IETF Logo Mail Archive

Re: [mpls] LDP Security

Eric Gray <eric.gray@ericsson.com> Wed, 08 November 2017 21:34 UTC

Return-Path: <eric.gray@ericsson.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E58C3126DEE; Wed, 8 Nov 2017 13:34:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wMmRrrYhRu-4; Wed, 8 Nov 2017 13:34:23 -0800 (PST)
Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1760126BF7; Wed, 8 Nov 2017 13:34:22 -0800 (PST)
X-AuditID: c618062d-8d7ff70000004288-f3-5a03785d200c
Received: from EUSAAHC005.ericsson.se (Unknown_Domain [147.117.188.87]) by usplmg20.ericsson.net (Symantec Mail Security) with SMTP id 6C.D4.17032.D58730A5; Wed, 8 Nov 2017 22:34:21 +0100 (CET)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC005.ericsson.se ([147.117.188.87]) with mapi id 14.03.0352.000; Wed, 8 Nov 2017 16:34:21 -0500
From: Eric Gray <eric.gray@ericsson.com>
To: Stewart Bryant <stewart.bryant@gmail.com>, "sec-ads@ietf.org" <sec-ads@ietf.org>, "<rtg-ads@ietf.org>" <rtg-ads@ietf.org>
CC: "mpls@ietf.org" <mpls@ietf.org>, "pals-chairs@tools.ietf.org" <pals-chairs@tools.ietf.org>, "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, "pals@ietf.org" <pals@ietf.org>
Thread-Topic: [mpls] LDP Security
Thread-Index: AQHTWLbpcFjTDKhuoEWsKIVkOj1Ru6MLAD6w
Date: Wed, 08 Nov 2017 21:34:20 +0000
Message-ID: <48E1A67CB9CA044EADFEAB87D814BFF64B870052@eusaamb107.ericsson.se>
References: <2da71163-cf29-cba6-df61-d75a2cfc9c43@gmail.com> <d3b28075-d8c0-c677-1f4b-6ad5ee5539ca@gmail.com> <CAA=duU2PzZLymVZk-PR9B94Pj1WMsHe+TTv51Ukef2MaSg-DbA@mail.gmail.com> <5994f353-5306-0fa8-2d2d-024ebdbb10df@gmail.com> <CAA=duU2YLjSg8Q5PDT+u9cxn9u2xsiPu-imBJrnyL3bfkQFW7A@mail.gmail.com> <7ee4fd77-7d8d-0db2-527e-9cf91d87e634@gmail.com> <CAA=duU3nJsS86udidgkH9jhB9ZD+xaRa2A4MniAVL1BpGE78ZQ@mail.gmail.com> <cf0cb5a4-cc21-97e1-1c26-38974bf9c0be@pi.nu> <51b9e5b4-0a44-1449-a4df-91e4f9df5d6b@pi.nu> <CAA=duU2R9kBMWnRdwPPO49LF1Jc1tyrxvwkyTgaE6SC6jsVruw@mail.gmail.com> <02a50f02-779e-bc39-505c-5a51d066b3f0@pi.nu> <CAA=duU1qV-LiU5pR7VtLLVGtb-8nZHrnUqVyOKpST3-6Dr-Xgw@mail.gmail.com> <ce2c75b6-156d-da80-91d7-b7e6ba2059a0@gmail.com> <CAA=duU1xvV0genbR0CBx2rmpOWUkFmRJX3qrMEp21gTd1HOVww@mail.gmail.com> <f0d553da-0ac4-e794-5cd5-d9cc95063dc6@pi.nu> <15335748-e900-280d-554f-24c55c0f3ba5@gmail.com>
In-Reply-To: <15335748-e900-280d-554f-24c55c0f3ba5@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.10]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphkeLIzCtJLcpLzFFi42KZXLonXDe2gjnKYOoNc4t1l0+xWdxaupLV 4vmVBYwWa/6tY7I4OecHs8X66V9YLE49SHRg99g56y67x5IlP5k8vlz+zBbAHMVlk5Kak1mW WqRvl8CVcehBE2vBDv2K3b/+sjQwztHrYuTkkBAwkZh4/yJbFyMXh5DAEUaJrr/72CGcZYwS L9reMIFUsQloSBy7s5YRxBYRqJdYv+wOM0gRs8AmRokvPZOAHA4OYQEFiWv/pCBqFCXuXpnJ BmEbSaxv2cMOYrMIqEhs3NIFNodXwFdi77LvUJsXsktMfj8LbBmngK3Ekld3WEBsRgExie+n 1oDFmQXEJW49mc8EcbaAxJI955khbFGJl4//sULYShKTlp5jBbmHWUBTYv0ufYhWRYkp3Q/Z IfYKSpyc+YRlAqPoLCRTZyF0zELSMQtJxwJGllWMHKXFBTm56UYGmxiBcXRMgk13B+P96Z6H GAU4GJV4eCekM0cJsSaWFVfmHmKU4GBWEuG1zgQK8aYkVlalFuXHF5XmpBYfYpTmYFES551w /kKEkEB6YklqdmpqQWoRTJaJg1OqgVFRLfHEyZCXe9und6+vDDNbma23xyHJwOTIlfDIIxtY WlzdZ/lXyd5N6tB88HKxnb3RSYEEppc/Gks4el1jngvraRo8nfu8S+Gxic5y7yc/e1u5goJc uneurv1fOFfDSt/i344jrosby7e1xtxPMexT89pd2OTpPPmuyd+nBduCvt8JulcyV4mlOCPR UIu5qDgRAMj5JB2fAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/rnAvjbhTfesevGvITTU0QKJDaUA>
Subject: Re: [mpls] LDP Security
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 21:34:25 -0000

Stewart,

	LDP uses the same security measures that were available in BGP implementations at the time of LDP specification, for reasons that were pretty obvious to anyone who implemented LDP based on BGP.

	I can think of no reason why any more complicated approach might be required than you have suggested, based on the evolution of BGP.

--
Eric

-----Original Message-----
From: mpls [mailto:mpls-bounces@ietf.org] On Behalf Of Stewart Bryant
Sent: Wednesday, November 08, 2017 12:28 PM
To: sec-ads@ietf.org; <rtg-ads@ietf.org> <rtg-ads@ietf.org>
Cc: mpls@ietf.org; pals-chairs@tools.ietf.org; mpls-chairs@ietf.org; pals@ietf.org
Subject: [mpls] LDP Security

To the SEC and RTG ADs,

I am sending the following message on behalf of the MPLS and the PALS WG Chairs.

There is a concern shared among the security community and the working groups that develop the LDP protocol that LDP is no longer adequately secured. LDP currently relies on MD5 for cryptographic security of its messages, but MD5 is a hash function that is no longer considered to meet current security requirements.

In RFC5036 (published 2007) Section 5.1 (Spoofing) , List element 2. 
Session communication carried by TCP the following statements is made:

"LDP specifies use of the TCP MD5 Signature Option to provide for the authenticity and integrity of session messages.

"[RFC2385] asserts that MD5 authentication is now considered by some to be too weak for this application.  It also points out that a similar TCP option with a stronger hashing algorithm (it cites SHA-1 as an example) could be deployed.  To our knowledge, no such TCP option has been defined and deployed.  However, we note that LDP can use whatever TCP message digest techniques are available, and when one stronger than MD5 is specified and implemented, upgrading LDP to use it would be relatively straightforward."

We note that BGP has already been through this process, and replaced MD5 with TCP-AO in RFC 7454. I would be logical to follow the same approach to secure LDP. However, as far as we are able to ascertain, there is currently no recommended, mandatory to implement, cryptographic function specified. We are concerned that without such a mandatory function, implementations will simply fall back to MD5 and we will be no further forward

We think that the best way forward is to publish a draft similar to RFC
7454 that contains the following requirement:

"Implementations conforming to this RFC MUST implement TCP-AO to secure the TCP sessions carrying LDP in addition to the currently required TCP
MD5 Signature Option. Furthermore, the TBD cryptographic mechanism must be implemented and provided to TCP-AO to secure LDP messages. The TBD mechanism is the preferred option, and MD5 is only to be used when TBD is unavailable."

We are not an experts on this part of the stack, but it seems that TCP security negotiation is still work in progress. If we are wrong, then we need to include a requirement that such negotiation is also required. In the absence of a negotiation protocol, however, we need to leave this as a configuration process until such time as the negotiation protocol work is complete. On completion of a suitable negotiation protocol we need to issue a further update requiring its use.

Additionally we should note that no cryptographic mechanism has an indefinite lifetime, and that implementation should note the IETF anticipates updating the default cryptographic mechanism over time.

The TBD default security function will need to be chosen such that it can reasonably be implemented on a typical router route processor, and which will provide adequate security without significantly degrading the convergence time of an LSR. Without a function that does not significantly impact router convergence we simply close one vulnerability and open another.

As experts on the LDP protocol, but not on security mechanisms, we  need to ask the security area for a review of our proposed approach, and help correcting any misunderstanding of the security issues or our misunderstanding of the existing security mechanisms. We also need the recommendations of a suitable security function (TBD in the above text).

Best regards

The MPLS WG Chairs
The PALS WG Chairs


_______________________________________________
mpls mailing list
mpls@ietf.org
https://www.ietf.org/mailman/listinfo/mpls

v2.23.0 | Report a Bug | By Email