Re: [mpls] Poll to see if we have consensus to adopt draft-farrelll-mpls-opportunistic-encrypt as an MPLS wg document
"Adrian Farrel" <adrian@olddog.co.uk> Tue, 30 June 2015 11:24 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39F141A8937 for <mpls@ietfa.amsl.com>; Tue, 30 Jun 2015 04:24:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aXBZJWSQCTE6 for <mpls@ietfa.amsl.com>; Tue, 30 Jun 2015 04:24:14 -0700 (PDT)
Received: from asmtp3.iomartmail.com (asmtp3.iomartmail.com [62.128.201.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B46D1A8938 for <mpls@ietf.org>; Tue, 30 Jun 2015 04:24:14 -0700 (PDT)
Received: from asmtp3.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id t5UBOA25029955; Tue, 30 Jun 2015 12:24:10 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id t5UBO4tH029859 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Tue, 30 Jun 2015 12:24:05 +0100
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, 'Eric C Rosen' <erosen@juniper.net>, 'Loa Andersson' <loa@pi.nu>, mpls@ietf.org, draft-farrelll-mpls-opportunistic-encrypt@tools.ietf.org
References: <55828B69.3070603@pi.nu> <55880C91.507@juniper.net> <559129C8.7000407@cs.tcd.ie> <559196F1.90006@juniper.net> <5591BE65.3080409@cs.tcd.ie>
In-Reply-To: <5591BE65.3080409@cs.tcd.ie>
Date: Tue, 30 Jun 2015 12:24:05 +0100
Message-ID: <023c01d0b327$47d32220$d7796660$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHHACr1+2ICfBQdc0NgaVM1/KoHIwIWNNVBAUD0iZsC4JKWdwLGGEAmnZBZuiA=
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-8.0.0.1202-21644.007
X-TM-AS-Result: No--29.008-10.0-31-10
X-imss-scan-details: No--29.008-10.0-31-10
X-TMASE-MatchedRID: yebcs53SkkC2uGZ0VrPO/SuRmcDMF+7vQKuv8uQBDjqsVbcspinhtMos UMRQ+zgHMqVXuI2s8JR8SCKVahhnrHZG18Dndc8kiZXXNvjmJ4bTBg/CbgV2T2+ZWOOitWyG7GB XgZpGLly+k9BM8ryUGqy2pVyk9LkXExh28GN3X3CM29hkek7Xd0yQ5fRSh265azG2pCTfDnnacD 3TabIC9cjZ/enMd1aIcbZgywH/8PkPzU1mCJZ0ldxajlW+zwxCW3Tqgx/NSkoGDX36N3U6oDQHj bP3CK3i+fTKfA77gD8rXZyK2gPadOjIkJlXT6YIl1zsjZ1/6azfbGyvRdIaSJw2+H6QUcatLIfq FWonpxDa5HpFN+Z3QaDFOl5W85jVQgUInkqQBs9VnniKh7YTC7d2noO4P7rALraGNlLRahjdQMH eL4qWiMU4r/BUsiFypk9AqQhmLnJCzHFhiypoVppWgCLYjjT9pPZLm8rbDqJXPwnnY5XL5BQSe7 Rd1aWbijIBzxIiQEheHw0Rrqsj5nLtSNUx6pQPnqTqO1KiJfnWSrKtwxqWpWS55JpH7/qdp0Uok rgh9kbjyJLUm54Uap7543jt6CpqKJOd7SLvnk7BVprK8rvWXzlIA4KS6pW3ywhZJGMjnl7XHGWS OMgQvkyRraHfqQCMglsXBTsBGkfbdVhh2FZARHuTVkeYosXtsojbmc4EOLyTMTaQzhvoeoZ3cC7 i7tjlXFgg2EUQPmmIt42whEbyra+auQo1ONHxEu5bhrerZYaVq+okl1rYD6xp9wUsWVTUzeWex9 opxkmkdnvnn+cvR7iRreC5Dl7eZOvBkpRSmBaeAiCmPx4NwFkMvWAuahr8+gD2vYtOFhgqtq5d3 cxkNQP90fJP9eHt
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/bT3Bd79szGQ7cucdkMX-6pewvwk>
Cc: mpls-chairs@tools.ietf.org
Subject: Re: [mpls] Poll to see if we have consensus to adopt draft-farrelll-mpls-opportunistic-encrypt as an MPLS wg document
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 11:24:17 -0000
I think there are two things going on in one conversation. There is multi-party key exchange that one might need for P2MP or MP2P so that all senders/receivers on a multi(>2)-party LSP have the sam key. And there is multi-LSP keying where all LSPs (or a subset of all LSPs?) between a pair of LSRs use the same key. The former would be ugly especially in an opportunistic world. That limits the applicability of MPLS-OS to P2P LSPs. Eric is right that this cuts out "routed MPLS" so that the classic LDP application would be unable to use MPLS-OS. (Although, there may be scope to identify the sender or the MPLS-OS SA per packet as is done for OAM - the question is whether it can be handled at line rate for a large number of senders.) So this degrades to determining whether MPLS-OS would be useful if limited to TE LSPs (RSVP-TE and static provisioning) and PWs (T-LDP and static provisioning). The second issue is a trade... - maintain security state per LSP versus - maintain a nonce across LSPs - handle "all or nothing" for LSPs between a pair of LSRs My feeling from various conversations over the last 18 months is that the desired applicability is for virtual links that span multiple hops in an MPLS network (which maps to TE LSPs and PWs quite well), and that OS would be enabled in a somewhat ad hoc manner on key LSPs but not all of them. I think that at this point we need operators to speak. Even though we are still looking at this as an experiment and a feasibility study, it would help a lot to know where and how this might get used. And that last point cuts a little into "a solution in search of a problem". We know, in general that there is a problem with wholesale tapping of data in tier 1 networks: and we know that organised crime is in this business. We also know that individual users should but do not protect their own transactions, and would find it hard to protect their metadata. So there is a problem that needs attention. Is this the single solution that will fix it? No. Could it be a tool to help? That is what we would like to find out. Is a WG Experimental I-D something vendors should feel pressure to implement? No, absolutely not especially if the operators on this list are not joining in the discussion. Thanks, Adrian > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > Sent: 29 June 2015 22:54 > To: Eric C Rosen; Loa Andersson; mpls@ietf.org; draft-farrelll-mpls-opportunistic- > encrypt@tools.ietf.org > Cc: mpls-chairs@tools.ietf.org > Subject: Re: [mpls] Poll to see if we have consensus to adopt draft-farrelll-mpls- > opportunistic-encrypt as an MPLS wg document > > > > On 29/06/15 20:05, Eric C Rosen wrote: > > On 6/29/2015 7:19 AM, Stephen Farrell wrote: > >> What we're doing here I think is documenting a security > >> mechanism for this layer for use in cases when this layer turns out > >> to be what someone wants to use. > > > > That sounds like a solution in search of a problem. > > I guess it could if one wants to be argumentative but I'm > interested that other folks here who know far more about mpls > than I think this ought be adopted, so presumably others > disagree with your evaluation. > > I would repeat though, that even if one wants some additional > more complex functionality later starting now with a simpler > specification on which one can build is IMO a far better and > much more practical approach when considering key management. > > That said, I'm just a plumber here, and it's really for others > to say that they'd find this useful I think. > > > > > My point is that between the applicability restrictions (no MP2P) and > > the excessive granularity (security state per label), > > I'm not clear how one could avoid some state per LSP (is that > the same as per-label?) without getting into multiparty key > management, which is a technology with very little deployment > no matter the layer at which it is defined. > > > it's hard to see > > that this is a reasonable approach. Even if you brought it to PALS and > > renamed it to be "pseudowire security", the need to have security state > > per pseudowire seems like a problem. > > > >>> The draft would really benefit from having some worked out examples of > >>> how MPLS security would work in various VPN deployment scenarios, > > > >> Again, I think that the above would be done building on top of this > >> scheme, but not as part of this scheme. But I admit that I don't myself > >> understand those deployment scenarios enough to be certain of that. > > > > First design the hammer, then figure out later whether we need to pound > > any nails? > > Isn't that purely pejorative? I don't see how that's helpful. > > > > > I'd have thought that before the WG adopts the draft, there should be > > some clue as to how the proposed MPLS security mechanism would be > > applied to most of the uses of MPLS. When asked about how it might work > > in various common deployment scenarios, I don't think it's appropriate > > to say "first we need to design the mechanisms, later on we'll figure > > out how to use them to actually solve problems". > > Again, we're positing a two party key exchange here. If the WG don't > think that's useful that's fine. But (to up my rhetoric in response > to yours:-) asking to boil the multiparty key exchange ocean before > doing anything would be a fine recipe for doing nothing at all. > > > > >> Why would layer 2 [security] be simpler? If you mean because it > >> already exists > >> and can be used that's fine, but I'd be interested if there were some > >> way in which MACsec were substantively simpler. > > > > No impact to MPLS, fixed and unchanging granularity (per-link rather > > than per-LSP), reduced state (no constantly changing nonce per label, no > > key per label) simplified data flow (security processing cleanly > > separated from network layer processing), not to mention simplified key > > distribution. I'm having trouble seeing what hop-by-hop MPLS security > > adds except more complexity. > > I disagree that that makes layer 2 security much simpler. It means > the complexity is hidden from the layer above, which is a benefit if > you don't need to see it, but most of the complexity is there just > as much even if hidden. Bear in mind that we are not saying that > there's anything wrong with layer 2 security here, but claiming > that it's that much simpler isn't convincing. > > Cheers, > S. > > > > > > > > > > > > > > > > > > > >
- [mpls] Poll to see if we have consensus to adopt … Loa Andersson
- Re: [mpls] Poll to see if we have consensus to ad… Alexander Vainshtein
- Re: [mpls] Poll to see if we have consensus to ad… Adrian Farrel
- Re: [mpls] Poll to see if we have consensus to ad… Andrew G. Malis
- Re: [mpls] Poll to see if we have consensus to ad… Stephen Farrell
- Re: [mpls] Poll to see if we have consensus to ad… Gregory Mirsky
- Re: [mpls] Poll to see if we have consensus to ad… Eric C Rosen
- Re: [mpls] Poll to see if we have consensus to ad… Stephen Farrell
- Re: [mpls] Poll to see if we have consensus to ad… Eric C Rosen
- Re: [mpls] Poll to see if we have consensus to ad… Stephen Farrell
- Re: [mpls] Poll to see if we have consensus to ad… Adrian Farrel
- Re: [mpls] Poll to see if we have consensus to ad… Eric C Rosen
- Re: [mpls] Poll to see if we have consensus to ad… Stephen Farrell
- Re: [mpls] Poll to see if we have consensus to ad… Loa Andersson