Re: [mpls] [secdir] Secdir last call review of draft-ietf-mpls-lsp-ping-lag-multipath-05

Benjamin Kaduk <kaduk@mit.edu> Sat, 26 January 2019 21:17 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2163131000; Sat, 26 Jan 2019 13:17:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CjJLbmp8R7E9; Sat, 26 Jan 2019 13:17:40 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-eopbgr760119.outbound.protection.outlook.com [40.107.76.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3341E130FFA; Sat, 26 Jan 2019 13:17:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2I71B2sxtbbS5NPaIYzzlyytToVQdG16CDPBZK6YOjk=; b=cplmLC75/4F/dqY+qWvGcVvKEajeb/vDYhVvOZs2M+GVci5d+ozPZx950YJI1P8olzLd+2Aue+B0uSt2DqqO5N979LdGaPgJyMtI6vtUcjwRqJ0q0hBMCbHKqn6FOT8jTddQCGoUa4IivTtctJBJvYlDYVJAtFuBSgZw7DbJOSc=
Received: from DM5PR0102CA0001.prod.exchangelabs.com (2603:10b6:4:9c::14) by BL0PR01MB4483.prod.exchangelabs.com (2603:10b6:208:81::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.18; Sat, 26 Jan 2019 21:17:34 +0000
Received: from DM3NAM03FT065.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::204) by DM5PR0102CA0001.outlook.office365.com (2603:10b6:4:9c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.16 via Frontend Transport; Sat, 26 Jan 2019 21:17:34 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT065.mail.protection.outlook.com (10.152.82.254) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.10 via Frontend Transport; Sat, 26 Jan 2019 21:17:33 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x0QLHUqH005987 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 26 Jan 2019 16:17:32 -0500
Date: Sat, 26 Jan 2019 15:17:29 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Mach Chen <mach.chen@huawei.com>
CC: Linda Dunbar <linda.dunbar@huawei.com>, "secdir@ietf.org" <secdir@ietf.org>, "mpls@ietf.org" <mpls@ietf.org>, "draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org" <draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Message-ID: <20190126211729.GJ49072@kduck.mit.edu>
References: <154455986336.13151.8483284555885294015@ietfa.amsl.com> <F73A3CB31E8BE34FA1BBE3C8F0CB2AE2927B2883@dggeml510-mbx.china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <F73A3CB31E8BE34FA1BBE3C8F0CB2AE2927B2883@dggeml510-mbx.china.huawei.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(136003)(39860400002)(346002)(376002)(2980300002)(51914003)(13464003)(199004)(189003)(54906003)(76176011)(47776003)(7696005)(14444005)(4326008)(229853002)(55016002)(305945005)(97756001)(1076003)(6246003)(6666004)(246002)(356004)(106002)(58126008)(6916009)(53546011)(426003)(486006)(336012)(104016004)(186003)(26005)(8676002)(53416004)(75432002)(8936002)(126002)(476003)(446003)(11346002)(956004)(33656002)(23726003)(26826003)(86362001)(2906002)(478600001)(46406003)(88552002)(50466002)(316002)(36906005)(106466001)(16586007)(786003)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR01MB4483; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM03FT065; 1:5klBDNEVGQg5sobp+q0lTuA6VKPbVARiP4B7QQH5ZDW+MTsA9hdMkMDTN6PvfRMlfzlyBK7IWROREpGF/6ylQbBGlD8/KOuRPUc3HLXo2ZlFDV7NvehMElKVCvD8l0jMglC3oUpIVEn9DJEsNHXMHg==
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 122caf7c-2370-4f67-24e4-08d683d3b0a4
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4608076)(4709027)(2017052603328)(7153060); SRVR:BL0PR01MB4483;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4483; 3:D+pPg+ndZ8DCmErMiOblxd05iAIluLANS0q2zLkYVvXCpM/g7Ry7qZJYxStX65TxUrLejXyn1MlSrCP+1Lhd6O7tK83fuft4pG8XL6MafU4R6TMW9Z3VU4LQqoN5vnceYsaI2m3ncrlvZ9aYB145lvVHEQLVBcfDtUTFDuRmG0t/a0OhkQi8AlhRPJ0ofuCrqyUHZgBsd9lqhctRhLU8YTHTUTON8EPuaI1HqQfvsfnaw6pWy+CoMjeXvoAzFG1bUbG/1kHzissJUhESGJqqJctTtqFC3kuuJowe/qU6WP60gYTmBR6Y8R6LNFQcOf/vbQKyBH/Vbuxakksg1+SHbpcN/oyOYoyJl8GRDMd45dML94yfIZbI1RDt2NuxCKab; 25:jX6jZM9IU/GgsW2cZzrqcM/rozORPxHDcLHXl5vwynl1JFQBdjmS70dPC7pT0kpTMpQldADLxmCtEgND6yDK0gcBdx6xcUz697vr3OetcuHx9Y0wh6RmdzFfRUfQwikYRjkJlx1D/aD0ylYWUvGxgkyS3oyod673U5vJt3MeSy9C8T8NizRgy3394MLjxMInbj+LvU3V7eAvsG2qh78lNhiRFeSKzTXWsaFCB7kQ88kR51H+E38XQDXO3cg5y8qVPy4DXeRme2T3qA+TM9ZmBz74SCJOIeomlJ21AE6ABJP624E5y57XFsitZ6/s0CEkP98xjCrohDY13q2VRQ341w==
X-MS-TrafficTypeDiagnostic: BL0PR01MB4483:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4483; 31:NaW1g+EjOYHuB6TjXKQYj49fr5Nschofyj6lTjEyl05ba0xeWaeBQws9FJAJYYoJHEYH/nYN2sxLdgXR6RsDUAEVLTlS+YDthKum/R0JZxgcGmoHTfGSB6rluxO+jVtoMcssEMm6O0ArHW8E+LdqN0ylhibeiiytWQO7vvYYU9p9G8qq55CmJx9WlpGHnaGeQ9DSyTvkqy4vv/mR4mTsjdin2NarGQViiYNAKlya1V0=; 20:YPPq9C/uEXXMypoKyWiW1tzBKyNbqEOl5c38cqZBQH73A/DdpaadyPYy0P1uH8A4KobRIfrkieNgdFTly7TPnOrppF6OPuZKLPiVRvU5aBAL6nm5h9pEih6igTEM+FJDsqMAVrW37e8lBtzEX4wRgJyB/norlz/CgrMZ1N80vR++VDc/A9ka1j4sGsGSY4+lebuSnUfOLika0mc3cpXqoM4Rr2IT5pALCHsJquxHNwW/Pl7binxwr+cM8QWBq7GlM6QwNVgCdJ1Ceb+lfQ5DhjK1Zk/sFWEZ6Pv5nLzgGsLDHA2OkwdlELQdTo05l/kiRcuM7zFziQYjIJbMFM8G0doi4bwHznDTRImBKUCn7Eobl8hWdASXCmawo6mlnOEOnv7acdKfLuEQdQ0d7b79DW1D87mKQm8aC55cCuA1oGvX6u2/bRisvpudBiqki+jjvzU/3LUvEDfrF8gc6Mj/A8/1Q+XWzrTd/FDhjkfCxioKypZKIqFhhH+2u3G95PwQ4xYozZhZ87EAlAdOLDce8QVRa8zenay6PmcA8YwNhbCdHkBxoIWjTGwgR5+KnUKBTgFUMI7lEzmr24Q0SYl9w0LtA2Q6rSxTrNEi1FFozqI=
X-Microsoft-Antispam-PRVS: <BL0PR01MB4483ABC5D8F9E427623C81B0A0940@BL0PR01MB4483.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4483; 4:Ei19V+kL7VA/kJOhybc/QVcf6Xcgy2cmtbpFNuzfonEZX3ma9rsGNGmk0GuvnZD/LxWJf+1y5skxGq08eb6vesNPgtt2Ra6ssNgy64RnWHP683QtjXw19UYMA6k17o+IPHcVckkbAk+LYHUhYa+HlyAMaM5MjeaBQMOerXwMiltDGWOreGWmUpuFoc5upJwGlzWnfoACTakWZIuuN0rM6+DXn5ez/qta39vsYjFU+nkGL942N72bf6JIBRBRc09JFmqoSiBZWITE2I6SQAB1MPtXbpG7BQ/Z+gHGC0tBIcw+JKmMIdgnqya34kRaNNwW
X-Forefront-PRVS: 0929F1BAED
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR01MB4483; 23:iFo3/nuJ6udS1iQwOb02Z+EbHsqitGYQb/oqqS882?= =?us-ascii?Q?q/jc4EK7fOnEcxrilZTQkRNAXgd76j4o3DcC0CLSGXIBAIoouy25/0CwZf0h?= =?us-ascii?Q?B/+w1dX1C7o0EeiKsL/v/Tx831aBVBOqUpWiyZewp8Qrn+fZZDWrrioz8omT?= =?us-ascii?Q?r6IvBok3vSXxUH2fVtseLF6x5DdrcOOE6p5ew38jUCWHL4Or+f3iU+gs8NLO?= =?us-ascii?Q?fg5kP4mP6bLimxmhYXiOTpM9/KjNKEW/mY4VbP0c6HrZb980ja8eCle6+mYA?= =?us-ascii?Q?iNC6LE2cuxZzXCCSma2eT3zLiCwQ9oKUAAwwrlXnYcrxqGXNu1p4E/9+ks91?= =?us-ascii?Q?wwLVszdZ+4FwOESjfPOjtz9DALSv9DeBbChQA6S4gkxFTLAwBEM96oVpKftL?= =?us-ascii?Q?0K7Gb/gnnqJXl91scCoRseKSrF24+3kbWlGHfC90G0SJOI8QHrJnxgCTpSoT?= =?us-ascii?Q?Ul73tWbyv7zkLGn/NQleS4uyB/rj1OClyk+5yiArBRrI+zgDwBMhdRBTTE7x?= =?us-ascii?Q?Uw8uWstSLbLSuMcBw9o25IizX0yB9G/LBNEb03kaa+IbcCbZQRVlSuizsuqQ?= =?us-ascii?Q?XhoWbYee6SFPMsUMIAjAO2Ab89lvitnfqdIeGdZb/uAqdDliMnVFbs2szkPk?= =?us-ascii?Q?N6zbf9ixg5aYUvEckZJ4YamlqgtUz3fZJ+Mq8lirYuUXgeq+U41wWOq1zfnb?= =?us-ascii?Q?JNnb6VTXNhOX15HHfeaZ8sjd+CX6cBJH8HMwBTCCRxKFXEMlSWsPs0s16R3/?= =?us-ascii?Q?RSRSqCQ6E6vxSvYschF+WivjnR/Y/7hRbXGFs1BeCQ7Ab/K69OfOJEhnnkO6?= =?us-ascii?Q?+RDNXE+ZkyD2Qoad7Bk+bHFxmoEOBIrow6Lp/no8Pj3Bt7mMv9Cs0bS1s0by?= =?us-ascii?Q?PZg6OVLJt7/XN1qNf5K5SSzYlSZ8JuDIQKR8jjuvr4mG4eq58N8uWWBYT8c9?= =?us-ascii?Q?t1vpuGUI2OJy+rSzFSUVsnckfOIxh6ZAWme0x4QhI6VP2lMOH5eWMvNPBXYt?= =?us-ascii?Q?ZhWV3f+HPIpEzVRAThTwk4j9+V0rtTKBRSCRx9SyzNU5mLQKCinCyjrpOZyA?= =?us-ascii?Q?ix8e0W4xSOk2vpNgoWBGXO95Cr2B2B59SumsWM+Z27A8MEWLGqZgu22quRx/?= =?us-ascii?Q?RyA4YLqh1g5mkGtw0FSfZaePbmW62HrMueLRVDkc6iFUOBvY9dw1wt8vzJZP?= =?us-ascii?Q?2Dmu2OYpOI17WunH+4c4IazIXhcijMoEAAQ3RzfGgzwS++1e2bTt70KV79I9?= =?us-ascii?Q?wqxjvBLMzIZQv3UFp5r6mys9HyRq0PfOd2jYQTc?=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: MZRrcHEfXE7dkVnGYfKzyDDYzV1dvQ65c6QpvY3xlxioDzSPN3JduwEE5FNvr5AJEXCW1crNqIuielxth3uW3apsJ8b5b1GOR4MOOAZuFiHipNHT6yIGtnZk9j+sjSl5GwdPcRgzIC4V+Z0nQhpg3tkGMTV56FdM6pflEuEsaY6eLGORGACrkJk1iorsYvvbXHogXm9s1hlAp2LxWZ5GX7LuObB3eQvKQtCH7euDGwxir5+BVqWkaP4KxNm/COPERMBAqHLVwPLe5XGaiQJkh+1EL08A6vOgZBIfxssbf+nr5XmVaRBAdWTJW7SG3X2AK41e1xkmbEUfZYzUTDSaF/ECNLoGyDIe74zzoqm05yyzkLbFNV+gDYtFnZz4AWaOTuhyll6GyxBPjkH97CwuUlXdl5JTbsYpHvWUcOUH0L0=
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4483; 6:3VYialgj7LqHYCrVvtZvZxc24Z72VQSOX0L+JNEWsZTToEXY/VDwRiatF4S3P20hsS3LGY6HpECjkJ3+yOD8I6Oi0l0caOBfs6AN7L3llDH5/1P8Kl9wdbsqg0mq8AsbgIfaOqM8Ptu0+Vx5pcAeHk/FLtdn2N6U5FUR5XS9K2Q6no7fF/fsJiaPrIa9JBl/8IAVju7PJWxUO80/u4jBGN/RxGCrBI+aS7/tNLf3l5DwBYk8ctPqGNwQ6ZQe/VAhYq/iGe9uNYFIA+6037fvl2MvPHBXapQ07pit/UaQBpC5t5F1EGoSowI1jntU9lklzbNgTQhDPsW97dsNiwz3aeKTUvZ7rlhNQNP73YexRoFZmTGkiHb5kUEvixstA5Ufl4PdLxIFDSXO0cQxeTO5TKSLCzvBUkbl6XAoef2NUnSzs9XH/3m4a0hmxye04hwBQ3tdJnhQNWufCvFNmtmN2A==; 5:T2nCYOtfPF+jgBQrDenGHP5dgrMi0ckLE94eOPUmbZr42rPLRuJashhcaJhDum0MsdDMfRC5ZMUxkloBesyWaX2IxIJVX8xWhUNd5pq5tHRaNRirB0iU/akLaGhiF/AKtgbmIRZy7UcbtByCC1oZk6F00FYUHzaQBXpCaEOgW9KTCAWx8zANu1SYESghtSyvTudw84oIpDwe6aM4ul6SEA==; 7:zjW8eFF/kCXLTqJDHRR1clhNbW2xyJ0P88y1PZGfFp3cI/IWDTHnoL/4SRMSD4BHCjIEuK63T4ckglQ7h6a7xGa2faTj+IGuNCr73GVN1BTC7apD/+jHf62KBaOzRNT1pBGxVrvhIrsi193oMgOwpg==
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2019 21:17:33.9565 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 122caf7c-2370-4f67-24e4-08d683d3b0a4
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4483
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/k_pzE6zdckRtghJDXaJ83UwwJAQ>
Subject: Re: [mpls] [secdir] Secdir last call review of draft-ietf-mpls-lsp-ping-lag-multipath-05
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jan 2019 21:17:43 -0000

On Fri, Dec 14, 2018 at 02:11:21AM +0000, Mach Chen wrote:
> Hi Linda,
> 
> Thanks for the review!
> 
> Some responses inline...
> 
> > -----Original Message-----
> > From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of Linda Dunbar
> > Sent: Wednesday, December 12, 2018 4:24 AM
> > To: secdir@ietf.org
> > Cc: mpls@ietf.org; draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org;
> > ietf@ietf.org
> > Subject: Secdir last call review of draft-ietf-mpls-lsp-ping-lag-multipath-05
> > 
> > Reviewer: Linda Dunbar
> > Review result: Ready
> > 
> > I have reviewed this document as part of the security directorate's ongoing
> > effort to review all IETF documents being processed by the IESG.  These
> > comments were written primarily for the benefit of the security area
> > directors.  Document editors and WG chairs should treat these comments
> > just like any other last call comments.
> > 
> > The summary of the review is Ready with comment
> > 
> > The described mechanism for LSP Multipath Ping is very clear. The Security
> > Consideration re-uses the description of RFC8029, which is very
> > comprehensive.
> > It would be better if the draft describes how to prevent intermediate LSRs in
> > between the Initiating LSR and Responding LSR from mis-using the detailed
> > link information (e.g. forwarding to somewhere else).
> 
> The Echo Request and Reply messages are directly exchanged between the Initiating LSR and the Responding LSR, those intermediate LSRs just forward the messages as normal packets, they will not see the detailed link information unless if they inspect and do DPI on every packet forwarded by them. 
> 
> The detailed link information is supplied to the Initiating LSR for using, the intermediate LSRs will not try to use it even if they received the information, because there is no corresponding Echo Request to the received Echo Reply.  

The intermediate LSRs still will have access to the plaintext information,
even if in normal operation they do not need to act upon that information.
Generally in this sort of situation we will either explicitly state that
the intermediate nodes must be trusted to not abuse the information in
question, or provide some mechanism for end-to-end confidentiality
protection.

Also (noting that I only skimmed the document so this may not make sense),
the security considerations seem to suggest using an IP ACL for determining
which messages are trusted; IP ACLs are generally not recommended in favor
of cryptographic mechanisms at this point.

-Benjamin