IETF Logo Mail Archive

Re: [PWE3] Comment on Re: Starting WG adoption call for draft-boutros-pwe3-mpls-tp-mac-wd-02

Neil McGill <nmcgill@cisco.com> Tue, 07 February 2012 20:02 UTC

Return-Path: <nmcgill@cisco.com>
X-Original-To: pwe3@ietfa.amsl.com
Delivered-To: pwe3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD9E21F8771 for <pwe3@ietfa.amsl.com>; Tue, 7 Feb 2012 12:02:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qXQUv66likUB for <pwe3@ietfa.amsl.com>; Tue, 7 Feb 2012 12:02:20 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id 2D03B21F86FE for <pwe3@ietf.org>; Tue, 7 Feb 2012 12:02:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2676; q=dns/txt; s=iport; t=1328644940; x=1329854540; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=0UQ9UJ9LK9DkoNGbNjqGrzwWUndJLNIroFI4kpkJEVI=; b=a/ZPi8NPiTEz9n+NXbyIF4UoSsKejH5thRH5U1D65xihKP0F8EmswYKO LWmSu9FxoA1bvmuZH1/AvW+VgFfpcG8CT5kvi7uHeTxDXzMl0NjFn+oJ4 WCqmCNQErWWPQNf/R0O3j0S3ffgxmMlBGhUQmTdXLkIHu4K4fhCg8H3GY 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EAFyCMU+tJV2Y/2dsb2JhbABDr1uBBoFyAQEBAwEBAQEPAQodLQcLEAsYLiEGMAYTIodaCZsDAZcIBIgagyQCCQIBFAQBDgEIBQMDCYRFg1kEiEaXcody
X-IronPort-AV: E=Sophos;i="4.73,378,1325462400"; d="scan'208";a="54459332"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-9.cisco.com with ESMTP; 07 Feb 2012 20:02:19 +0000
Received: from xbh-rcd-101.cisco.com (xbh-rcd-101.cisco.com [72.163.62.138]) by rcdn-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id q17K2Jlq015756; Tue, 7 Feb 2012 20:02:19 GMT
Received: from xmb-rcd-110.cisco.com ([72.163.62.152]) by xbh-rcd-101.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 7 Feb 2012 14:02:19 -0600
Received: from sjc-lds-319 ([171.70.173.95]) by xmb-rcd-110.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 7 Feb 2012 14:02:19 -0600
Date: Tue, 07 Feb 2012 12:02:18 -0800
From: Neil McGill <nmcgill@cisco.com>
X-X-Sender: nmcgill@sjc-lds-319
To: Sriganesh Kini <sriganesh.kini@ericsson.com>
In-Reply-To: <CAOndX-v=+NwQchWANk6tEJ6ue+Vyr27=7tcQzbqOspO0p43wnQ@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.1202071158000.25192@sjc-lds-319>
References: <CAOndX-sD8J8NhkD2vT44p29vwa8Q8M=Dujstq1vwutwcE4tmPQ@mail.gmail.com> <XFE-SJC-212SmLAztxc0000007e@xfe-sjc-212.amer.cisco.com> <CAOndX-v=+NwQchWANk6tEJ6ue+Vyr27=7tcQzbqOspO0p43wnQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-OriginalArrivalTime: 07 Feb 2012 20:02:19.0478 (UTC) FILETIME=[65BF0760:01CCE5D3]
Cc: pwe3@ietf.org
Subject: Re: [PWE3] Comment on Re: Starting WG adoption call for draft-boutros-pwe3-mpls-tp-mac-wd-02
X-BeenThere: pwe3@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Pseudo Wires Edge to Edge <pwe3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pwe3>, <mailto:pwe3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pwe3>
List-Post: <mailto:pwe3@ietf.org>
List-Help: <mailto:pwe3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pwe3>, <mailto:pwe3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2012 20:02:21 -0000

> > Sami: This is one of the comments that we need to address for sure as we
> > progress the draft..
> >
> 
> This is a basic issue and it needs to be addressed before considering this
> to be a WG draft.
> 
> 
> >
> >
> > 2. You mention that there are no security considerations. What if this
> > packet is spoofed by say a man-in-the-middle attack ?
> >
> >
> > Sami: The reason here is that we will be using static PW-OAM and our
> > security will be no better or no worse that what this mechanism provide.
> >
> 
> MAC flush can be forwarded beyond the receiving PE. So the problem gets
> progressively worse. IMO we need to add security to PW-OAM (the alternative
> being to use a mechanism other than PW-OAM).

There is no security for the PW status bits either that are carried in this 
message, so one could just as easily inject a fault that would also induce the
equivalent of a mac flush. Or send standby and force a redundant VPLS switchover 
to another instance. These problems already exist with PW OAM; adding MAC flush 
is not making matters any worse as you could probably emulate a brute force flush 
by sending ac rx/tx faults...

The original intent was to keep the protocol simple, but if security is
a concern then it is a base concern with the protocol and we have to
look into adding some kind of digest or some other protocol all
together.

Thanks,

Neil.


> 
> 
> >
> > Thanks,
> >
> > Sami
> >
> >
> > On Mon, Jan 23, 2012 at 12:19 PM, Andrew G. Malis <amalis@gmail.com>
> > wrote:
> >  This begins a two-week PWE3 WG adoption call for
> > https://tools.ietf.org/html/draft-boutros-pwe3-mpls-tp-mac-wd-02 , ending
> > February 6. Please respond with your approval, disapproval, and other
> > comments to the PWE3 list. If you don't support the adoption, providing a
> > reason would be useful to the authors and the working group, but is not
> > required. Of course, the reason why you support the draft is also welcome,
> > but also optional. This request will be a part of PWE3 WG adoption calls
> > going forward.
> >
> > Thanks,
> > Andy and Matthew
> >
> >
> > _______________________________________________
> > pwe3 mailing list
> > pwe3@ietf.org
> >  https://www.ietf.org/mailman/listinfo/pwe3
> >
> >
> >
> >
> > --
> > - Sri
> > _______________________________________________
> > pwe3 mailing list
> > pwe3@ietf.org
> >  https://www.ietf.org/mailman/listinfo/pwe3
> >
> >
> >
> > _______________________________________________
> > pwe3 mailing list
> > pwe3@ietf.org
> > https://www.ietf.org/mailman/listinfo/pwe3
> >
> >
> 
> 
> -- 
> - Sri
>

v2.23.0 | Report a Bug | By Email