Re: [PWE3] PWE3 WG adoption of draft-zhang-mpls-tp-pw-oam-config-06

[David Allan I <david.i.allan@ericsson.com>]

Hi Yaakov:

No argument on management plane configuration.

I was thinking more of the LSP-PING bootstrapping to establish binding. I'd rather move that function to a more trusted adjacency and in the case of LDP signalling for PWs, a configuring east west exchange already exists.

My statement about trust was more along the lines that auto-discovery and trust are somewhat orthogonal concepts. A chain of trust needs to be introduced. A CP adjancency to me scales much better from the point of view of the number of security associations required, as it is one SA for the aggregate of the PWs served by the adjacency....

I'll be the first to admit I've not checked the security provisions in LSP-PING, but if if there is significant provisions, I have signalling and LSP-PING bootstrapping I now require a minimum of two SAs to establish the chain of trust to configure a PW, worse if it is an SA per ME, nightmare if it is an SA per MEP/MIP pair (not relevant to bootstrapping but mentioned the slippery slope we are discussing). We went into some of this in the security section of the TP OAM framework (now RFC 6371)

I hope that is clearer...

Dave



________________________________
From: Yaakov Stein [mailto:yaakov_s@rad.com]
Sent: Thursday, September 22, 2011 4:12 PM
To: David Allan I; Thomas Nadeau
Cc: pwe3@ietf.org
Subject: RE: [PWE3] PWE3 WG adoption of draft-zhang-mpls-tp-pw-oam-config-06

Dave

I actually am closer to Tom on this issue,
but didn't see any reason to fight windmills on this one.

But was surprised at both clauses of your statement.

First, from a pure security PoV, all the management systems I have seen are more trustworthy than most control planes.
And since this is for TP which doesn't even assume an IP forwarding plane let alone IPsec,
then I have to assume that someone is going to start configuring everything using GACh payloads,
which frankly scares me, unless you have armed guards physically viewing all of your network elements.
(You may recall my rants on the lack of any security in MPLS and my futile attempts at pwsec
a few years back.)

Second, "OAM is about trust". Well yes, it is about how much the client layer trusts the server layer
or the customer trusts the service provider, or the boxes trust the fibers.
Or in many cases how little trust there is and how to check up so that you can prove your case of SLA noncompliance.
In any case I don't see the connection between this kind of "trust"
and the kind I think you are talking about in comparing control and management planes.

I trust that you will explain.

Y(J)S

From: pwe3-bounces@ietf.org [mailto:pwe3-bounces@ietf.org] On Behalf Of David Allan I
Sent: Wednesday, September 21, 2011 03:08
To: John E Drake; Thomas Nadeau
Cc: pwe3@ietf.org
Subject: Re: [PWE3] PWE3 WG adoption of draft-zhang-mpls-tp-pw-oam-config-06

IMO I prefer the trust model of using the CP to set this up and coordinate the end points, and OAM is about trust.

so I support adoption of the draft, it is a move in the right direction

cheers
Dave