IETF Logo Mail Archive

Re: [Lsvr] lsoe security: tofu, hierarchy, ...?

Victor Kuarsingh <victor@jvknet.com> Mon, 01 April 2019 14:03 UTC

Return-Path: <victor@jvknet.com>
X-Original-To: lsvr@ietfa.amsl.com
Delivered-To: lsvr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 852D5120147 for <lsvr@ietfa.amsl.com>; Mon, 1 Apr 2019 07:03:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jvknet-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dt6KXscrl-At for <lsvr@ietfa.amsl.com>; Mon, 1 Apr 2019 07:03:15 -0700 (PDT)
Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF73B120074 for <lsvr@ietf.org>; Mon, 1 Apr 2019 07:03:15 -0700 (PDT)
Received: by mail-oi1-x22c.google.com with SMTP id v7so7313581oie.8 for <lsvr@ietf.org>; Mon, 01 Apr 2019 07:03:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jvknet-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=vZIio6rdd9R/TOqIL9FzOEgJZvu0sqontpH5v9b/sQU=; b=k94cZhrmU1sCtZ8+8mLYVrhSnl0AXCqS4OupTzEDozEJJXKgg2vlKJQl4H7ZURdd9O vopiz6pQbJVILtQ2F4HqwA7xAfqudXLLYxoHmFpr7M5aXf+89+nmJyk7l2YX6lNqunzI N2DP5Wkcm6P0cRQ+GbqnspzKrd5YuxbtP9zvZwVVmrvFaBeeRpVz6Hy6urHi2eflSFJo 8jwuBzXKAvzCcoPmevOWGk5n001idTiva5Jvr0xQOI8bab8zYHloz7YhrilsJUovaVDf uq/CCfHU0Ss4OUSQAu02vfeBWN1e1AmuvCbtfRatA6em0VSD5hQKlZ/wdKmuO22fwW+7 K0lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=vZIio6rdd9R/TOqIL9FzOEgJZvu0sqontpH5v9b/sQU=; b=LduuC3k7EqjIIw0D28I2WqWOb8mO2YGoAjm71Nptn6uf84DN7AiUHZXKf6kCRNMnCO K+HsnDMxACmn7QmnfXfp8BfjZcA78htR5U5VHBiY3EZfbLqtID/y8nsSoOgZsOGJd2M1 61d3J0aOB8cQdNEyo9c2GKa9mi8xKbNybTW5wjw9gwjEROWSVZBVqYctWqr53Li64vdb jUEbD2rtBYVari2vYqXTbPOfiYuC7EMC3BB/n+YkSwmrvRqCCv2HJWU7ewO2qDtDQm1Y aiYVBZRORqyJ8D38LVT83IXCg8uuBYmX99yPZkx48wMdfJVKdCoXPsLSSYAXttKNRsaQ upoQ==
X-Gm-Message-State: APjAAAXObqUX3x8+gmV16Ymm1YRmN3rzwgTpHsNrgT4SnXLuNcV9UyED HkgVWR3L9N1JsOOw1l8J+K9YeHecKH9m6b4+qHBOHDJ32wA=
X-Google-Smtp-Source: APXvYqxbbNg4Pf5gjxUvjckTm2UPB2wyn0iZZIRwxB0HhlLCGTUPsLcD9QeJ5PKmpSiCt5e/mcDVlg3PqivLh5E5GgQ=
X-Received: by 2002:aca:5bd7:: with SMTP id p206mr13435089oib.128.1554127394578; Mon, 01 Apr 2019 07:03:14 -0700 (PDT)
MIME-Version: 1.0
References: <m2sgv3lwma.wl-randy@psg.com>
In-Reply-To: <m2sgv3lwma.wl-randy@psg.com>
From: Victor Kuarsingh <victor@jvknet.com>
Date: Mon, 01 Apr 2019 10:03:03 -0400
Message-ID: <CAJc3aaM0=1MA3hD-vd2ZW66OaDv5DO8aR7+Vxj-8DoxVSh3Muw@mail.gmail.com>
To: Randy Bush <randy@psg.com>, "lsvr@ietf.org" <lsvr@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004a36fd0585787b8b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsvr/ToozB6V0FxDdJwuPz1ZPH7-1o3I>
Subject: Re: [Lsvr] lsoe security: tofu, hierarchy, ...?
X-BeenThere: lsvr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Vector Routing <lsvr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsvr>, <mailto:lsvr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsvr/>
List-Post: <mailto:lsvr@ietf.org>
List-Help: <mailto:lsvr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsvr>, <mailto:lsvr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2019 14:03:19 -0000

Randy,

Thanks for starting the conversation.

I will have some additional input for you very soon.  It will include more
data on the security front as well as attributes desirable for hosts to
send to first hop network router.

Regards,

Victor K

On Sat, Mar 30, 2019 at 8:24 PM Randy Bush <randy@psg.com> wrote:

> so it's time to get serious about lsoe security.
>
> currently, the OPEN PDU contains a variable length Authentication Data
> blob.
>
> we want to sign all PDUs; though maybe not the KEEPALIVE.  as KEEPALIVEs
> are frequent, we may want to keep them small and not have the crypto
> overhead of validating them.  worth discussing.
>
> i have repeatedly asked for the threat model behind folk's desire for
> PDU security.  perhaps an illustration of two possible paths would help
> clarify why i am undecided.
>
>     Trust On First Use, AKA TOFU: the OPEN might have a key, symmetric
>     or asymmetric, which is automaticaly trusted by the other party, and
>     is used to sign all subsequent PDUs.  the security provided is that
>     you know you are talking to the same party as the one with whom you
>     OPENed.
>
>     CA Hierarchy: the clos could have a CA which signs per-device
>     certificates.  each device would have a (chain to the) root cert by
>     which it could verify the public key in the OPEN and all PDU
>     signatures.  this provides a stronger trust model than TOFU, but is
>     more complex in that one has to maintain a CA hierarchy, have good
>     key signing and distribution mechanisms, anticipate key rolls, etc.
>
> surely there are other models.  i am just trying to illustrate.
>
> i have this fantasy about finessing the draft in such a way that either
> could be used.  but fear that the result would be underspecified to the
> extent that security reviewers would not be happy.
>
> feedback time!
>
> randy
>
> _______________________________________________
> Lsvr mailing list
> Lsvr@ietf.org
> https://www.ietf.org/mailman/listinfo/lsvr
>

v2.23.0 | Report a Bug | By Email