RE: [EXTERNAL] Re: [secdir] Secdir early review of draft-ietf-rtgwg-atn-bgp-12
"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Mon, 24 January 2022 14:47 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F4683A0C46; Mon, 24 Jan 2022 06:47:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9lTvwObKWZiL; Mon, 24 Jan 2022 06:47:04 -0800 (PST)
Received: from clt-mbsout-02.mbs.boeing.net (clt-mbsout-02.mbs.boeing.net [130.76.144.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BFEA3A0C50; Mon, 24 Jan 2022 06:47:02 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 20OEl07e009870; Mon, 24 Jan 2022 09:47:00 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1643035621; bh=aq07PyQWDSlMVP2pEIB0qVpIGYLcD4lnPFIvZ9muAb4=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=IRqwML9Jbx0S/nMBeUJ0/3qQKUJ3t8q1xke5TyFV97tt9mFXIABNy+3WFsuL38Cp3 imFhvGFMvqtR3Ud+7YFUnTOgzRWm71GTBPXJyoOAux+rrb5H+BNYGsa2RfdO8K5c89 z/74E/NBmAYoxmQFS91N99tAKPLLnk4/5LLSFWtDS/vGwhQ79dNFLQdjnX5bVwAzj3 CB9u+ySaocU1HbQnvCn/EeETek7Tu6S8oyc1CU4MQcGvCOEN8fNp67kYfKP2vmgUQD XXeC831+JbjbkYGQRmhsVrRAnXse7dsi99Nd7tGWZiS2mVQ5xq1M9v+f4LzsNGadDx 3jKfRvNB/8RGQ==
Received: from XCH16-07-12.nos.boeing.com (xch16-07-12.nos.boeing.com [144.115.66.114]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 20OEkx6m009849 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 24 Jan 2022 09:46:59 -0500
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-12.nos.boeing.com (144.115.66.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.12; Mon, 24 Jan 2022 06:46:58 -0800
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.2375.012; Mon, 24 Jan 2022 06:46:58 -0800
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: Russ Housley <housley@vigilsec.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-rtgwg-atn-bgp.all@ietf.org" <draft-ietf-rtgwg-atn-bgp.all@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Subject: RE: [EXTERNAL] Re: [secdir] Secdir early review of draft-ietf-rtgwg-atn-bgp-12
Thread-Topic: [EXTERNAL] Re: [secdir] Secdir early review of draft-ietf-rtgwg-atn-bgp-12
Thread-Index: AdgNUUF0Fob7JpUjROSHMPSnLTWArAC/pfAAADghfeA=
Date: Mon, 24 Jan 2022 14:46:58 +0000
Message-ID: <6735491d155b4e319ab8f55e738b32ad@boeing.com>
References: <c10062dd0ac24e1f8a8e00175c54eee6@boeing.com> <20220123035334.GI11486@mit.edu>
In-Reply-To: <20220123035334.GI11486@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: ECD38418F0DDCA94A3380F31DF91D9CE7DC8345A18BAD64ADDE9DE8FD22761102000:8
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/K7FGxFzUk1di2SVq3SFHVnfLnKQ>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2022 14:47:10 -0000
Hi Ben, > -----Original Message----- > From: Benjamin Kaduk [mailto:kaduk@mit.edu] > Sent: Saturday, January 22, 2022 7:54 PM > To: Templin (US), Fred L <Fred.L.Templin@boeing.com> > Cc: Russ Housley <housley@vigilsec.com>; secdir@ietf.org; draft-ietf-rtgwg-atn-bgp.all@ietf.org; rtgwg@ietf.org > Subject: [EXTERNAL] Re: [secdir] Secdir early review of draft-ietf-rtgwg-atn-bgp-12 > > EXT email: be mindful of links/attachments. > > > > On Wed, Jan 19, 2022 at 04:53:20PM +0000, Templin (US), Fred L wrote: > > > > > -----Original Message----- > > > From: rtgwg [mailto:rtgwg-bounces@ietf.org] On Behalf Of Russ Housley via Datatracker > > > Sent: Tuesday, January 18, 2022 2:22 PM > > > To: secdir@ietf.org > > > Cc: draft-ietf-rtgwg-atn-bgp.all@ietf.org; rtgwg@ietf.org > > > Subject: Secdir early review of draft-ietf-rtgwg-atn-bgp-12 > > > > [...] > > > Section 5 says: "...tunnels packets directly between Proxys ...". > > > Are these IPsec tunnels? I am trying to fully understand when the > > > tunnels require IPsec (or some other security protocol) and when they > > > do not. > > > > This is a good point. We want to establish an environment where security > > tunneling is used to protect only control messages and BGP protocol > > messages while unsecured tunneling is used to convey data plane packets > > when higher-layer security is used end-to-end. Again, more words may > > help clarify. > > Without looking too hard at the specifics of this draft's situation, as a > general statement, knowing that higher-layer security is used end-to-end is > hard to 100% reliably determine, and the cost of getting it wrong can be > very high. As a general design pattern, having multiple layers of crypto > that aim to protect different aspects of the traffic is perfectly fine, and > in some cases actually required in order to get the needed properties. > If the only tunnel available is a secure tunnel, then you don't have to > worry about getting the decision wrong. > > Looking at the specific scenario in §5, it is not a direct analogue of the > scenario I describe, but I would caution against being too eager to discard > the certainty of always having a secure tunnel. The security goal for lower layers is to protect routing information and control plane messages that affect routing. For that, secured tunnels serve the purpose well. In the data plane, it is no different than the way the public Internet works. Secured transactions like online banking are conducted over the public Internet all the time without requiring a secured tunnel at the network layer, since the upper layers set up their own security associations. Requiring a secured tunnel at the network layer even for data plane transactions would interfere with route optimization and really defeat the purpose of what we are trying to accomplish here. Thanks - Fred > -Ben
- Secdir early review of draft-ietf-rtgwg-atn-bgp-12 Russ Housley via Datatracker
- RE: Secdir early review of draft-ietf-rtgwg-atn-b… Templin (US), Fred L
- Re: Secdir early review of draft-ietf-rtgwg-atn-b… Russ Housley
- Re: Secdir early review of draft-ietf-rtgwg-atn-b… Templin (US), Fred L
- Re: Secdir early review of draft-ietf-rtgwg-atn-b… Russ Housley
- Re: Secdir early review of draft-ietf-rtgwg-atn-b… Templin (US), Fred L
- Re: Secdir early review of draft-ietf-rtgwg-atn-b… Russ Housley
- Re: [secdir] Secdir early review of draft-ietf-rt… Benjamin Kaduk
- RE: [EXTERNAL] Re: [secdir] Secdir early review o… Templin (US), Fred L