Re: [mpls] would the WG like to adopt draft-farrelll-mpls-opportunistic-encrypt?
Loa Andersson <loa@pi.nu> Thu, 23 April 2015 13:16 UTC
Return-Path: <loa@pi.nu>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BF451AC445 for <mpls@ietfa.amsl.com>; Thu, 23 Apr 2015 06:16:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FlII7YAo8vvI for <mpls@ietfa.amsl.com>; Thu, 23 Apr 2015 06:16:07 -0700 (PDT)
Received: from pipi.pi.nu (pipi.pi.nu [83.168.239.141]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F6201B2EA3 for <mpls@ietf.org>; Thu, 23 Apr 2015 06:15:57 -0700 (PDT)
Received: from [192.168.0.101] (81-236-221-144-no93.tbcn.telia.com [81.236.221.144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: loa@pi.nu) by pipi.pi.nu (Postfix) with ESMTPSA id 41A321801127; Thu, 23 Apr 2015 15:15:56 +0200 (CEST)
Message-ID: <5538F08A.6010208@pi.nu>
Date: Thu, 23 Apr 2015 15:15:54 +0200
From: Loa Andersson <loa@pi.nu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "mpls@ietf.org" <mpls@ietf.org>
References: <5530F834.40002@cs.tcd.ie> <5538BE10.60706@pi.nu> <5538BFF3.8030701@cs.tcd.ie>
In-Reply-To: <5538BFF3.8030701@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/g46WdRBLy5_aILfEZr01wUQLlCo>
Subject: Re: [mpls] would the WG like to adopt draft-farrelll-mpls-opportunistic-encrypt?
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 13:16:09 -0000
Stephen, On 2015-04-23 11:48, Stephen Farrell wrote: > > Hiya, > > On 23/04/15 10:40, Loa Andersson wrote: >> Working Group, >> >> <chair hat off> >> >> I've read the draft (a while ago) and I think this document is within >> the wg charter and should be progressed by the mpls wg. >> >> (chair hat on> >> >> If I hear nothing to the contrary I will start the process with >> mpls-rt review, IPR poll and wg adoption poll first week of May. > > Thanks Loa. I'm not entirely familiar with the mpls-rt review but > one issue on which I think some detailed requirements-level guidance > would be useful for me is on whether this ought stick with "classic" > integer DH or move to a more modern DH approach based on curve 25519. > If you have reviewers who are familiar with the issues there and > with MPLS performance and implementation requirements that'd be good. > If not, I'm happy to try explain the pros and cons from the security > and crypto POV, either to the reviewers or the list. And that can be > done post-adoption on the list if that's better too, but it'd be a > good thing to bottom out early-ish in the WG process. The MPLS-RT review is there to give advice to the working group chairs whether the document is ready to be adopted as a wg doc (if ot addresses as real problem, if it is likely to be deployed in real networks, etc.) Once I start the MPLS-RT review I'll look to see if I can find a reviewer that can look at the DH issues also. /Loa > >> There has been some comments, but I think those are address. Please >> read and comment on the draft. > > Yes, I think we've addressed the substantive comments we've so > far seen. > > Cheers, > S. > >> >> /Loa >> >> >> >> On 2015-04-17 14:10, Stephen Farrell wrote: >>> >>> Hiya, >>> >>> Adrian and I wrote up [1]. How'd the WG feel about adopting >>> that? If you did, I'd be willing to continue editing if you >>> wanted. So consider this as a request that the WG take on >>> this work. >>> >>> In case it helps, the current abstract is: >>> >>> " >>> This document describes a way to apply opportunistic security >>> between adjacent nodes on an MPLS Label Switched Path (LSP) or >>> between end points of an LSP. It explains how keys may be agreed >>> to enable encryption, and how key identifiers are exchanged in >>> encrypted MPLS packets. Finally, this document describes the >>> applicability of this approach to opportunistic security in MPLS >>> networks with an indication of the level of improved security as >>> well as the continued vulnerabilities. >>> >>> This document does not describe security for MPLS control plane >>> protocols. >>> " >>> >>> Cheers, >>> S. >>> >>> [1] https://tools.ietf.org/html/draft-farrelll-mpls-opportunistic-encrypt >>> >>> _______________________________________________ >>> mpls mailing list >>> mpls@ietf.org >>> https://www.ietf.org/mailman/listinfo/mpls >>> >> -- Loa Andersson email: loa@mail01.huawei.com Senior MPLS Expert loa@pi.nu Huawei Technologies (consultant) phone: +46 739 81 21 64
- [mpls] would the WG like to adopt draft-farrelll-… Stephen Farrell
- Re: [mpls] would the WG like to adopt draft-farre… Loa Andersson
- Re: [mpls] would the WG like to adopt draft-farre… Stephen Farrell
- Re: [mpls] would the WG like to adopt draft-farre… Loa Andersson