[OPSAWG] Kathleen Moriarty's No Objection on draft-ietf-opsawg-capwap-alt-tunnel-08: (with COMMENT)

"Kathleen Moriarty" <Kathleen.Moriarty.ietf@gmail.com> Sun, 23 October 2016 16:57 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
To: The IESG <iesg@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147724184512.16086.16613553618779081340.idtracker@ietfa.amsl.com>
Date: Sun, 23 Oct 2016 09:57:25 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/qP0OQObJClY9X2mKNVb8agqGqrg>
Cc: opsawg-chairs@ietf.org, draft-ietf-opsawg-capwap-alt-tunnel@ietf.org, opsawg@ietf.org
Subject: [OPSAWG] Kathleen Moriarty's No Objection on draft-ietf-opsawg-capwap-alt-tunnel-08: (with COMMENT)

Kathleen Moriarty has entered the following ballot position for
draft-ietf-opsawg-capwap-alt-tunnel-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-capwap-alt-tunnel/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I'm surprised to see security is optional and an assertion that RFCs
published in 2009 covers everything.  Threats have evolved since then. 
In looking at RFC5415, Section 12.1, I see:

   Within CAPWAP, DTLS is used to secure the link between the WTP and
   AC.  In addition to securing control messages, it's also a link in
   this chain of trust for establishing link layer keys.  Consequently,
   much rests on the security of DTLS.
 
    In some CAPWAP deployment scenarios, there are two channels between
   the WTP and AC: the control channel, carrying CAPWAP Control
   messages, and the data channel, over which client data packets are
   tunneled between the AC and WTP.  Typically, the control channel is
   secured by DTLS, while the data channel is not.

   The use of parallel protected and unprotected channels deserves
   special consideration, but does not create a threat.  There are two
   potential concerns: attempting to convert protected data into
   unprotected data and attempting to convert un-protected data into
   protected data.  These concerns are addressed below.

Wouldn't interception and tampering of that traffic pose a threat?  How
about gaining access to the control channel?

While I don't think this is the right draft to make changes for RFC5415,
I don't think it's adequate to say the control channel is optional for
encryption.  I could see how the data might be handled elsewhere.  The
description discusses this as talking to hundreds of thousands of access
points, isn't that access a threat?  

This draft allows for additional encapsulation methods, we could require
encryption for these new encapsulation methods.

This should probably be a discuss, so I would appreciate some discussion
on this to see if we have option here or if something will change in the
referenced RFCs soon.

Thank you.

[OPSAWG] Kathleen Moriarty's No Objection on draf… Kathleen Moriarty
Re: [OPSAWG] Kathleen Moriarty's No Objection on … Duzongpeng
Re: [OPSAWG] Kathleen Moriarty's No Objection on … Warren Kumari
Re: [OPSAWG] Kathleen Moriarty's No Objection on … Kathleen Moriarty
Re: [OPSAWG] Kathleen Moriarty's No Objection on … joel jaeggli
Re: [OPSAWG] Kathleen Moriarty's No Objection on … Duzongpeng
Re: [OPSAWG] Kathleen Moriarty's No Objection on … Randy Bush
Re: [OPSAWG] Kathleen Moriarty's No Objection on … Duzongpeng
Re: [OPSAWG] Kathleen Moriarty's No Objection on … Warren Kumari