IETF Logo Mail Archive

Re: [pim] AD Review of draft-ietf-pim-explicit-rpf-vector-06

Stig Venaas <stig@venaas.com> Fri, 06 November 2015 00:53 UTC

Return-Path: <stig@venaas.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FF391A88A9 for <pim@ietfa.amsl.com>; Thu, 5 Nov 2015 16:53:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LiYl6Ri8qV6f for <pim@ietfa.amsl.com>; Thu, 5 Nov 2015 16:53:48 -0800 (PST)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 029741A8787 for <pim@ietf.org>; Thu, 5 Nov 2015 16:53:48 -0800 (PST)
Received: by lbbwb3 with SMTP id wb3so47497300lbb.1 for <pim@ietf.org>; Thu, 05 Nov 2015 16:53:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venaas_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tYzhkHg+nzZ1k6hZz0OvbW89F4JguL6yH0lfktXjT80=; b=lugmK0WQMmj/2VshTWQXJ0NUHeTuJxDq7+KOewLK6THApdPIo+C2u6cTHAEhw/qF3c cVTqTN213X5Nb1bM7uTjj10tTczxdp8ExcV0TkPhSyMkVPR8ZJWP0E3Y5wWWrOCz7LzZ xrQKhkIdDiUuxU/FuELBZTsZ31BJr1E2n0Cir3lqUsFytEUdNLA05h31Z5CLrrKiea10 1xehkuByhc8pntC3CiD998yjhb7KbDhLY91za5V8twpwyt0HWLj59APHvXFKFskP2Xx2 jOmH1rhH46ttC5vyxRwhjxhT6w549gNxb048YCuJxCBio/yuQ7FdvQ0q16mjGXa/z3i3 gGqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=tYzhkHg+nzZ1k6hZz0OvbW89F4JguL6yH0lfktXjT80=; b=H6IUR4FTAAoVFqnACVF7yGbD3oAZQap2niHlbpLvsubAvjpBEYn9t2U2GbSwlYdXPo z072PalGB3Py5I6CV9VhizB9elt2TdwUa50j8rnOCL0iPJkFChwIwet/pFc8qLg5HegG c00QOwHF+/dqfwHYXEf3q/kK9SdZlIn+jlZAaO1YN/aQReq2rFURYyUpkfIz7M74+4Ed scFgkJWo0WrPFCdWkgNVBKmjJ9ig7c3xp99bPqZbftM4tTXQa6EU7QpkcJVhnnrroxtR sLq6LFjczIBVlsKHxyT+QLZJAMjztkWNZJ729kG4b5k0jjuaL104ErTnitOJuFzV36mI HreQ==
X-Gm-Message-State: ALoCoQkm2Q0LaGTy2PAI3otr/QxM9mVqTQQaYfwKNNm98CA8LU6WEb3GL7gZOLHqfW1noEyMygRK
MIME-Version: 1.0
X-Received: by 10.112.72.67 with SMTP id b3mr5506914lbv.34.1446771226101; Thu, 05 Nov 2015 16:53:46 -0800 (PST)
Received: by 10.25.42.19 with HTTP; Thu, 5 Nov 2015 16:53:45 -0800 (PST)
In-Reply-To: <D2569315.E69D5%aretana@cisco.com>
References: <D239907B.D7D75%aretana@cisco.com> <1445897287704.60786@cisco.com> <D255048B.E6306%aretana@cisco.com> <1448310480492.34744@cisco.com> <FE62691C-EA0B-449B-A348-65679A9C06F9@cisco.com> <1446056897910.60352@cisco.com> <D2569315.E69D5%aretana@cisco.com>
Date: Thu, 05 Nov 2015 16:53:45 -0800
Message-ID: <CAHANBtK9e-aASfJz=ZjX6oy+RDjU+D4bExWFb3T3gNwb=Gw6cQ@mail.gmail.com>
From: Stig Venaas <stig@venaas.com>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pim/x4IHXCAynfosd3t-Pob5YaXw1EY>
Cc: "draft-ietf-pim-explicit-rpf-vector@ietf.org" <draft-ietf-pim-explicit-rpf-vector@ietf.org>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>, "mmcbride7@gmail.com" <mmcbride7@gmail.com>, "pim@ietf.org" <pim@ietf.org>
Subject: Re: [pim] AD Review of draft-ietf-pim-explicit-rpf-vector-06
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 00:53:49 -0000

Hi

I suggest adding text saying that this should be used within a single
management domain so that one cannot inject explicit RPF attributes
from the outside. Also suggest that if a router finds that it cannot
use the vector list due to the next hop not being a PIM neighbor, it
may log an error. Also maybe log if it is overridden due to downstream
routers specifying different lists.

Would this address the security and operational concerns?

Stig


On Wed, Oct 28, 2015 at 12:20 PM, Alvaro Retana (aretana)
<aretana@cisco.com> wrote:
> Sowmya:
>
>
> Hi!
>
> Sorry for being so picky, but the Security section is not there yet.
>
> The new text you added is this:
>
>    ...There is the risk of a malicious node injecting an
>    incorrect Explicit RPF vector stack.  Since the draft does not have a
>    feedback mechanism to the end nodes that are injecting the Explicit
>    RPF vector as to whether the injected path was used or an alternate
>    path was used due to conflict resolution on an upstream node, it is
>    upto the mechanisms that produced the Explicit RPF vector to ensure
>    that the the PIM tree is built correctly.
>
>
> If I was the security AD, I would then ask you to build in that feedback
> mechanism. :-(
>
> The risks that I see are:
> - injecting a incorrect stack (as you mentioned above),
> - topology changes resulting in nodes that don't support this in the path
> - changes in features/support at the nodes (maybe as a result of a crash..)
>
> ...there might be others.  Note that 2 of those risks may still occur even
> if the stack was correct -- but not having that feedback mechanism may
> results in issues (lost traffic, loops, etc.) a long time after the stacks
> were first injected.
>
> Because the programming of the network is external, what about
> authentication and authorization?
>
> Maybe I'm becoming too paranoid, but those are the types of things I'm
> expecting in the Security considerations.  Maybe some text like this:
>
> "The creation of the Explicit RPF Vector list is outside the scope of this
> document.  It is then expected that the mechanisms used create a correct
> list: one that describes a path for the Join message to be propagated
> without looping, that considers only nodes that support the mechanism
> defined in this document, etc..  [IOW, define what "correct" is.]  The
> network administrator should take special care in strictly verifying the
> authentication and authorization of and potential protocol/mechanism used
> to program the network.  Given that even if the path is correct, the
> network topology (for example) can change over time, it is recommended
> that the administrator strictly monitor the network in order to react to
> any events that may require the instantiation of a new list.."
>
>
> Please include something like that and upload the new version (after
> Sunday) and then I'll start the IETF Last Call.
>
> Thanks!
>
> Alvaro.
>
>
> On 10/28/15, 2:17 PM, "Sowmya Krishnaswamy (sowkrish)"
> <sowkrish@cisco.com> wrote:
>
>>Attaching the latest XML.
>>________________________________________
>>From: Alvaro Retana (aretana)
>>Sent: Tuesday, October 27, 2015 3:18 PM
>>To: Sowmya Krishnaswamy (sowkrish)
>>Cc: draft-ietf-pim-explicit-rpf-vector@ietf.org; mmcbride7@gmail.com;
>>pim-chairs@ietf.org; pim@ietf.org
>>Subject: Re: AD Review of draft-ietf-pim-explicit-rpf-vector-06
>>
>>Hi!
>>
>>You attached the old version.
>>
>>Alvaro.
>>
>>Thumb-typed and autocorrected..
>>
>>> On Oct 27, 2015, at 3:17 PM, Sowmya Krishnaswamy (sowkrish)
>>><sowkrish@cisco.com> wrote:
>>>
>>> Please review the Security section and let us know if it's ok.
>

v2.23.0 | Report a Bug | By Email