Re: [OSPF] Stephen Farrell's No Objection on draft-ietf-ospf-te-metric-extensions-09: (with COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 05 January 2015 15:05 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87F271A8A3B; Mon, 5 Jan 2015 07:05:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dzpB2Eky2AxT; Mon, 5 Jan 2015 07:05:08 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D7601A8A3D; Mon, 5 Jan 2015 07:05:07 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 34920BEBC; Mon, 5 Jan 2015 15:05:05 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mWfybWc_kiFQ; Mon, 5 Jan 2015 15:05:05 +0000 (GMT)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id EE5E5BEB1; Mon, 5 Jan 2015 15:05:04 +0000 (GMT)
Message-ID: <54AAA820.5040000@cs.tcd.ie>
Date: Mon, 05 Jan 2015 15:05:04 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: John E Drake <jdrake@juniper.net>, "Acee Lindem (acee)" <acee@cisco.com>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>, 'The IESG' <iesg@ietf.org>
References: <20150104020718.29256.7059.idtracker@ietfa.amsl.com> <00d301d02802$60ed8990$22c89cb0$@olddog.co.uk> <D0D008E5.B001%acee@cisco.com> <BLUPR05MB5622DD9BB73D19F1C1268E0C7580@BLUPR05MB562.namprd05.prod.outlook.com>
In-Reply-To: <BLUPR05MB5622DD9BB73D19F1C1268E0C7580@BLUPR05MB562.namprd05.prod.outlook.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ospf/B-IsjqH1Xemsuk0rwS_wIdh8Ams
Cc: "ospf@ietf.org" <ospf@ietf.org>, "ospf-chairs@tools.ietf.org" <ospf-chairs@tools.ietf.org>, "draft-ietf-ospf-te-metric-extensions.all@tools.ietf.org" <draft-ietf-ospf-te-metric-extensions.all@tools.ietf.org>
Subject: Re: [OSPF] Stephen Farrell's No Objection on draft-ietf-ospf-te-metric-extensions-09: (with COMMENT)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jan 2015 15:05:13 -0000

Thanks all and sorry for being nitty:-)

S

On 05/01/15 15:00, John E Drake wrote:
> Acee,
> 
> I will take care of Stephen's nits and add the references you mention
> to the Security Considerations.
> 
> Yours Irrespectively,
> 
> John
> 
>> -----Original Message----- From: OSPF
>> [mailto:ospf-bounces@ietf.org] On Behalf Of Acee Lindem (acee) 
>> Sent: Monday, January 05, 2015 9:51 AM To: adrian@olddog.co.uk;
>> 'Stephen Farrell'; 'The IESG' Cc: ospf@ietf.org;
>> ospf-chairs@tools.ietf.org; draft-ietf-ospf-te-metric- 
>> extensions.all@tools.ietf.org Subject: Re: [OSPF] Stephen Farrell's
>> No Objection on draft-ietf-ospf-te- metric-extensions-09: (with
>> COMMENT)
>> 
>> Hi Stephen, Adrian,
>> 
>> On 1/4/15, 4:39 AM, "Adrian Farrel" <adrian@olddog.co.uk>; wrote:
>> 
>>> Hi Stephen,
>>> 
>>> I'd like the authors and shepherd to pitch in, but...
>>> 
>>>> - I'd have thought that these TLVs would be sent more often
>>>> than others, and that (if enormous amounts of money are in
>>>> play) then use of OSPF authentication might be more likely
>>>> needed (or some equivalent security mechanisms). I'd even
>>>> speculate that if enormous amounts of money are in play, then
>>>> confidentiality may become a requirement (since if I can
>>>> observe say A bit settings then that might give me insight into
>>>> traffic levels - sort of a lights burning at night in central
>>>> bank implies interest-rate change attack). Can you say why none
>>>> of that needs to be mentioned at all? Was any of that
>>>> considered by the WG? (Can you send a relevant link to the 
>>>> archive?)
>>> 
>>> I think you are raising two points: 1. Are the TLVs sent more
>>> often than others and what are the implications? 2. What can be
>>> learned from sniffing these TLVs?
>>> 
>>> To the first point, I don't think they are sent more often than
>>> other TE TLVs. Indeed metrics for loss and delay may be more
>>> stable than others, and Section 5 addresses measurement intervals
>>> and projects that on to announcement thresholds.
>>> 
>>> So the risk is that changes in bandwidth availability will cause
>>> rapid or frequent announcement of those metrics.  However, just
>>> like the original bandwidth metrics, implementations apply
>>> thresholds so that small changes don't trigger re-announcement in
>>> order to avoid stressing the
>> network.
>>> Section 6 discusses this.
>>> 
>>> Thus, I think we can discard 1.
>> 
>> 
>> Agreed. This is covered in sections 5 and 6.
>> 
>>> 
>>> The second point is important: you can find out a lot about a
>>> network by sniffing the IGP, and if your plan is to understand
>>> the state of your competitor's network or to find the week spots
>>> to attack, then this is a powerful tool. But in this matter I
>>> would argue that these no TLVs are no more sensitive than other,
>>> pre-existing TLVs, although (of course) the more TLVs, the more
>>> information is available to be sniffed.
>>> 
>>> So, the question is how do we protect IGP information as it is 
>>> advertised within a network. There are four elements: - IGP
>>> information is retained within an administrative domain. - If a
>>> router is compromised it has access to all of the information and
>>> there is nothing we can do. - If a node attempts to join a
>>> network to access the information it will be unknown and will not
>>> be able to peer. - If a link is sniffed (which is a somewhat more
>>> sophisticated attack) protection relies on encryption of the
>>> messages most probably at layer 2, but potentially at IP (which
>>> is an option for OSPF) or within the OSPF messages themselves.
>>> 
>>> I think all of this is just "IGP security as normal", was
>>> discussed by KARP, and is everyday business for network
>>> operators.
>> 
>> 
>> I agree. I canĀ¹t see that delay/loss would be more sensitive than
>> reachability information. I guess the premise is that one might
>> want to target better for links for DDoS attacks? I do not recall
>> this coming up in the discussions on either the OSPF or ISIS lists
>> (there is an ISIS draft advertising the same TLVs).
>> 
>> 
>>> 
>>> [snip]
>>> 
>>>> - The security considerations of RFC 3630, from 2003, is 11
>>>> lines long. Has nothing affected OSPF security in the last
>>>> decade+ that would be worth noting here?
>>> 
>>> That is a good point. There is plenty of newer security work.
>> 
>> This should include RFC 6863 for analysis, RFC 5709 for protection,
>> and draft-ietf-ospf-security-extension-manual-keying-11 for
>> protection. John?
>> 
>> Thanks, Acee
>> 
>> 
>>> 
>>> Adrian
>>> 
>> 
>> _______________________________________________ OSPF mailing list 
>> OSPF@ietf.org https://www.ietf.org/mailman/listinfo/ospf
>