IETF Logo Mail Archive

Re: Stephen Farrell's No Objection on draft-ietf-bfd-seamless-base-09: (with COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 03 May 2016 11:56 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A85AE12D76E; Tue, 3 May 2016 04:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Level:
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XxPagM-5Qtvd; Tue, 3 May 2016 04:56:53 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B18912D76A; Tue, 3 May 2016 04:56:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 274CFBE5B; Tue, 3 May 2016 12:56:52 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SoVAjGK5p0v; Tue, 3 May 2016 12:56:50 +0100 (IST)
Received: from [10.87.49.100] (unknown [86.46.26.141]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D7951BE47; Tue, 3 May 2016 12:56:49 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1462276610; bh=pCOFM+uNM0uXPNlUVo7CwL6aeliFipmss4OeNUe9W6Q=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=ZO6DcRg54GzHF8f931eVcLzyvIDmk5EAhR3Sj1Yo/09fga3rpd8JNfjcSwpTh9vvS IEnwApl1/7wjQl/NzBDTSwJKIsTwMgRjUJWnKKGAdKUMd2lgjew/69R+4/kCVBuJ9u c8zT8a8c239HaJG++qNLgJis0iyXVoLzwBuBrmxU=
Subject: Re: Stephen Farrell's No Objection on draft-ietf-bfd-seamless-base-09: (with COMMENT)
To: Manav Bhatia <manav@ionosnetworks.com>
References: <20160503111437.7481.82666.idtracker@ietfa.amsl.com> <CAGS6MpAnFTYKh9cj6LV7V48sYTv5yVtBc3G=SCOorHP421pccg@mail.gmail.com> <57288CB6.9030202@cs.tcd.ie> <CAGS6MpCu6LQKpSdUuLQMR8iMbZgNUutxZ_g0DesXhJhkcjh=DA@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <57289201.600@cs.tcd.ie>
Date: Tue, 03 May 2016 12:56:49 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <CAGS6MpCu6LQKpSdUuLQMR8iMbZgNUutxZ_g0DesXhJhkcjh=DA@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms000001090805070706020801"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-bfd/QO80Dd2iAVuHiGRGNWJI6a-GZiM>
Cc: The IESG <iesg@ietf.org>, rtg-bfd@ietf.org, draft-ietf-bfd-seamless-base@ietf.org, bfd-chairs@ietf.org
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2016 11:56:56 -0000


On 03/05/16 12:52, Manav Bhatia wrote:
> Hi Stephen,
> 
> On 03/05/16 12:25, Manav Bhatia wrote:
>>>  There
>>> is thus a value in retaining clear text passwords.
>>
>> I don't buy that tbh. There is a significant cost and risk
>> too - passwords are re-used all over the place. Sending
>> any password in clear anytime puts at risk whatever else
>> that password is re-used for. And we know that does
>> happen. (On average passwords used in the web are used in
>> about 8 different places is the last study result that I
>> recall.)
>>
> 
> I am sure you know that the way passwords are used in the web is different
> from how they are employed in securing the routing protocols ! :-)

People being people everywhere, I'm sure the differences aren't
that great;-(

> 
> I know several deployments where clear-text passwords are used to avoid
> routing sessions from randomly coming up. So i dont see how we can remove
> that option.
> 
> 
>> I think this spec would be far better off advising to
>> not continue that bad practice.
>>
> 
> I would instead suggest a one page BCP that discourages people from using
> clear-text password or an April 1 RFC that claims that clear-text passwords
> are most secure since no hacker would ever think that the network could be
> using a simple password !
> 
> I dont think that SBFD spec is the right place to knock sense into people
> who think that using clear text passwords for securing their networks is
> the smartest and the safest thing to do. That imo warrants a new draft.
> Dont you agree?

I'd love to see someone write a draft about sensible things to do
and silly things to do with all of the pre-shared keys used in routing
protocols. If that exists, great! (And can you send a pointer? And
then maybe refer to it from here.)

If that doesn't exist, then adding relevant bits of it as appropriate
seems to me like the best we might get. Or are you planning to write
that?

S.

> 
> Cheers, Manav
> 
> 
> 
>>
>> S.
>>
>>
>

v2.23.0 | Report a Bug | By Email