Re: [mpls] Kathleen Moriarty's Discuss on draft-ietf-mpls-lsp-ping-reply-mode-simple-04: (with DISCUSS)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 30 September 2015 02:39 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B17C01B598C; Tue, 29 Sep 2015 19:39:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9tJwKSEEZRFI; Tue, 29 Sep 2015 19:39:16 -0700 (PDT)
Received: from mail-qg0-x230.google.com (mail-qg0-x230.google.com [IPv6:2607:f8b0:400d:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E283D1B2D37; Tue, 29 Sep 2015 19:39:15 -0700 (PDT)
Received: by qgez77 with SMTP id z77so24041891qge.1; Tue, 29 Sep 2015 19:39:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Fxgl2BztLtzVthXw4b7TOlW2EkpIRgsrngkKbcpigQY=; b=VKZu0TRWd59KXk+MR1hYmjhsHdA9mvgPyhYhpWSCR1HK3FQnGzPFl8kGWkr8Nj5bpW 2aQsELQdrbuK9mRtlnC1froX5qxjpKKh7ZzDpNQOXgDF9jmE1QnPCBrPiqouaTAXM0ot sDF3lRA05D9lg30ayVBmCoCuuO317L3Xxl1YT/My/YUsh8+0NuNZuNwmtyu9YIBcdr0o gF5OS2oEsDLiGSsc+mDvYVeMIkyt9yKF/2S9ynh/Kjvv2pHGlOGSLljINA31bYdKvqZh n2uKAL0nkn1MyyEKEdBfd/q91oACRx8HnhU53I5SReidRu5wsXtMPumA6pEZ+JXa2z5d MpWQ==
X-Received: by 10.140.131.198 with SMTP id 189mr1506096qhd.83.1443580755051; Tue, 29 Sep 2015 19:39:15 -0700 (PDT)
Received: from [192.168.1.3] (209-6-114-252.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.114.252]) by smtp.gmail.com with ESMTPSA id 145sm10478668qhb.20.2015.09.29.19.39.13 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 29 Sep 2015 19:39:13 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <F73A3CB31E8BE34FA1BBE3C8F0CB2AE28B606E58@SZXEMA510-MBX.china.huawei.com>
Date: Tue, 29 Sep 2015 22:39:13 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <562A4F65-2A63-4D75-BCF6-6F6ECC77CC41@gmail.com>
References: <20150929151503.2931.97454.idtracker@ietfa.amsl.com> <F73A3CB31E8BE34FA1BBE3C8F0CB2AE28B606E58@SZXEMA510-MBX.china.huawei.com>
To: Mach Chen <mach.chen@huawei.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/DIkomI8nvS54rNW6u9CRZL9o86M>
Cc: "mpls@ietf.org" <mpls@ietf.org>, "draft-ietf-mpls-lsp-ping-reply-mode-simple.shepherd@ietf.org" <draft-ietf-mpls-lsp-ping-reply-mode-simple.shepherd@ietf.org>, "draft-ietf-mpls-lsp-ping-reply-mode-simple@ietf.org" <draft-ietf-mpls-lsp-ping-reply-mode-simple@ietf.org>, "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, "draft-ietf-mpls-lsp-ping-reply-mode-simple.ad@ietf.org" <draft-ietf-mpls-lsp-ping-reply-mode-simple.ad@ietf.org>, The IESG <iesg@ietf.org>, "rcallon@juniper.net" <rcallon@juniper.net>
Subject: Re: [mpls] Kathleen Moriarty's Discuss on draft-ietf-mpls-lsp-ping-reply-mode-simple-04: (with DISCUSS)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 02:39:17 -0000
Hi, Thanks for suggesting text quickly to address this. Inline Sent from my iPhone > On Sep 29, 2015, at 10:28 PM, Mach Chen <mach.chen@huawei.com> wrote: > > Hi Kathleen, > > Thanks for reviewing the draft and the suggestion! > > Regarding the DISCUSS, how about the following update? > > OLD: > Beyond those specified in [RFC4379] and [RFC7110], there are no further security measures required. > > NEW: > Those security considerations specified in [RFC4379] and [RFC7110] apply for this document. > In addition, this document introduces the Reply Mode Order TLV. It provides a new way for an unauthorized source to gather more network information, especially the potential return path(s) information of an LSP. To protect against unauthorized sources using MPLS echo request messages with the Reply Mode Order TLV to obtain network information, similar to [RFC4379], it is RECOMMENDED that implementations provide a means of checking the source addresses of MPLS echo request messages against an access list before accepting the message. If the message is not encrypted, this content is still exposed potentially, right? This helps, but also mentioning lack of confidentiality protection might be helpful too. Thank you, Kathleen > > > Best regards, > Mach > > >> -----Original Message----- >> From: Kathleen Moriarty [mailto:Kathleen.Moriarty.ietf@gmail.com] >> Sent: Tuesday, September 29, 2015 11:15 PM >> To: The IESG >> Cc: draft-ietf-mpls-lsp-ping-reply-mode-simple.shepherd@ietf.org; >> mpls-chairs@ietf.org; draft-ietf-mpls-lsp-ping-reply-mode-simple@ietf.org; >> draft-ietf-mpls-lsp-ping-reply-mode-simple.ad@ietf.org; rcallon@juniper.net; >> mpls@ietf.org >> Subject: Kathleen Moriarty's Discuss on >> draft-ietf-mpls-lsp-ping-reply-mode-simple-04: (with DISCUSS) >> >> Kathleen Moriarty has entered the following ballot position for >> draft-ietf-mpls-lsp-ping-reply-mode-simple-04: Discuss >> >> When responding, please keep the subject line intact and reply to all email >> addresses included in the To and CC lines. (Feel free to cut this introductory >> paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-mpls-lsp-ping-reply-mode-simple/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> This should be easy to resolve. SInce this draft adds a new capability to >> include the return path, this provides another attack vector to observe path >> information that could be part of reconnaissance gathering to later attack the >> network or path. While the referenced RFC4379 mentions the following in the >> security considerations section: >> >> The third is an >> unauthorized source using an LSP ping to obtain information about the >> network. >> >> The equivalent should be added for this new capability in this draft, since now >> it's possible to gather the path information from the new feature. >
- [mpls] Kathleen Moriarty's Discuss on draft-ietf-… Kathleen Moriarty
- Re: [mpls] Kathleen Moriarty's Discuss on draft-i… Mach Chen
- Re: [mpls] Kathleen Moriarty's Discuss on draft-i… Kathleen Moriarty
- Re: [mpls] Kathleen Moriarty's Discuss on draft-i… Mach Chen
- Re: [mpls] Kathleen Moriarty's Discuss on draft-i… Kathleen Moriarty
- Re: [mpls] Kathleen Moriarty's Discuss on draft-i… Mach Chen
- Re: [mpls] Kathleen Moriarty's Discuss on draft-i… Kathleen Moriarty
- Re: [mpls] Kathleen Moriarty's Discuss on draft-i… Mach Chen