Re: [pcp] Stephen Farrell's Discuss on draft-ietf-pcp-third-party-id-option-04: (with DISCUSS and COMMENT)
Rolf Winter <Rolf.Winter@neclab.eu> Sun, 24 January 2016 12:20 UTC
Return-Path: <Rolf.Winter@neclab.eu>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 662401B2F73; Sun, 24 Jan 2016 04:20:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.603
X-Spam-Level:
X-Spam-Status: No, score=-2.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ii8wsmpPTIiE; Sun, 24 Jan 2016 04:20:41 -0800 (PST)
Received: from mailer1.neclab.eu (mailer1.neclab.eu [195.37.70.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B06841B2F71; Sun, 24 Jan 2016 04:20:40 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailer1.neclab.eu (Postfix) with ESMTP id 6780B10C0C2; Sun, 24 Jan 2016 13:20:38 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (netlab.nec.de)
Received: from mailer1.neclab.eu ([127.0.0.1]) by localhost (atlas-a.office.hd [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Le9iefvhfHt; Sun, 24 Jan 2016 13:20:38 +0100 (CET)
X-ENC: Last-Hop-TLS-encrypted
X-ENC: Last-Hop-TLS-encrypted
Received: from METHONE.office.hd (methone.office.hd [192.168.24.54]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailer1.neclab.eu (Postfix) with ESMTPS id 3EE8010C0C0; Sun, 24 Jan 2016 13:20:28 +0100 (CET)
Received: from PALLENE.office.hd ([169.254.1.139]) by METHONE.office.hd ([192.168.24.54]) with mapi id 14.03.0210.002; Sun, 24 Jan 2016 13:20:06 +0100
From: Rolf Winter <Rolf.Winter@neclab.eu>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: [pcp] Stephen Farrell's Discuss on draft-ietf-pcp-third-party-id-option-04: (with DISCUSS and COMMENT)
Thread-Index: AQHRImV1PctqD0Z9kki3/CZyG3feAZ8K+bhA
Date: Sun, 24 Jan 2016 12:20:06 +0000
Message-ID: <791AD3077F94194BB2BDD13565B6295DA9D00E13@PALLENE.office.hd>
References: <20151119005841.24419.23001.idtracker@ietfa.amsl.com>
In-Reply-To: <20151119005841.24419.23001.idtracker@ietfa.amsl.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.7.0.197]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/pcp/-Q0eLMjXzq4eUnkmBYkF6fByUJU>
Cc: "pcp@ietf.org" <pcp@ietf.org>, "draft-ietf-pcp-third-party-id-option@ietf.org" <draft-ietf-pcp-third-party-id-option@ietf.org>, "pcp-chairs@ietf.org" <pcp-chairs@ietf.org>
Subject: Re: [pcp] Stephen Farrell's Discuss on draft-ietf-pcp-third-party-id-option-04: (with DISCUSS and COMMENT)
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 12:20:43 -0000
Hi Stephen, please see inline: NEC Europe Ltd | Registered Office: Athene, Odyssey Business Park, West End Road, London, HA4 6QE, GB | Registered in England 2832014 > Stephen Farrell has entered the following ballot position for > draft-ietf-pcp-third-party-id-option-04: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss- > criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-pcp-third-party-id-option/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > (1) The THIRD_PARTY stuff in PCP was always a bit concerning from a > security point of view. RFC 6887 says that you MUST NOT implement or > use that except in some specific environments. At the time we would > have liked to say that you MUST use PCP authentication when using that > but RFC 7652 wasn't done until some time later. My DISCUSS question > though is: why can't you distinguish based on a Key ID used with PCP > authentication? Because you'll need a tunnel technology specific ID. The PCP-controlled device needs to know to which tunnel this requested mapping (IP in the third party option) belongs. We added some text to the document which hopefully makes this clearer: The THIRD_PARTY option carries a value of an internal IP address of a NAT map entry. The THIRD_PARTY_ID carries a value of an internal realm of a NAT map entry. Upon receiving a valid request with a legal THIRD_PARTY_ID option identifier, the message is processed as specified in [RFC6887], except that the identifier contained in the THIRD_PARTY_ID is used in addition when accessing a mapping table. Instead of just using the value contained in the THIRD_PARTY option when accessing the internal Internet address of a mapping table, now the combination of the two values contained in the THIRD_PARTY option and in the THIRD_PARTY_ID option is used to access the combination of internal Internet address and internal realm of a NAT map entry. > Wouldn't that help with the privacy concerns (one can manage Key IDs > well if one wants) and also with the secrity concerns, and I would > guess it should solve the tunnel issues that this is intended to > address as well? (There may be good reasons why that doesn't work of > course, but I'd like to understand them.) I am not sure how that would solve the overall problem. Say someone uses L2TPv3 or GRE (or any other protocol really) as the tunneling protocol, then you're bound to use IDs from those protocols. They are not linked to the PCP sessions (indeed the scenario in the draft shows that PCP messages are not even delivered over the tunnel). Regarding authentication, we added text to the security considerations section and used normative language to mandate authenticated access to the PCP client function. > > (2) Section 7: The "must be fully trusted" phrase is not a good one to > use - iirc that was a compromise figured out to allow PCP to proceed > ahead of the PCP auth spec. And of course, it's really a nonsense. I > think you should properly characterise the issues or else delete the > unfortunate phrase. We added text to the security considerations section (incl. normative language). > I also think you should not encourage the use of > this for carrying location or profile information. What "Means" exist > that could be used to really protect this? And why do you want to > "protect unauthorized access"? that's oddly phrased at best. All in all > I think you need better text for section 7, and I'm happy to try help > find that. We now restrict the usage of the option as defined in this document to the exact use case as described. In particular, the document now clearly states: However, the use of the THIRD_PARTY_ID option as specified in this document is restricted to scenarios where the option is needed for the purpose of uniquely identifying an internal host in addition to the information found in the THIRD_PARTY option. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > I share the concerns relating to possible use of long term identifiers > here and thus support the DISCUSSes from Alissa and Joel. We have text that discusses this now in the security considerations section. Best, Rolf > > > _______________________________________________ > pcp mailing list > pcp@ietf.org > https://www.ietf.org/mailman/listinfo/pcp
- [pcp] Stephen Farrell's Discuss on draft-ietf-pcp… Stephen Farrell
- Re: [pcp] Stephen Farrell's Discuss on draft-ietf… Rolf Winter
- Re: [pcp] Stephen Farrell's Discuss on draft-ietf… Stephen Farrell