Re: [mpls] AD review of draft-ietf-mpls-ldp-hello-crypto-auth
"Adrian Farrel" <adrian@olddog.co.uk> Thu, 17 April 2014 13:09 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA7A11A0150 for <mpls@ietfa.amsl.com>; Thu, 17 Apr 2014 06:09:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.001
X-Spam-Level:
X-Spam-Status: No, score=-100.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3OmP0mHaFROX for <mpls@ietfa.amsl.com>; Thu, 17 Apr 2014 06:09:35 -0700 (PDT)
Received: from asmtp3.iomartmail.com (asmtp3.iomartmail.com [62.128.201.159]) by ietfa.amsl.com (Postfix) with ESMTP id 1E4D21A0144 for <mpls@ietf.org>; Thu, 17 Apr 2014 06:09:34 -0700 (PDT)
Received: from asmtp3.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id s3HD9SqV004272; Thu, 17 Apr 2014 14:09:30 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id s3HD9P1I004258 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 17 Apr 2014 14:09:26 +0100
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Loa Andersson' <loa@pi.nu>, draft-ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org
References: <002301cf5743$b1a74af0$14f5e0d0$@olddog.co.uk> <534FB734.2020005@pi.nu>
In-Reply-To: <534FB734.2020005@pi.nu>
Date: Thu, 17 Apr 2014 14:09:25 +0100
Message-ID: <03d801cf5a3e$4327fcc0$c977f640$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGwZu0InfoAc9cYjGAjs7sJWmJQfAHiEHL1m0SW27A=
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1017-20638.002
X-TM-AS-Result: No--25.990-10.0-31-10
X-imss-scan-details: No--25.990-10.0-31-10
X-TMASE-MatchedRID: dL10VBB8yofdFc7KmVSFInBRIrj8R47FhK6MUk5fDP27+NPPxj+R6q0R omhWPJaQ/36awnwEWWtQ8Bt3H6q/bOLEx8K5SmHZDRBjlWdDIA1PIpLM1lKFW7ELn336s0giika 0Ka6FTusSfRocOFS0In3+sfWGTE7hMH15eekLeUiEJ5wBUYI5/UDwj88nLgRTfKNVzc7XpNqdAR h7bKcmDWNw+CBvj5ATS68xji9Qa4RlZa1Ry9qdoFPjo7D4SFg4QG66tTRoP+drMbakJN8OefWnL 2FmW8ATAgfqSVHxppENJdWbfnv8KoxOAnnhEoAzHLEq6GCOQFaK6IJmwLQESLvsTEW9zEoTtPh3 CmINV9Ok1WcEVWC5ZhM1yubxgLEE1xQ2OgXti5VHFWsq1vzd1BmyTBaqiJvcf7FDYGpyXq1Vrl4 dPkDCJj74qz4vOyGQTTus4Pg7jbn5V22kT3/19k9GwoJMN6MPju+GX08gELBBDVeC8J7uwbBCWJ YFsTZpjfgUYGMwHqCFzkxNEN20m9e3wqXmlnx9Q1OcCEvT+bchauGyjTkf9ThjAM9APH53o8WMk QWv6iV95l0nVeyiuEIhOWyY9/MAC24oEZ6SpSk+Mqg+CyrtwA==
Archived-At: http://mailarchive.ietf.org/arch/msg/mpls/bB-NE8a6eIq5VFUqJ-NqR8iuEjc
Cc: mpls@ietf.org
Subject: Re: [mpls] AD review of draft-ietf-mpls-ldp-hello-crypto-auth
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 13:09:40 -0000
Hello, I don't think that is the history at all! This document started as draft-zheng-mpls-ldp-hello-crypto-auth in October 2010. Before that the issue with the Hello was discussed and batted around for a while. There is a risk with the Hello and it needs a solution. No issue with that, and I support this draft. RFC 6952 comes from draft-ietf-karp-routing-tcp-analysis-00.txt that was adopted by KARP in June 2011. That derives from draft-mahesh-bgp-ldp-msdp-analysis first posted in February 2011 (note that the discussion of LDP Hellos didn't make it into this document until -01 in May 2011). But who cares? RFC 6952 does not describe the attacks or their mitigations. It just notes that spoofing a Hello can have some bad effects. As a deployer, I need help to explain when I need to insist on having this feature implemented by my supplier (BTW, it looks like none of the suppliers is implementing it) and when I need to enable it. It seems to me that this feature is needed to protect against attacks (which 6952 claims have been seen in the wild), but that those attacks only arise in specific situations. Since the security mechanisms defined in this document are pretty heavy-weight (compare with simple text passwords so loved for IGP security :-) it would be great to get some help on this topic. Are all networks always exposed (if so it looks like a must-have feature)? Are the risks only significant for targeted LDP? Is the network safe if it applies access controls at the edges and assumes no subversion of routers? Does applying an access list at the LDP speakers provide protection against everything except address spoofing? Cheers, Adrian > -----Original Message----- > From: Loa Andersson [mailto:loa@pi.nu] > Sent: 17 April 2014 12:13 > To: adrian@olddog.co.uk; draft-ietf-mpls-ldp-hello-crypto-auth.all@tools.ietf.org > Cc: mpls@ietf.org > Subject: Re: AD review of draft-ietf-mpls-ldp-hello-crypto-auth > > Adrian, > > Given my limited understanding of the security mechanisms, I > nevertheless have one question I need to ask. > > You say: > > On 2014-04-13 20:10, Adrian Farrel wrote: > > It would help if the document was a > > little clearer about which attacks it is defending against and why normal > > protection at the edge of the network is not considered enough for the former, > > and why a bad actor within the network would waste its time attacking LDP > when > > there is so much else it can do! > > My understanding is that this document was written as a response to the > risk analysis in RFC 6952. If I remember correctly you had a number of > questions, but also said that you had no objections after having these > question answered. > > Since RFC 6952 says we have a security hole that we need to close, you > said that you approve of that, we tried to fill the hole; how should I > understand the comment above? Do you just want another reference to > RFC 6952? > > /Loa
- [mpls] AD review of draft-ietf-mpls-ldp-hello-cry… Adrian Farrel
- Re: [mpls] AD review of draft-ietf-mpls-ldp-hello… Loa Andersson
- Re: [mpls] AD review of draft-ietf-mpls-ldp-hello… Adrian Farrel
- Re: [mpls] AD review of draft-ietf-mpls-ldp-hello… Loa Andersson
- Re: [mpls] AD review of draft-ietf-mpls-ldp-hello… Adrian Farrel
- Re: [mpls] AD review of draft-ietf-mpls-ldp-hello… Vero Zheng
- Re: [mpls] AD review of draft-ietf-mpls-ldp-hello… Adrian Farrel