Re: [mpls] Stephen Farrell's No Objection on draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf-15: (with COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 19 November 2015 15:28 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47C241B2B76; Thu, 19 Nov 2015 07:28:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.886
X-Spam-Level:
X-Spam-Status: No, score=-4.886 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0foPpLVw6oSi; Thu, 19 Nov 2015 07:28:07 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F7F01B2B81; Thu, 19 Nov 2015 07:27:54 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0C16BBE64; Thu, 19 Nov 2015 15:27:52 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s726Dd3OvQDx; Thu, 19 Nov 2015 15:27:51 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 296AFBE55; Thu, 19 Nov 2015 15:27:51 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1447946871; bh=upRWs+pvS4K1Rm3Y58NH3xGjcPWzQZUCvcn4W5UMd0o=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=f13yLs2jS8+mIEJ9fNbRgeDgtkuIm5l+YdfhBDpiY8hgQ9IwHHLbmtI67T26aJjPL WTmRXaZG/XPCWqOLCN4ez4ocBM4jaOtZNPOcMCoivbXqsawkXUE0uA74UHoXxO9CWR jXZ93DTioNpCQV6XxPG7lPaN2KWa8XHQ42gztgZk=
To: Gregory Mirsky <gregory.mirsky@ericsson.com>, The IESG <iesg@ietf.org>
References: <20151119003257.1445.91117.idtracker@ietfa.amsl.com> <7347100B5761DC41A166AC17F22DF11221942DFE@eusaamb103.ericsson.se> <564DD02A.6020500@cs.tcd.ie> <7347100B5761DC41A166AC17F22DF1122194416C@eusaamb103.ericsson.se> <564DE26E.4070203@cs.tcd.ie> <7347100B5761DC41A166AC17F22DF1122194421C@eusaamb103.ericsson.se>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <564DEA76.8050501@cs.tcd.ie>
Date: Thu, 19 Nov 2015 15:27:50 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <7347100B5761DC41A166AC17F22DF1122194421C@eusaamb103.ericsson.se>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/2GKR04DGbdUQfgB5LA3voxtjhHI>
Cc: "draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf.all@ietf.org" <draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf.all@ietf.org>, "draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf@ietf.org" <draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf@ietf.org>, "rcallon@juniper.net" <rcallon@juniper.net>, "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, "mpls@ietf.org" <mpls@ietf.org>
Subject: Re: [mpls] Stephen Farrell's No Objection on draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf-15: (with COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2015 15:28:15 -0000

Thanks Gregory, we're all set so.
S.

On 19/11/15 15:27, Gregory Mirsky wrote:
> Hi Stephen,
> 
> many thanks for your consideration and patience. I've captured changes to the text we've discussed:
> 
> ·         added to 2.2.4 “Simple Password SHOULD NOT be used if other authentication types are available.”
> 
> ·         removed from section 6 “and is assumed to use an off-line mechanism or an established secure key-exchange protocol” just leaving it as “Thus the exchange of security parameters (such as keys) for use in securing OAM is outside the scope of this document.”
> 
> ·         to your last question – I don’t have information about such analysis.
> 
> I have prepared the new version to address comments from you and Ben Campbell.
> 
> 
> 
> Regards,
> 
>         Greg
> 
> 
> 
> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
> Sent: Thursday, November 19, 2015 6:54 AM
> To: Gregory Mirsky; The IESG
> Cc: draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf.all@ietf.org; draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf@ietf.org; rcallon@juniper.net; mpls-chairs@ietf.org; mpls@ietf.org
> Subject: Re: Stephen Farrell's No Objection on draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf-15: (with COMMENT)
> 
> 
> 
> 
> 
> Hiya,
> 
> 
> 
> Coupla bits more below...
> 
> 
> 
> On 19/11/15 14:44, Gregory Mirsky wrote:
> 
>> Hi Stephen, thank you for the clarifications. More in-line answers now
> 
>> tagged GIM2>>.
> 
>>
> 
>> Regards, Greg
> 
>>
> 
>> -----Original Message----- From: Stephen Farrell
> 
>> [mailto:stephen.farrell@cs.tcd.ie] Sent: Thursday, November 19, 2015
> 
>> 5:36 AM To: Gregory Mirsky; The IESG Cc:
> 
>> draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf@ietf.org<mailto:draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf@ietf.org>;
> 
>> draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf.all@ietf.org<mailto:draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf.all@ietf.org>;
> 
>> mpls-chairs@ietf.org<mailto:mpls-chairs@ietf.org>; rcallon@juniper.net<mailto:rcallon@juniper.net>; mpls@ietf.org<mailto:mpls@ietf.org> Subject: Re:
> 
>> Stephen Farrell's No Objection on
> 
>> draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf-15: (with COMMENT)
> 
>>
> 
>>
> 
>> Hiya,
> 
>>
> 
>> On 19/11/15 04:03, Gregory Mirsky wrote:
> 
>>> Hi Stephen,
> 
>>>
> 
>>> thank you for your review and comments. Please find my answers
> 
>>> in-line and tagged GIM>>. Hope we can find good solution to address
> 
>>> your concern with BFD security.
> 
>>>
> 
>>>
> 
>>>
> 
>>> Regards,
> 
>>>
> 
>>> Greg
> 
>>>
> 
>>>
> 
>>>
> 
>>> -----Original Message----- From: Stephen Farrell
> 
>>> [mailto:stephen.farrell@cs.tcd.ie] Sent: Wednesday, November 18,
> 
>>> 2015 4:33 PM To: The IESG Cc:
> 
>>> draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf@ietf.org<mailto:draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf@ietf.org>;
> 
>>> draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf.all@ietf.org<mailto:draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf.all@ietf.org>;
> 
>>> mpls-chairs@ietf.org<mailto:mpls-chairs@ietf.org>; rcallon@juniper.net<mailto:rcallon@juniper.net>; mpls@ietf.org<mailto:mpls@ietf.org> Subject:
> 
>>> Stephen Farrell's No Objection on
> 
>>> draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf-15: (with COMMENT)
> 
>>>
> 
>>>
> 
>>>
> 
>>> Stephen Farrell has entered the following ballot position for
> 
>>>
> 
>>> draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf-15: No Objection
> 
>>>
> 
>>>
> 
>>>
> 
>>> When responding, please keep the subject line intact and reply to all
> 
>>> email addresses included in the To and CC lines. (Feel free to cut
> 
>>> this introductory paragraph, however.)
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>> Please refer to
> 
>>> https://www.ietf.org/iesg/statement/discuss-criteria.html
> 
>>>
> 
>>> for more information about IESG DISCUSS and COMMENT positions.
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>> The document, along with other ballot positions, can be found
> 
>>> here:
> 
>>>
> 
>>> https://datatracker.ietf.org/doc/draft-ietf-mpls-lsp-ping-mpls-tp-oam
> 
>>> -
> 
>>>
> 
>>>
> 
> conf/
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>> ---------------------------------------------------------------------
> 
>>> -
> 
>>>
> 
>>>
> 
>>>
> 
> COMMENT:
> 
>>>
> 
>>> ---------------------------------------------------------------------
> 
>>> -
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>
> 
> - 2.1.1, is there any chance of moving on from the "Keyed SHA1"
> 
>>>
> 
>>> from RFC5880 to e.g. HMAC-SHA256 for this? We're generally trying to
> 
>>> get that kind of transition done as we can and moving to use of a
> 
>>> standard integrity check rather than a more home-grown one has some
> 
>>> benefits. The HMAC-SHA1-like thing you're doing is still probably ok,
> 
>>> (though could maybe do with crypto eyeballs on it as there may have
> 
>>> been relevant new results since 2010) but future-proofing would
> 
>>> suggest moving to HMAC-SHA256 if we can. (I can imagine such a change
> 
>>> might require a new document, but am asking anyway:-)
> 
>>>
> 
>>> GIM>> The fact is that we're bound by what is defined in RFC 5880.
> 
>>
> 
>> I wonder for how long though, that's now a five year old RFC.
> 
>> Assuming it takes a few years for new deployments to pick up new
> 
>> algorithms, isn't it time that a whole bunch of algorithm choices were
> 
>> revisited?
> 
>>
> 
>>> There was a proposal to strengthen BFD security BFD Generic
> 
>>> Cryptographic
> 
>>> Authentication<http://tools.ietf.org/html/draft-bhatia-bfd-crypto-aut
> 
>>> h
> 
>>>
> 
>>>
> 
> -03>
> 
>>> but the document had expired.
> 
>>
> 
>> Pity that.
> 
>>
> 
>>> - 2.1.1, I'd recommend saying any password auth-type MUST NOT be used
> 
>>> - would that be possible?
> 
>>>
> 
>>> GIM>> I think that we’ll need to make changes to RFC 5880 first
> 
>>> (5880bis?).
> 
>>
> 
>> I don't see any reason why that is true. This document can easily say
> 
>> "you MUST NOT use the horribly weak option specified in that old RFC"
> 
>> with changing that old RFC.
> 
>>
> 
>> GIM2>> Would adding the following in Section 2.2.4 BFD Authentication
> 
>> sub-TLV to AuthType explanation address your concern: Simple Password
> 
>> SHOULD NOT be used if other authentication types are available.
> 
> 
> 
> Yes, I think adding that (or similar) is a nice improvement. We may as well try discourage what we know are the weakest options.
> 
> 
> 
>>
> 
>>> Besides, there’s RFC 7487 that describes RSVP-TE extensions to
> 
>>> configure MPLS-TP OAM.
> 
>>
> 
>>
> 
>>>
> 
>>>
> 
>>>
> 
>>> - section 6 - what "established secure key-exchange protocol"
> 
>>>
> 
>>> is available to use here?
> 
>>>
> 
>>> GIM>> The document considers key exchange mechanisms being outside
> 
>>> its scope. Mechanisms used only assumed and not discussed at length
> 
>>> in the document.
> 
>>
> 
>> I did not ask if you should specify something here. I asked what
> 
>> exists that is usable? If the answer is "nothing" then the text in the
> 
>> draft would be misleading wouldn't it? GIM2>> PKI (Public Key
> 
>> Infrastructure)
> 
> 
> 
> Huh? Sure one could invent a way to use PKI to help here. But that's be a new thing.
> 
> 
> 
> So if we're agreed that that would require invention, doesn't that mean that there is no existing usable mechanism and hence that the current text is misleading?
> 
> 
> 
> I'd say just strike the misleading sentence.
> 
> 
> 
>>
> 
>>> - (this is sort of off-topic) I find an architecture like this where
> 
>>> a packet traversing a network has quite so many side-effects a bit
> 
>>> hard to grok. Do you have a pointer to something (not too
> 
>>> long:-) that explains the consequences of that?
> 
>>>
> 
>>> GIM>> The first paragraph of the Security Considerations section
> 
>>> refers to some scenarios that may suffice due to conditions
> 
>>> (overload) in the management plane. The third paragraph of the same
> 
>>> section notes need to have sufficient security mechanism for LSP Ping
> 
>>> communication.
> 
>>
> 
>> You're mis-interpreting me, I guess because my question wasn't clear.
> 
>> My question above was a simple request for some background information
> 
>> about the consequences of this architecture, and was not a direct
> 
>> criticism of or comment on this draft. (Now if it turns out there is
> 
>> no background material on the consequences of this architecture, then
> 
>> that would be very interesting.)
> 
>>
> 
>> GIM2>> I see now that I've misread the question. LSP Ping, being
> 
>> Request-Reply mechanism with elaborate status reporting, provides
> 
>> self-throttling and sufficient self-diagnostic. In the document we're
> 
>> not discussing what happens if and when Echo request with OAM
> 
>> configuration TLVs times-out because of no Echo reply received as that
> 
>> is implementation specific. At the same time, implementation
> 
>> experience suggests that all of MPLS-TP OAM configuration can be
> 
>> communicated in a single Echo request thus minimizing network impact.
> 
> 
> 
> Sure - I do get that the MPLS WG has consensus on this approach and that'd only be the case if you think it works well. What I'm not at all sure about is whether or not anyone has figured out what happens if one runs (or abuses) a network managed in such a manner. Hence my asking for a pointer to somewhere that has that kind of analysis.
> 
> But if we don't have one, we don't have one. (And again, that's not a comment on this document really, just me asking for some more background info.)
> 
> 
> 
> Cheers,
> 
> S.
> 
> 
> 
> 
> 
>>
> 
>> Cheers, S.
> 
>>
> 
>>
> 
>>>
> 
>>>
> 
>>>
> 
>>>