IETF Logo Mail Archive

Re: [OSPF] Kathleen Moriarty's Discuss on draft-ietf-ospf-prefix-link-attr-10: (with DISCUSS)

Alia Atlas <akatlas@gmail.com> Wed, 19 August 2015 15:58 UTC

Return-Path: <akatlas@gmail.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E602D1B2ACB; Wed, 19 Aug 2015 08:58:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.999
X-Spam-Level:
X-Spam-Status: No, score=-101.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id krwlK45_843x; Wed, 19 Aug 2015 08:58:00 -0700 (PDT)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DA481B2A8D; Wed, 19 Aug 2015 08:58:00 -0700 (PDT)
Received: by oiev193 with SMTP id v193so5655298oie.3; Wed, 19 Aug 2015 08:58:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Dang2a4k8X++9+EOBQhLy/ph7E7smdjtHLcKKPzrmhI=; b=g7yf6qJfWOFRZYsjkKdAdPP+a+/s/1etR/vzUahecRnHFQ9rbORV8xhuj9a3EyH51E c2/1Z3RjMT6u0uewjbz9aRiK9UabxGhL7hyUQ2HGFfUwMSjJdALXzaTya5CM6qOpTl/X wUZcgjn05E0dw/kjw6i8s6gvaolWDuys0eQ1QOx/sDNR7eDQ+xeTxMHMfN+YtHqF6FJd wSBxNwLv3jBa1Rn84cnEg5OVurjIyJyU0owyE5h9q2wNcfH1wWT1vFwFHhUdX/5G/U8J fiwm4t3syhM9l9Meoxb9Nl2LBTtkyoK7MwxvGV6Fcf4ayQsvKGubMB5AH3IsNq7IMPwb 4FCw==
MIME-Version: 1.0
X-Received: by 10.202.175.143 with SMTP id y137mr10863221oie.22.1439999879878; Wed, 19 Aug 2015 08:57:59 -0700 (PDT)
Received: by 10.60.176.138 with HTTP; Wed, 19 Aug 2015 08:57:59 -0700 (PDT)
In-Reply-To: <CAHbuEH6p9nsK=RGq5qtN4O2BEaO5AmEhrOTHz-1B++REuZS_RA@mail.gmail.com>
References: <20150817200640.5272.4712.idtracker@ietfa.amsl.com> <D1F7DABC.2BC37%acee@cisco.com> <CAHbuEH4Cwj4EmiqpBmb1g+SVezPNjJff9RiMuVi-B0EmtSTF2Q@mail.gmail.com> <D1F8DE85.2BD4C%acee@cisco.com> <CAHbuEH7f=qFnj3SrgDvP=Dnmp93GWzPGyBgP+6dvp-GA_=dLBA@mail.gmail.com> <D1F9004C.2BD9D%acee@cisco.com> <CAHbuEH4wwar_CnrS9WMFcZrexRwNPDtjc8pWtGFOXobCU9hN_A@mail.gmail.com> <D1F9025A.2BDBA%acee@cisco.com> <CAHbuEH6p9nsK=RGq5qtN4O2BEaO5AmEhrOTHz-1B++REuZS_RA@mail.gmail.com>
Date: Wed, 19 Aug 2015 11:57:59 -0400
Message-ID: <CAG4d1rfgD50kCmprXY4CG9rvTadcd7UZDYz3M2uoyawbmUDivA@mail.gmail.com>
From: Alia Atlas <akatlas@gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a113ce89e511e40051dac19c2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ospf/bv5iiuz85uoBbnK9krY0EYc8JCA>
Cc: "ospf@ietf.org" <ospf@ietf.org>, "draft-ietf-ospf-prefix-link-attr@ietf.org" <draft-ietf-ospf-prefix-link-attr@ietf.org>, "draft-ietf-ospf-prefix-link-attr.shepherd@ietf.org" <draft-ietf-ospf-prefix-link-attr.shepherd@ietf.org>, "draft-ietf-ospf-prefix-link-attr.ad@ietf.org" <draft-ietf-ospf-prefix-link-attr.ad@ietf.org>, The IESG <iesg@ietf.org>, "ospf-chairs@ietf.org" <ospf-chairs@ietf.org>
Subject: Re: [OSPF] Kathleen Moriarty's Discuss on draft-ietf-ospf-prefix-link-attr-10: (with DISCUSS)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2015 15:58:03 -0000

Hi Kathleen,

As discussed, the type field in the TLVs and sub-TLVs are limited to their
range.
This draft in the IANA considerations specifies what the range for those
values are.
This is just as has been done with other OSPF TLVs ( for example
http://www.iana.org/assignments/ospf-traffic-eng-tlvs/ospf-traffic-eng-tlvs.xhtml#top-level
)
For future extensibility, it is important to be able to distribute unknown
TLVs
throughout the IGP; sometimes, only routers in particular roles will care
about the information.

However, the length field constrains how big the value can be and any
problems
with parsing it into an opaque value would cause the LSA to be considered
malformed.

I hope this clarifies?

Thanks,
Alia

On Wed, Aug 19, 2015 at 10:44 AM, Kathleen Moriarty <
kathleen.moriarty.ietf@gmail.com> wrote:

> Hi Acee,
>
> Alia and I talked about this yesterday and she will be following up
> from that discussion.  It may just point back to previous RFCs that
> cover my concern or may result in a change to text.
>
> Stand by...
>
> Thank you.
>
> On Tue, Aug 18, 2015 at 3:42 PM, Acee Lindem (acee) <acee@cisco.com>
> wrote:
> >
> >
> > On 8/18/15, 3:38 PM, "Kathleen Moriarty"
> > <kathleen.moriarty.ietf@gmail.com> wrote:
> >
> >>On Tue, Aug 18, 2015 at 3:35 PM, Acee Lindem (acee) <acee@cisco.com>
> >>wrote:
> >>> Hi Kathleen,
> >>>
> >>> On 8/18/15, 1:54 PM, "Kathleen Moriarty"
> >>> <kathleen.moriarty.ietf@gmail.com> wrote:
> >>>
> >>>>Acee,
> >>>>
> >>>>On Tue, Aug 18, 2015 at 1:20 PM, Acee Lindem (acee) <acee@cisco.com>
> >>>>wrote:
> >>>>> Hi Kathleen,
> >>>>>
> >>>>> On 8/18/15, 10:57 AM, "Kathleen Moriarty"
> >>>>> <kathleen.moriarty.ietf@gmail.com> wrote:
> >>>>>
> >>>>>>Thank you for your quick response, Acee.  I just have one tweak
> inline
> >>>>>>that is usually important from a security standpoint.
> >>>>>>
> >>>>>>On Mon, Aug 17, 2015 at 6:46 PM, Acee Lindem (acee) <acee@cisco.com>
> >>>>>>wrote:
> >>>>>>> Hi Kathleen,
> >>>>>>> Here are the updated "Security Considerations” after addressing
> >>>>>>>Alvaro’s
> >>>>>>> comments.
> >>>>>>>
> >>>>>>> 6.  Security Considerations
> >>>>>>>
> >>>>>>>    In general, new LSAs defined in this document are subject to the
> >>>>>>>same
> >>>>>>>    security concerns as those described in [OSPFV2] and [OPAQUE].
> >>>>>>>
> >>>>>>>    OSPFv2 applications utilizing these OSPFv2 extensions must
> define
> >>>>>>>the
> >>>>>>>    security considerations relating to those applications in the
> >>>>>>>    the specifications corresponding to those applications.
> >>>>>>>
> >>>>>>>    Additionally, implementations must assure that malformed TLV and
> >>>>>>>Sub-
> >>>>>>>    TLV permutations are detected and do not provide a vulnerability
> >>>>>>>for
> >>>>>>>    attackers to crash the OSPFv2 router or routing process.
> >>>>>>>Malformed
> >>>>>>>    LSAs MUST NOT be stored in the Link State Database (LSDB),
> >>>>>>>    acknowledged, or reflooded.  Reception of malformed LSAs SHOULD
> >>>>>>>be
> >>>>>>>    counted or logged for further analysis.
> >>>>>>
> >>>>>>Can you add in a sentence that says something to the effect of:
> >>>>>>
> >>>>>>Only valid TLVs and Sub-TLVs may be processed according to
> >>>>>>specifications in section 2.
> >>>>>
> >>>>> This depends on how you define “valid”. For extendability, an
> >>>>> implementation considers any TLV or Sub-TLV that is properly formed
> as
> >>>>> valid. Of course, it only uses the TLV and Sub-TLVs that it knows how
> >>>>>to
> >>>>> interpret. Hence, the LSA will be considered valid and be stored in
> >>>>>the
> >>>>> LSDB and reflooded. This is the reason for using a TLV based encoding
>

v2.23.0 | Report a Bug | By Email