IETF Logo Mail Archive

[mpls] FW: [karp] RtgDir review of draft-ietf-mpls-ldp-hello-crypto-auth-02

"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Wed, 19 March 2014 16:26 UTC

Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF08E1A07A1; Wed, 19 Mar 2014 09:26:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.599
X-Spam-Level:
X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MANGLED_LIST=2.3, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hffs6_V08CGm; Wed, 19 Mar 2014 09:26:22 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by ietfa.amsl.com (Postfix) with ESMTP id 299F31A0754; Wed, 19 Mar 2014 09:26:21 -0700 (PDT)
Received: from us70uusmtp4.zam.alcatel-lucent.com (h135-5-2-66.lucent.com [135.5.2.66]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id s2JGQ7UR020563; Wed, 19 Mar 2014 11:26:07 -0500 (CDT)
Received: from US70UWXCHHUB02.zam.alcatel-lucent.com (us70uwxchhub02.zam.alcatel-lucent.com [135.5.2.49]) by us70uusmtp4.zam.alcatel-lucent.com (GMO) with ESMTP id s2JG6676021908 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 19 Mar 2014 12:06:06 -0400
Received: from SG70XWXCHHUB01.zap.alcatel-lucent.com (135.253.2.46) by US70UWXCHHUB02.zam.alcatel-lucent.com (135.5.2.49) with Microsoft SMTP Server (TLS) id 14.2.247.3; Wed, 19 Mar 2014 12:06:06 -0400
Received: from SG70YWXCHMBA05.zap.alcatel-lucent.com ([169.254.5.74]) by SG70XWXCHHUB01.zap.alcatel-lucent.com ([135.253.2.46]) with mapi id 14.02.0247.003; Thu, 20 Mar 2014 00:06:02 +0800
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: "david.sinicrope@gmail.com" <david.sinicrope@gmail.com>
Thread-Topic: [karp] RtgDir review of draft-ietf-mpls-ldp-hello-crypto-auth-02
Thread-Index: AQHOvHW6Vn3yQ7bMNk6chPmRg73d0prpn7xQ
Date: Wed, 19 Mar 2014 16:06:01 +0000
Message-ID: <20211F91F544D247976D84C5D778A4C32E5B4DAD@SG70YWXCHMBA05.zap.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.253.19.17]
Content-Type: multipart/alternative; boundary="_000_20211F91F544D247976D84C5D778A4C32E5B4DADSG70YWXCHMBA05z_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/mpls/IqWx7fmfCvKQk3Q_uG_IAUInr-A
Cc: "mpls@ietf.org" <mpls@ietf.org>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "karp@ietf.org" <karp@ietf.org>
Subject: [mpls] FW: [karp] RtgDir review of draft-ietf-mpls-ldp-hello-crypto-auth-02
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2014 16:26:26 -0000

Hi David,

I think I have addressed most of your comments and suggestions in the updated document.

Can you please take a look at this and see if there is anything else that you  think we ought to address before it gets pushed further.


URL:            http://www.ietf.org/internet-drafts/draft-ietf-mpls-ldp-hello-crypto-auth-03.txt

Status:         https://datatracker.ietf.org/doc/draft-ietf-mpls-ldp-hello-crypto-auth/

Htmlized:       http://tools.ietf.org/html/draft-ietf-mpls-ldp-hello-crypto-auth-03

Diff:           http://www.ietf.org/rfcdiff?url2=draft-ietf-mpls-ldp-hello-crypto-auth-03

Cheers, Manav


From: karp-bounces@ietf.org [mailto:karp-bounces@ietf.org] On Behalf Of David Sinicrope
Sent: Saturday, September 28, 2013 11:25 PM
To: mpls@ietf.org; IETF.PWE3; karp@ietf.org
Subject: [karp] RtgDir review of draft-ietf-mpls-ldp-hello-crypto-auth-02

This time with a more relevant subject on the email.
Dave

Hello,

I have been selected as the Routing Directorate reviewer for this draft. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please see
http://www.ietf.org/iesg/directorate/routing.html

Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft.
Document: draft-ietf-mpls-ldp-hello-crypto-auth-02
Reviewer: David Sinicrope
Review Date: 28 September 2013
IETF LC End Date: 23 September 2013
Intended Status: Standards Track

o Summary:
I have some major and minor concerns about this document that I think should be resolved before publication.  While I reviewed the document from the RtgDir point of view, I would strongly suggest a thorough security related review, if not already done, before progressing to publication.


In general, I believe the document should be progressed to publication once the issues are resolved by the authors.  The document assumes a working knowledge of KARP mechanisms.  This should be stated up front with relevant references.


I've attached a .pdf version of the document to this message for use by the authors.

Comments:

--- Page 4 ---

Note (yellow), Sep 27, 2013, 3:04 PM:
Nit: sec1, para 1 1st sentence : c/runs/run

Note (yellow), Sep 27, 2013, 3:04 PM:
Minor- sec 1, para 2: start the second sentence with "Since the Hello messages are sent with UDP and not TCP..."

Note (yellow), Sep 27, 2013, 3:04 PM:
Minor - sec 1, para 2: change "Besides a note that some  configuration may help protect against bogus discovery messages,  [RFC5036] does not really provide any security mechanism to protect  the Hello messages." To "While some configuration guidance is given in [RFC5036] to help protect against false discovery messages, it does not provide an explicit security mechanism to protect the Hello messages."

Note (yellow), Sep 27, 2013, 3:04 PM:
Minor - global: c/Spoofing/Falsifying/

Note (yellow), Sep 27, 2013, 3:04 PM:
Minor - sec 1, para 3: please give an example of a falsified Hello with a different transport address.

Note (yellow), Sep 27, 2013, 3:04 PM:
Nit - sec 1, para 4: remove first "that" in the fist sentence

Note (yellow), Sep 27, 2013, 3:04 PM:
Minor - sec 1 para 4, 1st sentence and global: remove "Basic". The text is introducing a new term of "Basic Hellos" that doesn't exist in RFC 5036.  You may be referring to "Link Hellos".  See RFC 5036 sec 2.4.

Note (yellow), Sep 27, 2013, 3:04 PM:
Minor - sec 1 para 4 & global: remove "Extended" and replace with "Targeted". The text is introducing a new term of "Extended Hellos" that doesn't exist in RFC 5036.  You may be referring to "Targeted Hellos".  See RFC 5036 sec 2.4.

Note (yellow), Sep 27, 2013, 3:04 PM:
Nit - sec 1, para 5, sentence 1: c/message/messages/


--- Page 5 ---

Note (yellow), Sep 27, 2013, 3:04 PM:
Nit - global: refer consistently to "Hello message"s vs "Hellos" and "Hello packets".

Note (yellow), Sep 27, 2013, 3:04 PM:
Major - Sec 1, para 6, last sentence: remove thisMinor - sec 1 para 4, 1st sentence and global: remove "Basic". The text is introducing a new term of "Basic Hellos" that doesn't exist in RFC 5036.  You may be referring to "Link Hellos".  See RFC 5036 sec 2.4. last sentence, it is redundant with section 3.


--- Page 6 ---

Note (yellow), Sep 27, 2013, 3:04 PM:
Minor - sec 2.1, 1st para: remove 3rd sentence.  Adds no value.

Note (yellow), Sep 28, 2013, 1:29 PM:
Major- s2.2, Auth Key ID: this field is conveying the algorithm AND the the secret key.  It should be atomic, I.e., the algorithm ID should be one field the key another.

Major - s2.2, Auth Key ID: the composition of this field is not clear to the casual reader.  Exactly how is the algorithm identified and what portion is the algorithm I'd and what part is the secret key?


--- Page 7 ---

Note (yellow), Sep 28, 2013, 1:29 PM:
Nit - s2.2, p6: remove "really" in the penultimate sentence.

Note (yellow), Sep 28, 2013, 1:29 PM:
Major - s2.2, p6: what are the "available mechanisms" that are being required? I.e., if some one was to test compliance to the requirements of this draft what would they test for this?  Without more specifics on how to meet the sequence number requirement, the strictly increasing requirement in the paragraph above is sufficient.

Note (yellow), Sep 28, 2013, 1:29 PM:
Major - s2.3, p1: it should be clearly stated that the high order 32 bits are  incremented on device boot, and low order 32 bit wrap.  "This is currently on given subtly in the previous section as "wrap/boot".

Note (yellow), Sep 28, 2013, 1:29 PM:
Nit - s2.3, p1: "If by some chance..."  Should start a new paragraph,


--- Page 8 ---

Note (yellow), Sep 28, 2013, 1:29 PM:
Major - s3, p1, sentence 1:  "... the Auth Key ID maps to the authentication algorithm and the secret key used to..."  Maps how exactly?  As noted in earlier comments it seems as those this field should be broken into two atomic fields Auth Algorithm and Auth Key.

Note (yellow), Sep 28, 2013, 1:29 PM:
Nit - s3, p4: might be easier to see requirements as a list.
"Of the above, implementations of this specification:
- MUST include support for at least HMAC-SHA-256
- SHOULD include support for HMAC-SHA-1
- MAY include support for HMAC-SHA-384 or HMAC-SHA-512 or both."

Note (yellow), Sep 28, 2013, 1:29 PM:
Nit- s3,p3:remove this paragraph/list, it is superfluous, with the paragraph below and section 2.2 last paragraph.  Further the word "includes" implies the list is not exhaustive.  i.e., I can use MD5 if I wish.

Question- s3,p3: Are other authentication hashes prohibited?  If not how are they identified and encoded?


--- Page 9 ---

Note (yellow), Sep 28, 2013, 1:29 PM:
Major- s4:  this is difficult to follow.
- the section makes reference to "the two octet LDP Cryptographic Protocol ID" this field is not previously mentioned in this document.  What is the reference to this ID? Where is it defined?

- The section makes reference to the "authentication key". Is this the same as the Authentication Key ID in section 2.2?

-"Other protocols  using cryptographic authentication as specified herein MUST similarly  append their respective Cryptographic Protocol IDs to their keys in  this step."  This document only specifies one protocol using crypto authentication, I.e., LDP What are the others being referred to?

- This text first uses the term "Cryptographic Protocol ID". What is this?  Where is it defined?  From the IANA considerations it is clearer this refers to a KARP mechanism.  Please add some explanation of how this mechanism fits into the KARP framework.

- could use more explanation or a reference to additional information on the cross protocol attack problem being addressed.

- reference to "protocols sharing common keys," what does this mean?  Please elaborate. Perhaps an example would help.


--- Page 10 ---

Note (yellow), Sep 28, 2013, 1:29 PM:
General- the RtgDir

Note - s5: I don't see any routing protocol issues with this.  It should be reviewed for security and crypto issues.


--- Page 12 ---

Note (yellow), Sep 28, 2013, 1:29 PM:
Nit - s6.1, p1, 1st sentence: add "the" after "transmitting"
Nit - s6.1, p1, last sentence: make this a list
Nit - s6.1, p2, 1st sentence: make this a separate paragraph



(report generated by GoodReader)

v2.23.0 | Report a Bug | By Email