IETF Logo Mail Archive

Re: [pim] AD Review of draft-ietf-pim-explicit-rpf-vector-06

"Alvaro Retana (aretana)" <aretana@cisco.com> Wed, 28 October 2015 19:20 UTC

Return-Path: <aretana@cisco.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BAB91A1AE8; Wed, 28 Oct 2015 12:20:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k1QgFEC3mjS6; Wed, 28 Oct 2015 12:20:55 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0E031A1AB9; Wed, 28 Oct 2015 12:20:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3069; q=dns/txt; s=iport; t=1446060054; x=1447269654; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=aJaxVoqLxzv9UrIHdCoTIXpjy/ZlLwuhzUfCeIxFnCo=; b=i+JEJwuJHlYy8qNjApm6SzIBXWu2c/CKdKPbGxppglKxICUM338ILIU7 xlxjKa0isgfdKHigpUqjmvCZ1+8QWskCLL5MzQu9HdSuIi5ZqA4oGGk9N VEFR1jy63YlxBmIfvBrdiP8DbbNYsYsjVFoiX+jpdVW4H1+qxonkO8hU+ U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D1AQC/HzFW/5xdJa1egzaBNA8GvxYBDYFahhsCgT04FAEBAQEBAQGBCoQ1AQEBBDo/EAIBCBEEAQEBHhAhER0IAgQOBYgbAxLBTg2ESQEBAQEBAQEBAQEBAQEBAQEBAQEBARiGdwGEfYJTgj0HBoQoAQSSZYNYAYgLgyKBdoFZhD+HNIcZh04BHwEBQoIMgXhyhHeBBgEBAQ
X-IronPort-AV: E=Sophos;i="5.20,211,1444694400"; d="scan'208";a="42009279"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-6.cisco.com with ESMTP; 28 Oct 2015 19:20:54 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id t9SJKsM2013834 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 28 Oct 2015 19:20:54 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 28 Oct 2015 14:20:29 -0500
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.000; Wed, 28 Oct 2015 14:20:29 -0500
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: "Sowmya Krishnaswamy (sowkrish)" <sowkrish@cisco.com>
Thread-Topic: AD Review of draft-ietf-pim-explicit-rpf-vector-06
Thread-Index: AQHRARViSI1V4VTqsU2ooCLfzKJFqA==
Date: Wed, 28 Oct 2015 19:20:29 +0000
Message-ID: <D2569315.E69D5%aretana@cisco.com>
References: <D239907B.D7D75%aretana@cisco.com> <1445897287704.60786@cisco.com> <D255048B.E6306%aretana@cisco.com> <1448310480492.34744@cisco.com> <FE62691C-EA0B-449B-A348-65679A9C06F9@cisco.com> <1446056897910.60352@cisco.com>
In-Reply-To: <1446056897910.60352@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.117.15.3]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2EBD79F2771F1346B7E42068F1A4EBEA@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/pim/TEatuptc7UfPQ47j7xjzfXGrzdo>
Cc: "draft-ietf-pim-explicit-rpf-vector@ietf.org" <draft-ietf-pim-explicit-rpf-vector@ietf.org>, "mmcbride7@gmail.com" <mmcbride7@gmail.com>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>, "pim@ietf.org" <pim@ietf.org>
Subject: Re: [pim] AD Review of draft-ietf-pim-explicit-rpf-vector-06
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2015 19:20:56 -0000

Sowmya:


Hi!

Sorry for being so picky, but the Security section is not there yet.

The new text you added is this:

   ...There is the risk of a malicious node injecting an
   incorrect Explicit RPF vector stack.  Since the draft does not have a
   feedback mechanism to the end nodes that are injecting the Explicit
   RPF vector as to whether the injected path was used or an alternate
   path was used due to conflict resolution on an upstream node, it is
   upto the mechanisms that produced the Explicit RPF vector to ensure
   that the the PIM tree is built correctly.


If I was the security AD, I would then ask you to build in that feedback
mechanism. :-(

The risks that I see are:
- injecting a incorrect stack (as you mentioned above),
- topology changes resulting in nodes that don't support this in the path
- changes in features/support at the nodes (maybe as a result of a crash..)

...there might be others.  Note that 2 of those risks may still occur even
if the stack was correct -- but not having that feedback mechanism may
results in issues (lost traffic, loops, etc.) a long time after the stacks
were first injected.

Because the programming of the network is external, what about
authentication and authorization?

Maybe I'm becoming too paranoid, but those are the types of things I'm
expecting in the Security considerations.  Maybe some text like this:

"The creation of the Explicit RPF Vector list is outside the scope of this
document.  It is then expected that the mechanisms used create a correct
list: one that describes a path for the Join message to be propagated
without looping, that considers only nodes that support the mechanism
defined in this document, etc..  [IOW, define what "correct" is.]  The
network administrator should take special care in strictly verifying the
authentication and authorization of and potential protocol/mechanism used
to program the network.  Given that even if the path is correct, the
network topology (for example) can change over time, it is recommended
that the administrator strictly monitor the network in order to react to
any events that may require the instantiation of a new list.."


Please include something like that and upload the new version (after
Sunday) and then I'll start the IETF Last Call.

Thanks!

Alvaro.


On 10/28/15, 2:17 PM, "Sowmya Krishnaswamy (sowkrish)"
<sowkrish@cisco.com> wrote:

>Attaching the latest XML.
>________________________________________
>From: Alvaro Retana (aretana)
>Sent: Tuesday, October 27, 2015 3:18 PM
>To: Sowmya Krishnaswamy (sowkrish)
>Cc: draft-ietf-pim-explicit-rpf-vector@ietf.org; mmcbride7@gmail.com;
>pim-chairs@ietf.org; pim@ietf.org
>Subject: Re: AD Review of draft-ietf-pim-explicit-rpf-vector-06
>
>Hi!
>
>You attached the old version.
>
>Alvaro.
>
>Thumb-typed and autocorrected..
>
>> On Oct 27, 2015, at 3:17 PM, Sowmya Krishnaswamy (sowkrish)
>><sowkrish@cisco.com> wrote:
>>
>> Please review the Security section and let us know if it's ok.

v2.23.0 | Report a Bug | By Email