base OSPFv3 >> protocol would be outside the scope of this document. >> > > I agree, but then perhaps the Security Considerations could indicate that > more clearly. Right now it is making claims that if you want to use this > draft (so this extension) securely, go look at these IKEv1 things. I am > fine with an extension that uses whatever the core and other extensions use > for security. (and that hopefully someone will look at upgrading those > oudated security methods references in the core protocol in the near > future). > > >> Regarding IPSec and IKE, FWIW, lately I have seen operators requesting >> RFC7166 (OSPFv3 Auth Trailer) over the IPSec method of RFC5340. >> > > 7166 does seem like a better method than the 4552 Manual Keying for IPsec > method. Please consider giving that recommendation a bit > more weight than 4552. > > >> >> That said, can you please check on my response and proposed text changes >> to Roman and let me know if those work for you? >> >> https://mailarchive.ietf.org/arch/msg/lsr/51bzckFrw_YCtIGiA1BikDVhyoU/ >> > > As that is still recommending 4552 equally to 7166, I think it is a bit > problematic. As per RFC 8221: > https://datatracker.ietf.org/doc/html/rfc8221#section-3 > > Manual keying SHOULD NOT be used, as it is inherently dangerous. > Without any secure keying protocol, such as IKE, IPsec does not offer > Perfect Forward Secrecy (PFS) protection; there is no entity to > ensure the refreshing of session keys, the tracking of Security > Parameter Index (SPI) uniqueness, and the single use of nonces, > Initialization Vectors (IVs), and counters. This document was > written for deploying ESP/AH using IKE [RFC7296 <https://datatracker.ietf.org/doc/html/rfc7296>] and assumes that > keying happens using IKEv2 or higher. > > If manual keying is used regardless, Counter Mode algorithms such as > ENCR_AES_CTR, ENCR_AES_CCM, ENCR_AES_GCM, and ENCR_CHACHA20_POLY1305 > MUST NOT be used, as it is incompatible with a secure and persistent > handling of the counter (as explained in the Security Considerations > section of [RFC3686 <https://datatracker.ietf.org/doc/html/rfc3686>]). This particularly applies to IoT devices that > have no state across reboots. At the time of writing, ENCR_AES_CBC > is the only mandatory-to-implement encryption algorithm suitable for > manual keying. > > > If 4552 is mentioned, perhaps caveat it with a reference to RFC 8221 > Section 3 ? > > Paul > > On Wed, Jun 7, 2023 at 7:13 AM Paul Wouters via Datatracker < >> noreply@ietf.org> wrote: >> >>> Paul Wouters has entered the following ballot position for >>> draft-ietf-lsr-ospfv3-srv6-extensions-12: Discuss >>> >>> When responding, please keep the subject line intact and reply to all >>> email addresses included in the To and CC lines. (Feel free to cut this >>> introductory paragraph, however.) >>> >>> >>> Please refer to >>> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ >>> for more information about how to handle DISCUSS and COMMENT positions. >>> >>> >>> The document, along with other ballot positions, can be found here: >>> https://datatracker.ietf.org/doc/draft-ietf-lsr-ospfv3-srv6-extensions/ >>> >>> >>> >>> ---------------------------------------------------------------------- >>> DISCUSS: >>> ---------------------------------------------------------------------- >>> >>> I have a DISCUSS similar to Roman: >>> >>> Existing security extensions as described in [RFC5340] and [RFC8362] >>> apply to >>> these SRv6 extensions. While OSPFv3 is under a single administrative >>> domain, >>> there can be deployments where potential attackers have access to one or >>> more >>> networks in the OSPFv3 routing domain. In these deployments, stronger >>> authentication mechanisms such as those specified in [RFC4552] or >>> [RFC7166] >>> SHOULD be used. >>> >>> RFC5340 does say to use IPsec, but because of the "group" setting, IKE >>> could >>> not be used (I guess it pre-dates or didn't want to use Group DOI (GDOI) >>> RFC3547 and Group Secure Association Key Management Protocol (GSAKMP) >>> RFC4535). >>> But RFC 4552 is recommending IPsec with manual keying, which is no longer >>> really possible with AEAD ciphers (eg AES-GCM, which you would want to >>> use for >>> performance). It does state: >>> >>> Future specifications can explore the usage of protocols like >>> Kerberized Internet Negotiation of Keys/Group Secure Association Key >>> Management Protocol (KINK/GSAKMP) when they are widely available. >>> >>> But I don't think KINK/GSAKMP became widely available. GDOI has seen >>> some but >>> not much implementation. >>> >>> Furthermore, RFC4535 is also a (not widely implemented) IKEv1 extension. >>> This >>> cannot be recommended anymore because IKEv1 itself is obsolete (see >>> RFC9395) >>> >>> Updated advise would be to use draft-ietf-ipsecme-g-ikev2 "Group Key >>> Management >>> using IKEv2, but again we don't know yet if this will be widely >>> available. That >>> puts us back at "use manual keying or this soon to hopefully be >>> available IKEv2 >>> RFC", except that with AEADs, we also cannot recommend manual keying >>> anymore. >>> >>> I am not sure what to recommend as text here. Removing all IKEv1 >>> references and >>> putting draft-ietf-ipsecme-g-ikev2 there and saying manual keying MUST >>> NOT be >>> used is not a good security recommendation either. >>> >>> >>> >>> >>> >>>
- [Lsr] Paul Wouters' Discuss on draft-ietf-lsr-osp… Paul Wouters via Datatracker
- Re: [Lsr] Paul Wouters' Discuss on draft-ietf-lsr… Ketan Talaulikar
- Re: [Lsr] Paul Wouters' Discuss on draft-ietf-lsr… Acee Lindem
- Re: [Lsr] Paul Wouters' Discuss on draft-ietf-lsr… Paul Wouters
- Re: [Lsr] Paul Wouters' Discuss on draft-ietf-lsr… Paul Wouters
- Re: [Lsr] Paul Wouters' Discuss on draft-ietf-lsr… Ketan Talaulikar