[secdir] Re: Secdir last call review of draft-ietf-pim-3810bis-10
Brian Haberman <brian@innovationslab.net> Mon, 03 June 2024 14:17 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89054C1840D4 for <secdir@ietfa.amsl.com>; Mon, 3 Jun 2024 07:17:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=innovationslab-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bObhwksu8DzE for <secdir@ietfa.amsl.com>; Mon, 3 Jun 2024 07:17:23 -0700 (PDT)
Received: from mail-yw1-x112e.google.com (mail-yw1-x112e.google.com [IPv6:2607:f8b0:4864:20::112e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A902C14F736 for <secdir@ietf.org>; Mon, 3 Jun 2024 07:17:23 -0700 (PDT)
Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-62a08b250a2so44010547b3.3 for <secdir@ietf.org>; Mon, 03 Jun 2024 07:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=innovationslab-net.20230601.gappssmtp.com; s=20230601; t=1717424242; x=1718029042; darn=ietf.org; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=C1HSN3jBYZHN+9mBU+21dUXW41MFJFXVv7Y7iRfsRag=; b=cjEGNyx9RQmijKJE137hLsxS4h4YcpwB+j5RRd6t9EfKKbf0+0cSiq3LjXq7JWkhac P3lxEM6PqQdxlualCBry9HIXgDRDBUXN3ZgEnRrv3RKCC18tNyXdEk6+45tf53EbX4EU RihUi168WqsrapzAI9bTdtQjDTnPZo9vyuRsxbo5O0mCzVEN2hPFtEAuHLqZb3Z05tqY CF3m/SqjqafoC6TL5l7RNJ0l70S9MM5Vrige2zmnDiPzH3ZGS8I96eqszxTW6Z12HsYu oUpMtdSwYRDXt6LVLTc0cBRKq6uydBwg4hdnqjvjdGokUIt+ESvE2402cIOMocUa/mCL XtvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717424242; x=1718029042; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=C1HSN3jBYZHN+9mBU+21dUXW41MFJFXVv7Y7iRfsRag=; b=QCwIIh04Goxxk4bnZ0dFU97ZBG/GHmYawkLTEs7AD7hyqP2AMt5H43CWiy9ukaJo9f 0hhGzTZTff8524gXQpEJn5RmquSuoUWPXs3C/zaWiDuX7q9tSUURAHS6rFwMfrZjMBEE m3chci74UtO/x7aeD0ET4tXa0LgLFY0emIbfZtxGMPJCugx/tkUG7d9wG7UfRdjRxjQw AU1RbpL4ETdrBh0Nt/yIGYJEjPLRxKhErk4RW0rttwh0bWr123X68Tn+z3J4yRLlCt8h Xnqxf/1yT5k3mfLhVh9dUnBTtIg57khbMgEGwiTzYkuMlFF3IHsnBKa+WVvxWjFd7XNm vS4w==
X-Forwarded-Encrypted: i=1; AJvYcCW5RgnJN+ZaB9wKhMPCZBUnnSVYDYVigcXY6BVWhPpUtqCaY446mr5sIglJVmIB8EAdW3kCn0vreFFXrF1n5Uc=
X-Gm-Message-State: AOJu0YxVB3rkvrkqD5zZWYcc785EUdGhXSo5wbQP970I30ISLyWq1zzz EnQYOiFW9k/lq3fYRUh9nsWJqnUGh57ZBRMwuhpfo4hgoWULCUzyuuqYF0DumeFkptFOYznSxMH vvIg=
X-Google-Smtp-Source: AGHT+IGe+yun0rmiszeTvZO4U26zHrWQCKxsOC71ZkEELUD4ACjLoRdykyNVFGdR0KLzWGmVezc7ag==
X-Received: by 2002:a0d:eb41:0:b0:627:e1ce:6549 with SMTP id 00721157ae682-62c79626c9bmr87331727b3.11.1717424242031; Mon, 03 Jun 2024 07:17:22 -0700 (PDT)
Received: from [192.168.1.4] ([172.59.113.226]) by smtp.gmail.com with ESMTPSA id 00721157ae682-62c766b3259sm13291897b3.109.2024.06.03.07.17.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 03 Jun 2024 07:17:21 -0700 (PDT)
Message-ID: <9908c5c0-a6dd-465c-9b64-54a5465fa547@innovationslab.net>
Date: Mon, 03 Jun 2024 10:17:19 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Valery Smyslov <valery@smyslov.net>, secdir@ietf.org
References: <171697222753.27354.8958461284461061682@ietfa.amsl.com>
Content-Language: en-US
From: Brian Haberman <brian@innovationslab.net>
Autocrypt: addr=brian@innovationslab.net; keydata= xsFNBGFCWtIBEAC2FIgMIrH27l4L1Uu+vxCBakOv0Y1nxsu61+aulA78two2kCl7OCF+myP8 KQHEFMoZSn+ZvR+QDFyhsHe7qDK0CVf1K3n97PptXG5kvbnDJdwVJV0w9zYC17/VDgGAKLqj 0iNDVc9mYg/zCYdPn616UAj7hNpFgc9f982gLokyR/xbMNvtOwOpToysK+7Oc25oOam0xuUx CHcE4BfzJHO2VmUgWHeTvxervtIeMcn5PUlQ4XhzYH88mLlI1Uno7W5Dfx8FjXLNNAq4aNBM 6QND2LRekYi75pSTFXNpYIZvmgVT/VB6SHpsyJ3Hkio4YqGkPiqCEcB6U1lArT2FmXnzsTOt 6ydx6ONClxtcOmoEWrES+8tU+knaCEo1/XOrWtivTFMzn3Mahf726XxQBG55FkhqQ/Mir70e mTtpm8MDf+Qj4o5OsSF01l0MMxwOPiB57pz+XuUoWvLEjLgnb83eY0/YpBJdYESL3zZ3zMBo zA65cUozqSGHwQnlE1ACRDKhsReSYmiPJR5o3pWvNf5z+1M3tyn4qpuPxFFA1X8tEstpoC9t QoX8oextRj9BXlJCcCOwSVbCN8buO7aJMN3PIwSewjYvNLMxLrMph/8jNAHIaZnIt3CRHAq6 RsEAv8VQBWruIyNyyX0N8upnOpvriqx1eI2yS/B/Z2D8fQoFewARAQABzSlCcmlhbiBIYWJl cm1hbiA8YnJpYW5AaW5ub3ZhdGlvbnNsYWIubmV0PsLBlAQTAQgAPhYhBKm74/fFK6tXux1c k5E020tPLWqqBQJhQlrSAhsDBQkHhh8tBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJE0 20tPLWqq9fAP/1BO1H3SxphcXPbIsuJ+LoBCoKhrIftwGrLZzyiHYyLSFJ/HWLH2Kv79XJP4 6GkpTCk3VfJp6LEjw9FItwXUn0BEf0LyEy1L7w81YXPq+e4kwTPaQI8CgnbpSS9HBkcUj2r9 bwCjf+QZMqfgbz4d2MkVdVrIM2XPLYQND+Xtu1tyTTnrvFndLQFkDdqHAM9HqoikoNqWqz5j JPaxpJfxqmWr86vNThI7sD0rgMX5TWj7Flngzv2G9/uGEz4rHOIwK6KKiXNKk79kTqjUCQ9j tXl8BC2LQj8xsnWeGISTMR3xbiBPeTX94686O6KcLl7QIVKVS+nqs2l2j2gaXo1AjhBXO7gP GFN+rZzPOUZnPQUek3FeQoZCkfC/ljWBPooCpBe2euv5uZ4NbfKHAr9nmmhg4Uh1IceMxMQ/ /kB2wXTbuoprWLkK02r/y9LyGI5zLqLNl0NG17erJ0NCke76xYJkKBYezgBj1pZmYQDC1Sox fKlsaFCWkBrcKuGWc49qbEtWVM8h/mw+0w5pFyKX733xa6A+S8TOPYng/qFYgauotV9unjjt b7Npn7XyYzypk7QqKo4zipBqpHKeQ96Y/FKXSHPuTVj7dGK3Dn4b0q9Dgti7ogCc8F3tJcZI E0R8Q+4TRcQ192dLvyyTrv4h9BY6q5aB56Z6dsn11TAx7YCAzsFNBGFCWtIBEACqN6OFHSNq jiPy8s05QTC2fCqi0G5CcbRFXcqmHDEKdwqHk5VuOEL8CcWKNzOEMCt6EJvNL4ivfeHs1e7f rfm08+0Da0xAFiab92B9lOTLfv/NkKZ3jakQs06rtSzX7tYDbnmDeX206Uqff1mDjsiXHoAJ fdW7CjNLdWp42B3fkSjUR8mUgeNPqO4Jhgd7d3tTN2ov7M0rS7kUoE6Gd01LmNoPUQ024g8G ecMXVBldgg78aKmehs5pSWLmoBfczymGmNT/++9B6btmy7ruU+febVXRaQJY7aqpkTL7oy4H 3LMRSy/0BXHm1WgO7201Aj7PuaXM424hAhzmAJhO5AvlT9PuS9eSaIP0sqgP7ZTX7UezVj1H Tv5VJtgHI1fiNfhd/KFqDQDGaKdlM0iysyPanSCscjsWqAG0Od2TPdSuURqvgt8suBZrAAfK d55Ovguy+8uCi047sQxShUonw7TxGl3FMAe04PBIOgMCB/uys4yDUjYrawrlNigvx60Nec+T ExE+qszoO57If3/rG78J2ntGjog+yTDNffkbzljcy3YDe3k/r+T2FKOcWxJTlwSWAs1aVLZ7 DWx73lpYrSNJxiU7PrPihfS/Doy3VfmfF/RbH/xmkuPvsyrVfd16pEEtHGi5hBk2KQyjVqi1 IWwXV9ZVOQFBE9nJ7i6A7Aw3EwARAQABwsF8BBgBCAAmFiEEqbvj98Urq1e7HVyTkTTbS08t aqoFAmFCWtICGwwFCQeGHy0ACgkQkTTbS08taqrpIBAAjc6GdUjCyVsZLYwV8bMM4loltFrx z/mroCIFW4PZ0u4zENaloQbHuhDx7Ii6mR9jRiVNbXP4XvuyhjlUO+pt6hGrPbzsmV9vGvN0 2nkGYmSpxQNEzHQf/CJyLhPWY5qTJlDEr4zHbloG2KRPQ6dv9mdRIyAwDxNDSq2tVlrJC+b4 hG9vYp9msCZspqVDRTzvRTZQoWAvGJUaUgZd/FLPTfFePAmX+enXkUKl332i82xNU/nTix73 WajK7WhWC2GugrEbi42fJgUKRtYWhY36QyxucB1VWUacn7iKt/eLfPrCVVsHP2j4vqjlL/HJ 38TvbqfI4WbXyXF630U7IOlMT8//vpo3Y8hjWw0p5dm22fyPcjfnqxDdDefKCJpN215JgvDi Ww42J+VDTsd+5FJYCSUqg3jXmJl1z6FewF5hjuUGf/VdKCrhFocfh1b8VFgne2M1vyNcPoS8 23lJOMpcVAmzFhmVl5y/az/kgPJzbQggSByv3pZZUlJttLKf9BSGwmKcoGEgNo8p/DUyMkQV kVCJdmnamJzYEa/s3XRasTZhoWzNSjIEfeJaLd8dVXTzByMzgYuj/raFP1UF33GQ8W+zr23b VLVc8pEjMQlWeRGfJRyvG4ZOYpFk0c7jw8LpERCd/1SGHL3RQ3CwOqouQgKV+0BjMbY6A6Vj CuWio7k=
In-Reply-To: <171697222753.27354.8958461284461061682@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------xIsOxEuJhPOrQ8101DCdRLKu"
Message-ID-Hash: 4KYRLY4ELXYTIEYON3N3IEFPPEISLCQ7
X-Message-ID-Hash: 4KYRLY4ELXYTIEYON3N3IEFPPEISLCQ7
X-MailFrom: brian@innovationslab.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-pim-3810bis.all@ietf.org, last-call@ietf.org, pim@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: Secdir last call review of draft-ietf-pim-3810bis-10
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/1dcwqHIvC8npJpddDAKTMAeb2IY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Hi Valery, Thanks for the comments. I think we need to have a discussion as to how much of the below details to include given the history of multicast traffic. For example: - The multi-destination model of multicast makes it very difficult to provide any kind of confidentiality for multicast control traffic flowing from routers to hosts, - The use of link-local multicast destination addresses (from link-local unicast addresses or even no source address) for signaling from host to routers precludes the use of crypto to prevent message forgery. Looking for guidance from the SEC ADs on how to proceed with the below suggestions. Regards, Brian On 5/29/24 4:43 AM, Valery Smyslov via Datatracker wrote: > Reviewer: Valery Smyslov > Review result: Has Issues > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area directors. > Document editors and WG chairs should treat these comments just like any other > last call comments. > > THe document describes the Multicast Listener Discovery protocol version 2 > (MLDv2) for IPv6. This protocol allows IPv6 routers to discover the presence of > multicast listeners on directly attached links, and to discover which multicast > addresses are of interest to these listeners. The draft is well written and > easy to understand. There are few issues though, that relate to security of the > protocol. > > I think that the Security Consideration section should be expanded and be > rewritten in a more structural way. In particular, it should be mentioned that > the protocol lacks any cryptographic protection, thus its messages are not > authenticated, provide no confidentiality and can be replayed. Then I would > discuss the consequences of each of these deficiencies. > > The lack of replay protection seems to have no effect on the protocol security, > because it is (at least it should be) designed so that it tolerates IP packets > duplication (correct me if I'm wrong, I read the protocol itself briefly, but > this was my impression). > > The lack of authentication leads to possible message forgery. The corresponding > attacks are described in the draft, however, I'm not sure taht the list is > complete. For example, it seems to me that forged Current State Report message > from a malicious node may report a lot number of faked listening multicast > addresses, aiming to consume router's resources (a kind of DoS attack). > > The lack of confidentiality is not discussed in the draft. In fact, it leads to > privacy issues - any passive attacker on the local link can learn what > multicast addresses other nodes are listen to, which may be quite sensitive > information. > >
- [secdir] Secdir last call review of draft-ietf-pi… Valery Smyslov via Datatracker
- [secdir] Re: Secdir last call review of draft-iet… Brian Haberman