Re: [pim] Stephen Farrell's Discuss on draft-ietf-pim-rfc4601bis-05: (with DISCUSS)
William Atwood <william.atwood@concordia.ca> Thu, 28 May 2015 15:54 UTC
Return-Path: <william.atwood@concordia.ca>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B2201B2AEA; Thu, 28 May 2015 08:54:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.544
X-Spam-Level:
X-Spam-Status: No, score=-3.544 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_SOFTFAIL=0.665, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vWPetYUASpi3; Thu, 28 May 2015 08:54:34 -0700 (PDT)
Received: from oldperseverance.encs.concordia.ca (oldperseverance.encs.concordia.ca [132.205.96.92]) by ietfa.amsl.com (Postfix) with ESMTP id 025C61B2BE0; Thu, 28 May 2015 08:51:10 -0700 (PDT)
Received: from [IPv6:::1] (bill@poise.encs.concordia.ca [132.205.2.209]) by oldperseverance.encs.concordia.ca (envelope-from william.atwood@concordia.ca) (8.13.7/8.13.7) with ESMTP id t4SFp0OU018483; Thu, 28 May 2015 11:51:00 -0400
Message-ID: <5567396A.7050906@concordia.ca>
Date: Thu, 28 May 2015 11:51:06 -0400
From: William Atwood <william.atwood@concordia.ca>
Organization: Concordia University, Montreal
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <20150526130833.24322.71081.idtracker@ietfa.amsl.com> <5564833F.6060004@innovationslab.net> <55648A58.30002@cs.tcd.ie> <CAKKJt-cBn_MtLag=aDx7bD9G3NhDXYtvF6OG41eaFK3SHCQjvg@mail.gmail.com>
In-Reply-To: <CAKKJt-cBn_MtLag=aDx7bD9G3NhDXYtvF6OG41eaFK3SHCQjvg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------030405010302060706060405"
X-Scanned-By: MIMEDefang 2.58 on oldperseverance.encs.concordia.ca at 2015-05-28 11:51:03 EDT
Archived-At: <http://mailarchive.ietf.org/arch/msg/pim/ADrUFS-Xb6W1XMHjZI4VbdqtEwE>
Cc: draft-ietf-pim-rfc4601bis@ietf.org, Brian Haberman <brian@innovationslab.net>, pim-chairs@ietf.org, The IESG <iesg@ietf.org>, pim@ietf.org
Subject: Re: [pim] Stephen Farrell's Discuss on draft-ietf-pim-rfc4601bis-05: (with DISCUSS)
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2015 15:54:43 -0000
Hi, Spenser, On 28/05/2015 9:21 AM, Spencer Dawkins at IETF wrote: > Hi, Stephen, > > On Tue, May 26, 2015 at 9:59 AM, Stephen Farrell > <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> wrote: > > > > On 26/05/15 15:29, Brian Haberman wrote: > > Hi Stephen, > > > > On 5/26/15 9:08 AM, Stephen Farrell wrote: > >> Stephen Farrell has entered the following ballot position for > >> draft-ietf-pim-rfc4601bis-05: Discuss > >> > >> When responding, please keep the subject line intact and reply > to all > >> email addresses included in the To and CC lines. (Feel free to > cut this > >> introductory paragraph, however.) > >> > >> > >> Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > >> for more information about IESG DISCUSS and COMMENT positions. > >> > >> > >> The document, along with other ballot positions, can be found here: > >> https://datatracker.ietf.org/doc/draft-ietf-pim-rfc4601bis/ > >> > >> > >> > >> > ---------------------------------------------------------------------- > >> DISCUSS: > >> > ---------------------------------------------------------------------- > >> > >> > >> > >> 4601 used IPsec AH for it's MTI security. This removes that and > >> points at 5796 which defines how to use ESP for link local > >> addresses and with manual keying. That raises one technical > >> question and two ickky process questions. The ickky process > >> questions are probably best discussed between the IESG at least > >> initially in case we don't need to bother the authors/wg with > >> 'em. > >> > >> (1) I'd like to check that 5796 defines a way in which one can > >> secure all PIM messages that are defined here in 4601bis (should > >> one want to do that). If there are cases where PIM-SM can be > >> used and where there is no well defined security then I think > >> that would be a problem. And I think maybe there are such cases. > >> Am I wrong? If not, then how does one secure those? > > > > 5796 focuses on the link-local messages (i.e., directly-connected > > peers), but does say > > > > Securing the unicast messages can be achieved by the use of a > normal > > unicast IPsec Security Association (SA) between the two > communicants. > > > > The above refers to the set of PIM messages that are not sent as > > link-local. My opinion is that this is sufficient given the > uses of PIM > > as defined in 4601. > > Hmm. So you're saying that the way to secure PIM-SM is to have a set > of unicast IPsec SAs that cover all of the routers in the MC group? > That seems a bit odd doesn't it? > No, it's a set of unicast IPsec SAs that cover all of the _routers_closest_to_senders_ in the MC group. For the cases where multicast really makes a difference (i.e., few senders, many receivers) this is likely to be a much smaller set. Bill > > > >> (2) Is it ok for an IS to depend on a PS for it's MTI security > >> mechanism? (I think it is, but yeah, someone else might not.) > > > > I don't see why not. > > I agree I think, but would like to check if that's an IESG opinion > or just you and me. (Can be done on the call.) > > > We can talk about it on the call, but I'm agreeing with you and with > Barry, as is Alvero. > > Spencer > > > > > >> > >> (3) Is it ok for an IS to not conform to BCP107? (I think it > >> depends, and I'm not sure in this case.) > > > > I am not sure how BCP 107 relates since it discusses Guidelines for > > Cryptographic Key Management and the crypto stuff is now > referred to via > > 5796. > > Abstract of 5796 says it only supports manual keying. BCP107 says > you have to define automated keying (with some exceptions into which > PIM-SM doesn't fit). Those do seem to be in conflict I think. > > S. > > > > > > Regards, > > Brian > > > > > > > _______________________________________________ > pim mailing list > pim@ietf.org > https://www.ietf.org/mailman/listinfo/pim -- Dr. J.W. Atwood, Eng. tel: +1 (514) 848-2424 x3046 Distinguished Professor Emeritus fax: +1 (514) 848-2830 Department of Computer Science and Software Engineering Concordia University EV 3.185 email:william.atwood@concordia.ca 1455 de Maisonneuve Blvd. West http://users.encs.concordia.ca/~bill Montreal, Quebec Canada H3G 1M8
- [pim] Stephen Farrell's Discuss on draft-ietf-pim… Stephen Farrell
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Brian Haberman
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Barry Leiba
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Stephen Farrell
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Brian Haberman
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Alvaro Retana (aretana)
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Spencer Dawkins at IETF
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… William Atwood
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Jeffrey (Zhaohui) Zhang
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Stephen Farrell
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Stig Venaas
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… William Atwood
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Stephen Farrell
- Re: [pim] Stephen Farrell's Discuss on draft-ietf… Jeffrey (Zhaohui) Zhang