IETF Logo Mail Archive

RE: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22

Linda Dunbar <linda.dunbar@futurewei.com> Mon, 19 February 2024 20:49 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 344D6C14F6F4; Mon, 19 Feb 2024 12:49:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CCxJuUbeNp8K; Mon, 19 Feb 2024 12:49:12 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2115.outbound.protection.outlook.com [40.107.244.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAC4BC14CEE4; Mon, 19 Feb 2024 12:49:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iJWPXNNUb5zERsCMEKCvH9FBohvWDWqL7+3GNA+42qMzN463LjeNROy8T9rYTIc5SrWuFO8/qEsEadt0wdbWyW3SKUV3GfNU2AzVN97OJDQm4I28pbt1xuoJgu2uaQEYRlJrGKrBUTuFMtjbUHIHiWYGHekTFyDBPI2zkuccc/fGtYEqr/ZELhRZHSbnfrhuBL+DSO9g8txXXKLjKQgYfT0+20JLGH+UdIn+OBXGtDIYRV3u/8kqGkKL8G2cYpGVdHR9O214uGoX2mMDZyBRWhV9f0YYagviNjXsYGrWlOqN0joDwSvFGM2GERJpSxhNXpG31wDCY0zJBAdmm2/3FA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QDhX1xbCR+pQrXoeoN6rWjT3kh/WlGtprAl5UKasUYA=; b=IMb5yggjkjXwdnNVxftVuzfsjpxqr4Y0e56IOqXtlyiMAZTGaXX5D/T+K1O9NnE+A2a3kZ098mjMQ6bH3goiFQbCAVwxr/xP+Grij3XAv7n8Wi/VZTSvHdszmYMTmipKFXquIv2OFCt9YeU6OgdRGPRC6anXt+nL4Iy1GhfAhT8f+X5mcq1fxDf24yzUpbefj/+Gw6RdxjWsd30Dqidt8wvs8i3hsLHIqSdiTxIWeB1D68trBBS4YGBB2tue4ixtxBrieSBjd4SrY1hRrO6VGoJ18t/wzAEfABOhhzkSp3NkEdNterBnrJrcY2pz9uc1O3BtRXTEqt27k7TNed4RiQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QDhX1xbCR+pQrXoeoN6rWjT3kh/WlGtprAl5UKasUYA=; b=qLKQD3030BNlZbg3puEY7oY1iY/pdxtkqTFlcKC6cPs48xj8ludk+XyromPsCUywB8CSFT6ahn7SrIVhyPt887ol4S+th5EhDHvcHhpGXEkCyGf6Asqidg0CZmOIcJBPVufodca20TgVUhVG2U/Dm3Ng37/DWn1HVTS9els4zFE=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by CH3PR13MB6654.namprd13.prod.outlook.com (2603:10b6:610:1dd::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.38; Mon, 19 Feb 2024 20:48:56 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::e6e5:1a02:6552:c0c1]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::e6e5:1a02:6552:c0c1%6]) with mapi id 15.20.7292.036; Mon, 19 Feb 2024 20:48:56 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Deb Cooley <debcooley1@gmail.com>
CC: "draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org" <draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Subject: RE: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22
Thread-Topic: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22
Thread-Index: AQHZatI/LmudXtzUUUmkNKnQn+39PK8i1vCAgAU4Q0CAAplBgIAJruSAgAath8CAASJaAIAAFhdQgZoHsgCACDqrcIABEmgAgAB0dRCACp0mAIAJvlCQgB+ut5A=
Date: Mon, 19 Feb 2024 20:48:56 +0000
Message-ID: <CO1PR13MB4920641CD1C3EDA8A96A527485512@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <168103791733.43307.11737105219506688508@ietfa.amsl.com> <643A15FC-6BFB-4723-93C4-6ECA22C128FE@gmail.com> <CO1PR13MB492092C6FEF537BB817A25F8859B9@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1OcSzYtfCFO5sVG_VhZuCwU0FWj-xyYRp=r7rJ41B+i5rg@mail.gmail.com> <CAGgd1Ofuau_y5x1TznUuOBrjM+BX4MrJ-iP8rTZnGc6VFOZ7+Q@mail.gmail.com> <CO1PR13MB4920D4AC874DE8A007E2FC2A85679@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1Oce5afvAZxom-abnAiPXD0zKgfkdaVSyKPfUPRxZDPT0g@mail.gmail.com> <CO1PR13MB4920436344845889D7DDF17185649@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1Ofteui3TYpxG7KaNkynSFGegCC2NYQSjBtHZVR7D_XVqA@mail.gmail.com> <CO1PR13MB49202E7D1EC36DBFA032CB6385732@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1OdnEJdhH+nLX=E-PadgGBjwV2T6MF7dmd4kNh1EbVPBLg@mail.gmail.com> <CO1PR13MB4920D66DBC362E0652C0E2F985722@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1Ofy=X2RT9ZmYsCH9NqEHJLTRyx_NpUrjJX=2oWUZZdr3A@mail.gmail.com> <CO1PR13MB492088D243124BC472D1AC03857D2@CO1PR13MB4920.namprd13.prod.outlook.com>
In-Reply-To: <CO1PR13MB492088D243124BC472D1AC03857D2@CO1PR13MB4920.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|CH3PR13MB6654:EE_
x-ms-office365-filtering-correlation-id: 8faf73e0-1117-4f2b-070a-08dc318c30d2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: GfOyinPFreGdQz2qmiGSI6MJS7N92DHE1DDaJ9r0ZXZFEjgJ1YhXXVv2Gxv9Ae/ftFken1S3qdJk5N+xrm04MZydyzoLIYDAfqYqTWLTnT5cIF8brwqz0+iz6K185B9DxUwQvUSxvQNFh2AyaLR+YMQK3BLmOlDf5wt9j12+3XOetyK0Ql2KtM9OEOz9XL6Z3UfRzYtjTbl7BwdFhJaOi8g5M09cSV+nphVYgab0bNVOtS+P1RFk0oHCm5Lb6dstrxqQwuYkI2BfYkE33tNQMZ48oEe/6O3bi+8XaC3DNEDrUIskwhYrNyZrTOKVJRixwJ6DciamU/q618b2Mw0e0mY3uWy3VqciYnRx4UO81OVP/7Oi5/iCo1DIZNO4S0Bi+1HDnC5FW0cH8Y7h2kdEzjRq68V5vzocOa2Dp6+ngLJDX47qD4nUu2BmPIUJkYd0FZRByslQT9MUpUCrA9WcnVhNwd9oRImEXgUJN1DSSe3hUf0SlXlYoJqmdsR5slry8kc4XGnjJRTxtD80dkERKjcenuaT967IOxeCBUurj8OrHUs6CA9WEakaz4OXyMPr8PfPimg6pUBR5tmkyC8VVOzwFh6oNQH6L6d6ln1aRoI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(230473577357003)(230273577357003)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 3aZ9csFpRDJY385eexJr+QTtip7hL1eRpvWj/ejAVeqHj+IHK5Tdog81tQjHk0GrkJY7ZLowkQnOrkKvBSAKzjpav86PvKr92xI9awcCguacvhRBkURd7+sdhkiriP9zGZcxbDBHueLpRZ43Wyf5dlFbYb60wOgwGMfpwT03bJazOuPxdZVPNWui+sfZKcNPv7YX3JBNOC0v2uDrTubGwVW0WAsfYnG3tfQdkUW0YBXUYIy0i6ED1mkVGWkKAQGxVc77ENu6if1xLiyj+4u+M8AwLo3CFxcKSDWXqRRcR2Myl11jMbFHJzX6x3PUhOFYKJdEuqKoE4t3IVXj5KjN6ozjNNcYKA6M7bLOkG5ijhp+D43YyEfKTLtz1VboTRZhgU0366ROBIVwG4hDEpmRFdqG68YLQ1fQ6Cz5oDpI1770xX5EkvKsTWiiEQ2hvkKNnqXvDwYi2ua2i/jGYcdv0gM7FfUq1jA6GW93QcbbVPNlMQyJIP6ia63Fn/3zpM1yhF3jKp2cDj+44BCAJnABAKqxhphOWj3mxgbMh8YIZZ3o15XQkrXGXZ/QOsxMHxHW52UdELcxiODotn+YHt4WMB5orGCx5fzBLXXT1BCmJ1g3Un5Ri8EZPW/2c47tj64Vy13uvsRRSaQcnBf8RfSQkm95HnFz/5H65PwgeiTyKMpJVM9uV766u7EV5et+87ongspSZ5yn+PgkykBZStvTrxT0rIWMoOpB8aJC4a3QIOUN/nN2zjeW5UAAJS8FjeamqozZanVopWmKmqxhB2BC+gORUCUCWc2EEWEUdq4TwjX/ZstE2xIFso+NXwzEhWMWm/L8NFjhhihqqyak/TPxMgJMgzA1TT72BrRC5BbISCrNfpJ3ZgsVbX7C5W5K1CYlYZ5s0qau82XjZqHD3XmtYJRrTYYBKHAt0E8XFBeh4iJnvlw93k1AkTxi36MRHTzi3ugwz+pGzIM6u8OB0wHN31oypJOhiUJ83Wgt5yt0eIVnOZRZ1Xq3EfVMdoG9kV2Fl7Lb+mDPBpq+g7EhintTSG5Aeeq2fv7AwetVGH197y7jmwf9oJZ78M+zh6NmbxFU/fS2HJ8J+ewz6Y9tRBuHDc1azbdOc4CUkUCFLQl4XWK8t8JtGhdwnh4SkDdZyVR3iBO6/OB3VnmqK3v3AnbHdFnP74IAC6vnTDNf4ecmjy12kPlu5AA0WL/2YrebpBh9IqK+9yujhN4eAKB8gJ9/HHu3xyCL07b26KmsD0W+C1rUGjdkaQWHfgfO4//iR7RBOAY+p6phViqRko1YYo8QJhH/EdKctp8Q1RkvoI5oT8rxzGRo+Xa1DKHZVQq3KqY1vv89COk9J4B8CXi6oNAkkrriYUd0lqZVdU+q9GCWmPyDgKE1KZ0Rj+zpCZTFgs9yKlilUStcD7yMshQal9EvioAQuNwHwXia14UOe4UWSagVBh3icIOaCCdzSRp7Cjw0SsQperGRkkn9m7lsBgUE5yJFL4t83CE4022vrn/k8mZJ8xOVE3s1YrsA6sFFwQD8paVvsjIw6fLhzMNPkE8Lsl88G5qK+nqpCtPASCnCaC56HdLIOYFRSn+4jd1DRh0N
Content-Type: multipart/alternative; boundary="_000_CO1PR13MB4920641CD1C3EDA8A96A527485512CO1PR13MB4920namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8faf73e0-1117-4f2b-070a-08dc318c30d2
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Feb 2024 20:48:56.3391 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fi7ANBNSxXS3wWAA8258oyP8dE/QvsXa2/CDNFGZjcjo1C40vRe8o0CTCPgwnsg2lqIupwvcgTh1z7TXW69iNg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR13MB6654
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/FvpWOWWiEbD1zsNNisFFZrDzTYo>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2024 20:49:17 -0000

Deb,

Is our proposed text okay with you?

Thank you,

Linda

From: Linda Dunbar
Sent: Tuesday, January 30, 2024 11:14 AM
To: Deb Cooley <debcooley1@gmail.com>
Cc: draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org; secdir@ietf.org; rtgwg@ietf.org
Subject: RE: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22

Deb,

The proposed scheme is for striking a balance between mitigating the complexity of managing many IPsec tunnels in a large-scale SD-WAN network and improving security. It is a compromise, specifically Section 5.1, for improving IPsec Tunnel Management.
How about we add the following paragraph to the Security consideration?

  *   Striking a balance between improved IPsec tunnel management outlined in this document and maintaining robust security is a delicate consideration. Simplifying the IPsec tunnel management to reduce management complexity for large SD-WAN networks might come with the inherent risk of decreased security. Careful consideration of the specific deployments, coupled with regular security assessments, is crucial to ensure the integrity and confidentiality of the transmitted data.

Please let us know if the change is acceptable.

Thank you,
Linda
From: Deb Cooley <debcooley1@gmail.com<mailto:debcooley1@gmail.com>>
Sent: Wednesday, January 24, 2024 5:59 AM
To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>
Cc: draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org<mailto:draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org>; secdir@ietf.org<mailto:secdir@ietf.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: Re: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22

I will change my 'early review' to 'has issues'.

With respect to mitigations, it is impossible to tell if the proposed mitigations improve security.  The mitigations are documented in either expired I-Ds or individual I-Ds which have not been reviewed.

There are other sections that claim to be improvements (Section 5.1) which are clearly not security improvements.

Deb

On Wed, Jan 17, 2024 at 1:16 PM Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:
Deb,

Thanks for the quick confirmations of the resolutions to your comments.
I removed the ones that you have agreed.
For the remaining suggestions, please see the resolutions below in Purple.  If they are acceptable, we will upload the revision.
Can you please change your review status from “Not Ready” to “Ready”?

Thank you very much.

Linda

From: Deb Cooley <debcooley1@gmail.com<mailto:debcooley1@gmail.com>>
Sent: Wednesday, January 17, 2024 4:57 AM
To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>
Cc: draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org<mailto:draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org>; secdir@ietf.org<mailto:secdir@ietf.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: Re: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22

Inline....

On Tue, Jan 16, 2024 at 3:53 PM Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:
Deb,

Thank you very much for the review comments.
Resolutions to your comments have been addressed in the following. Please let us know if you have more concerns.

Thank you,
Linda

From: Deb Cooley <debcooley1@gmail.com<mailto:debcooley1@gmail.com>>
Sent: Thursday, January 11, 2024 6:55 AM
To: draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org<mailto:draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org>
Cc: secdir@ietf.org<mailto:secdir@ietf.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: Re: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22


old, I've attempted to clarify:  Section 5.1 para 2:  The discussion about the security risk of IPSec group encryption should be added to section 7 and at least needs to be mentioned as a risk.  Group keys are hard to securely distribute, and they must be handled securely by every party that holds them.
[Linda]  do you mean repeat the risks in Section 7 which is already discussed by Section 5.1?  or add the following bullet to Section 7’s security risks?

•         Group encryption solutions, which aim to scale IPsec key management, come with some security risks, such as single point of compromise, key distribution vulnerabilities, and authentication weaknesses, to name a few. Out of the scope of this document, more in-depth security risk analysis is needed for using group encryption solutions.

[Deb] please add the statemet to Section 7. Any group encryption, re-use of old keys, or other techniques used to help scale IPsec key management comes with security risk.
[Linda] Thanks for the suggested wording. How about changing the above bullet to the following?

·        Any group encryption, re-use of old keys, or other techniques used to help scale IPsec key management comes with security risks, such as single point of compromise, key distribution vulnerabilities, and authentication weaknesses, to name a few. Out of the scope of this document, more in-depth security risk analysis is needed for those techniques.

Section 5.1, paragraph 3:  The draft referenced here is expired and the security of the methods would have to be reviewed.  (that is listed in Section 7)
[Linda] It is Okay to have an expired draft in the “Informative References”.  I’ve seen many RFCs having expired drafts in their “Information References”.

Section 7 says “A full security evaluation will be needed before [SECURE-EVPN] can be recommended as a solution to some problems described in this document.” Is it good enough?

[Deb}  I will leave this to the WG to decide.  I just looks a little weird to my eyes (I spend a fair bit of time convincing customers that they shouldn't implement (or count on) something specified in an expired draft).

Section 5.1:  There are no improvements listed that don't impact security.  The section should be renamed.  Originally, this was called 'Scaling issues' vs 'Improvements'.

[Linda] This title was suggested by one of the reviewers, mainly to focus on analyzing methods that aim to  “improvement of IPsec Tunnels Management”.  Is this a major issue?

[Deb]  not a big deal, just misleading for the reader.  Maybe quantify why type of improvements are being suggested?  They definitely are not security improvements.
[Linda] Agree that they are not security improvements. They are the improvement techniques aiming to scale large number of IPsec tunnels management. Mainly for some deployment environment that can tolerate those security risks.

Section 5.2:  The draft referenced in this section is an individual draft, and again the security of the methods would have to be reviewed.
[Linda] It is okay to reference “individual draft” in the “Informational References”. How about we add a statement:
“The security risks of the proposed method need to be reviewed.”

[Deb]  and please add that statement to Section 7 with the other draft.
[Linda] Added the following:
A full security evaluation will be needed before [SECURE-EVPN] and [MULTI-SEG-SDWAN] can be recommended as a solution to some problems described in this document.

Deb Cooley

On Tue, Apr 25, 2023 at 11:21 AM Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:
Deb,

Can you elaborate some Security Consideration for the “group key management” that can be included in the Section 7?

Greatly appreciated.

Linda

From: Deb Cooley <debcooley1@gmail.com<mailto:debcooley1@gmail.com>>
Sent: Tuesday, April 25, 2023 9:02 AM
To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>
Cc: secdir@ietf.org<mailto:secdir@ietf.org>; draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org<mailto:draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: Re: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22

I looked at version 26, and apologies for top posting.

Section 4, grammar:  done!

Section 4.3 para 3:  This seems to be better - no mention of MPLS, just private VPNs, which I think is suitably agnostic.

Section 5.1:   I certainly agree that N*N keys are unmanageable, but I do still think that group key management warrants a mention in Section 7.

Deb


On Mon, Apr 24, 2023 at 4:53 PM Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:
Deb,

Thank you for the additional comments.

Resolutions to your comments are inserted below:

Linda

From: Deb Cooley <debcooley1@gmail.com<mailto:debcooley1@gmail.com>>
Sent: Thursday, April 20, 2023 9:44 AM
To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>
Cc: secdir@ietf.org<mailto:secdir@ietf.org>; draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org<mailto:draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: Re: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22


Apologies, it has been a busy week...I recognize that writing a draft like this is difficult.

My remaining concerns are:

Section 4, sentence 1:  Grammar - 'will be mixed of different' should be 'will

be a mix of different'.

This now says 'a mixed of different'.  Most definitely the smallest of nits.

[Linda] thanks for catching it.

New:  Section 4.3, para 3:  I am unfamiliar with MPLS VPNs, are they really 'more secure' than IPSec?  I can easily believe that they have better quality services, and may perform better.

[Linda] Section 4.3 has now changed “Extending Private VPNs to Hybrid Cloud DCs.”. Private VPNs, including private circuits, MPLS based VPN, use network service provider’s physical links/wavelengths. Their traffic running over Private VPNs don’t mix with Internet traffic. Therefore, more secure.



New:  Section 5.1:  The discussion about the security risk of IPSec group encryption should be added to section 7.



[Linda] Section 5.1 is about Scaling IPsec, instead of Pairwise Tunnels which needs N square number of tunnels, the draft suggest improvement.





Deb Cooley

On Fri, Apr 14, 2023 at 6:51 AM Deb Cooley <debcooley1@gmail.com<mailto:debcooley1@gmail.com>> wrote:

I'm including my final set of comments.  I made the mistake of submitting the wrong version.  I've noted the ones you have addressed already in blue.  I apologize for the confusion.



I have reviewed this document as part of the security directorate's

ongoing effort to review all IETF documents being processed by the

IESG.  These comments were written primarily for the benefit of the

security area directors.  Document editors and WG chairs should treat

these comments just like any other last call comments.



Document: draft-ietf-rtgwg-net2cloud-problem-statement-22<https://datatracker.ietf.org/doc/draft-ietf-rtgwg-net2cloud-problem-statement/22/>

Reviewer: Deb Cooley

Review Date: 2023-04-06 (early review)



Please note that I know almost nothing about BGP, MPLS or routing.



The summary of the review is 'not ready'.



Section 3:  perhaps move this whole section to Section 7?  Sections 4, 5, and 6

seem like they should come before Section 3 anyway?



partially done (moved Section 3.5 to 7)



Section 3.1, para 1, sentence 2: Grammar: 'with more variety of parties' could

be 'with a larger variety of parties.'



Apologies, I meant this sentence:  'Cloud GWs need to peer with more variety of parties, via private circuits or IPsec over public internet.'





Section 3.1, para 2, sentence 2:  'IP tunnels', does this imply IPSec?  Or

something else?



done



Section 3.1, para 3:  By setting up default eBGP routes, these don't count as

routes from an external entity?  The rest of the paragraph addresses the

handling of exceeding the maximum route threshold?  But there appears to be an

option to keep the BGP session?  This paragraph is confusing.



done



Section 3.2, paragraph 2:  IGP?  AS?  I can't tell what this is trying to say.



done



Section 3.2, paragraph 3:  If there is a site failure, how is the Cloud GW

'running fine'?  Is this GW using a different site?  BFD expands to what?



done - I understand...



Section 3.2:  Para 1 states why a site might go down.  Para 2-6 outline the

routing (?) issues that occur when a site goes down. I think these could be

better organized.  Only the last para suggests mitigations.



I think most of this fits better into Section 7?



Section 3.3 I'm not an expert, but isn't this an issue to any routing scenario?

Can this be combined with Section 3.6?



ok



Section 3.4, para 3, item 1:  Is this a problem?  Or a feature?  If it is a

problem, can you say why?



done - this is better!



Section 3.6, last paragraph:  A globally unique name won't 'resolve the same

way from every perspective'?  Other than being restricted (previous paragraph),

what does this mean? If this is covered in the previous para, I would recommend

deleting the phrase.



fine



Section 4, sentence 1:  Grammar - 'will be mixed of different' should be 'will

be a mix of different'.



Section 4.2, para 2:  Use of a shared key in IPSec implies that IKE isn't used

(shared key was only possible with IKEv1 I believe, which is deprecated).  I

would remove the phrase 'using a shared key'.

On Wed, Apr 12, 2023 at 4:09 PM Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:
Deb,

We really appreciate your review and comments to the document. Please see below for the resolution to your comments.

Linda

-----Original Message-----
From: Deb Cooley <debcooley1@gmail.com<mailto:debcooley1@gmail.com>>
Sent: Sunday, April 9, 2023 6:28 AM
To: secdir@ietf.org<mailto:secdir@ietf.org>; draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org<mailto:draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: Re: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22

Note:  I hit ‘send’ too early, ugh.  Please see the comments on the datatracker for the correct version.

Deb Cooley

> On Apr 9, 2023, at 6:59 AM, Deb Cooley via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:
>
> Reviewer: Deb Cooley
> Review result: Not Ready
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> Document: draft-ietf-rtgwg-net2cloud-problem-statement-22
> Reviewer: Deb Cooley
> Review Date: 2023-04-06 (early review)
>
> Please note that I know almost nothing about BGP, MPLS or routing.
>
> The summary of the review is
>
> Section 3.1, para 1, sentence 2: Grammar: 'with more variety of
> parties' could be 'with a larger variety of parties.'
>
[Linda] Per RTGarea Director suggestion, the text has been changed to the following. Is it Okay with you?
Site failures include (but not limited to) a site capacity degradation or entire site going down. The reasons for these capacity degradations or failures can include: a) fiber cut for links connecting to the site or among pods within the site, b) cooling failures, c) insufficient backup power, d) cyber threat attacks, e) too many changes outside of the maintenance window, or other errors. Fiber-cut is not uncommon within a Cloud site or between sites.


> Section 3.1, para 2, sentence 2:  'IP tunnels', does this imply IPSec?
> Or something else?
>
[Linda] changed.

> Section 3.1, para 3:  By setting up default eBGP routes, these don't
> count as routes from an external entity?  The rest of the paragraph
> addresses the handling of exceeding the maximum route threshold?  But
> there appears to be an option to keep the BGP session?  This paragraph is confusing.
[Linda] The intent is to say:
When inbound routes exceed the maximum routes threshold for a peer, the current common practice is generating out of band alerts (e.g., Syslog) via management system to the peer, or terminating the BGP session (with cease notification messages [RFC 4486] being sent).  However, it would be useful if IETF can specify some in-band alert messages to indicate the inbound routes exceeding the threshold.
>
> Section 3.2, paragraph 2:  IGP?  AS?  I can't tell what this is trying to say.
>
[Linda] changed to domain.

> Section 3.2, paragraph 3:  If there is a site failure, how is the
> Cloud GW 'running fine'?  Is this GW using a different site?  BFD?
[Linda] Failures within a site like a fiber cut between two racks. So the GW is still running fine.

>
> Section 3.2:  Para 1 states why a site might go down.  Para 2-6
> outline the routing (?) issues that occur when a site goes down. I
> think these could be better organized.  Only the last para suggests mitigations.
[Linda] changed to the "Failures within a site".

>
> Section 3.3 I'm not an expert, but isn't this an issue to any routing scenario?
> Can this be combined with Section 3.6?
[Linda] Section 3.3 is to introduce the problem of multiple instances available at different sites for one service (such as using ANYCAST address). The site with the shortest distance might not be the optimal service instance as the site might be overloaded.
Section 3.6 is about DNS resolution at different sites.  .


>
> Section 3.4, para 3, item 1:  Is this a problem?  Or a feature?  If it
> is a problem, can you say why?
[Linda] Item 1 is meant to say:
The difference of routing distances to multiple server instances in different edge Cloud is relatively small. Therefore, the edge Cloud that is the closest doesn’t contribute much to the performance.

>
> Section 3.5:  I would suggest moving this to Section 7.  There are a
> couple of mitigations listed - anti-DDOS, DTLS, IPSec, monitoring.
>
[Linda] Good suggestion. Changed.

> Section 3.6, last paragraph:  A globally unique name won't 'resolve
> the same way from every perspective'?  Other than being restricted
> (previous paragraph), what does this mean? If this is covered in the
> previous para, I would recommend deleting the phrase.
>
[Linda] DNSOPS director insisted on adding this paragraph to empathize that not all globally unique names can be resolved.


> Stopped at Section 4.
>
>
>
> _______________________________________________
> secdir mailing list
> secdir@ietf.org<mailto:secdir@ietf.org>
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww<https://www/>.
> ietf.org<http://ietf.org/>%2Fmailman%2Flistinfo%2Fsecdir&data=05%7C01%7Clinda.dunbar%40f
> uturewei.com<http://uturewei.com/>%7C07fbc4f2cc284e39624f08db38ed774e%7C0fee8ff2a3b240189c75
> 3a1d5591fedc%7C1%7C0%7C638166364798968574%7CUnknown%7CTWFpbGZsb3d8eyJW
> IjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%
> 7C%7C%7C&sdata=2SVXI%2BaoyU%2Bc4Aa8RRvb6BEQUIMmwTz%2BsqF6Z5o%2FnuU%3D&
> reserved=0
> wiki:
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac<https://trac/>
> .ietf.org<http://ietf.org/>%2Ftrac%2Fsec%2Fwiki%2FSecDirReview&data=05%7C01%7Clinda.dunb
> ar%40futurewei.com<http://40futurewei.com/>%7C07fbc4f2cc284e39624f08db38ed774e%7C0fee8ff2a3b240
> 189c753a1d5591fedc%7C1%7C0%7C638166364798968574%7CUnknown%7CTWFpbGZsb3
> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
> C3000%7C%7C%7C&sdata=vbmjW7gi%2BOgn9xbql5S4grf6NZayrZ%2B%2BgFYC3%2B0yK
> cE%3D&reserved=0

v2.23.0 | Report a Bug | By Email