Re: [secdir] Secdir review of draft-ietf-pals-p2mp-pw-03
Stewart Bryant <stewart.bryant@gmail.com> Thu, 31 August 2017 11:50 UTC
Return-Path: <stewart.bryant@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77221132D66; Thu, 31 Aug 2017 04:50:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IIy2UYfFb6er; Thu, 31 Aug 2017 04:50:57 -0700 (PDT)
Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com [IPv6:2a00:1450:400c:c0c::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F34F132D56; Thu, 31 Aug 2017 04:50:56 -0700 (PDT)
Received: by mail-wr0-x244.google.com with SMTP id z91so312527wrc.1; Thu, 31 Aug 2017 04:50:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=IojoS93a5TXRrky61mZENVkR/mQVSy/CNiuTPOKWrMA=; b=n99ItV50/nvLG9xNUQkfud/8Ti4dVN08EMfYFBXsf9DxrnTARoH1hq1wjt31hdy6S8 07xnOSA5SNXeRPnR+x3SH55wytOCMAVFsUThE7D9H4VPChbIR3OjixSXle8hEtSeCFRy eauSryf7MwslUf54XM9Q2Bl4wV8FN3gtzYT2nOPpSIA6ps21rIDvNvkz7a3vO5MAQGWz sd9OpW1Jwp5sZOdig4/BYa9vjFMyec5Dw7D4xlWVy0PpnQwVv0md9n+psoNyeXLFy4lY vvDP/zRNXn6Wq7YbVMCoJhfGgWetj1Gol4lCiua9HFbfveH292n3ACWrxui1D9LI9Ypt m5ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=IojoS93a5TXRrky61mZENVkR/mQVSy/CNiuTPOKWrMA=; b=pTraKf48EAAfXPKQVzoIN7H6hIuJajvvb3zYFCMrtAR2wChCTuIgPf4gCWfDbwrTSE RVOB6qomr6GjedkyRfblIypGZgVLrXiP2oCtYdUHTYK2xg5cq8bHlxzqm7H9u7ko6wv4 edyoCTBIv3MDKsJerFsKQ38IQplb/2Iyk2PTbjeuV0qOKIMrRim0Shst1fjOu7tHS9bU EUfNHriUS4sL9oKJgou+gWc7gMmeUZ8d0mj7U6hlaEgTEjEO6HNSSdpyznYilvXA4ek0 yvaUbkDE4z2etXR/ZHUIl9mxISFsJ1yr5j8PNpLuQN0hawulnwP/gP7yEMVVFwnG949u g5JA==
X-Gm-Message-State: AHYfb5gw/Ra0IRP8jayA4a5Lm6V7+6YxNEXw9IkofdK3KlamyHrbwNio wm3c5Kx/GUT/LQ==
X-Google-Smtp-Source: ADKCNb6zGDtVG7OHtwgYW4+zKqIb5+sFGtGIpyZPfL0m4hg31R7TZg3ArAffmZT7XPhdnkHepJTYKw==
X-Received: by 10.223.134.240 with SMTP id 45mr3529558wry.49.1504180254993; Thu, 31 Aug 2017 04:50:54 -0700 (PDT)
Received: from [192.168.2.126] (host213-123-124-182.in-addr.btopenworld.com. [213.123.124.182]) by smtp.gmail.com with ESMTPSA id 6sm6607234wre.0.2017.08.31.04.50.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Aug 2017 04:50:54 -0700 (PDT)
To: Tero Kivinen <kivinen@iki.fi>
Cc: iesg@ietf.org, secdir@ietf.org, draft-ietf-pals-p2mp-pw.all@tools.ietf.org, "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, "pals-chairs@tools.ietf.org" <pals-chairs@tools.ietf.org>
References: <201708270627.v7R6RLjk004141@fireball.acr.fi> <aed969e4-31be-cf77-8bbe-598f0407c4f3@gmail.com> <201708280757.v7S7vZxH028695@fireball.acr.fi>
From: Stewart Bryant <stewart.bryant@gmail.com>
Message-ID: <29b3a151-0a79-d2f0-c051-35396010e2c6@gmail.com>
Date: Thu, 31 Aug 2017 12:50:51 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <201708280757.v7S7vZxH028695@fireball.acr.fi>
Content-Type: multipart/alternative; boundary="------------6A6C156384623AEE55035A9D"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4-HzfS0hrWHeDqF8OvOPK8K_3X0>
Subject: Re: [secdir] Secdir review of draft-ietf-pals-p2mp-pw-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Aug 2017 11:50:59 -0000
How about if we changed the security text to something of the form: In general the security measures described in [RFC4447bis <https://tools.ietf.org/html/draft-ietf-pals-p2mp-pw-03#ref-RFC4447bis>] are adequate for this protocol. However the use of MD5 as the method of securing an LDP control plane is no longer considered adequately secure. Implementations should be written in such a way that they can migrate to a more secure cryptographic hash function when that function is agreed as the new default hash for LDP. - Stewart (speaking as Shepherd) On 28/08/2017 08:57, Tero Kivinen wrote: > Stewart Bryant writes: >> Tero >> >> Thank you for your comment. >> >> I believe that it if wrong to hold this document hostage to a security >> issue that applies to a major MPLS protocol widely used throughout the >> Internet. > I agree on that, but I think the text claiming "security is adequate" > in the security considerations section is also wrong, so it should be > fixed to include note explaining what you explained below: > >> The right way to address the problem is via an update to the security of >> LDP (in the MPLS WG) and have that specification update the RFCs that >> use LDP. >> >> If an attacker were able to use the vulnerability in MD5 as a vector to >> attack LDP, I doubt that this relatively low key aspect of pseudowires >> would be their first priority. > I.e., current security is using MD5, which is not considered safe, but > this document will be able to use the better security mechanisms when > they are defined, and there are better targets to attack if attacker > is able to break MD5 based security... > >> Regards >> >> - Stewart >> >> >> On 27/08/2017 07:27, Tero Kivinen wrote: >>> I have reviewed this document as part of the security directorate's >>> ongoing effort to review all IETF documents being processed by the >>> IESG. These comments were written primarily for the benefit of the >>> security area directors. Document editors and WG chairs should treat >>> these comments just like any other last call comments. >>> >>> This document describes the mechanims to signal point-to-multipoint >>> pseudowires using LDP. The security considerations section simply >>> points to the RFC4447bis (i.e., RFC8077) saying that security >>> mechanisms described there are adequate. >>> >>> On the other hand RFC8077, says that LDP MD5 authentication key option >>> as described in the section 2.9 of RFC5036 MUST be implemented. The >>> section 2.9 of RFC5036 describes TCP MD5 signature option for LDP. >>> This might have been adequate security for some protocol in 2007 (when >>> RFC5036 was published, altought MD5 was already then known to be >>> broken), but it IS NOT adequate security in 2017. >>> >>> I understand that this document is not really the one supposed to >>> update the security option for the LDP, but there is >>> draft-ijln-mpls-rfc5036bis which is moving LDP to internet standard >>> still trying to keep the same broken MD5 based security in it. I think >>> this document should include note saying, that security of the RFC5036 >>> is no longer adequate for any use because it uses broken security >>> protocol, but there is nothing better out there yet (or is there, I do >>> not know enough of the LDP to know that), and perhaps point to the >>> rfc5036bis also in hopes that it might some day fix the security of >>> the LDP. >>> >>> I think this document (or whole PW and LDP system) has issues that >>> needs to be fixed before it can be published.
- [secdir] Secdir review of draft-ietf-pals-p2mp-pw… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-pals-p2m… Stewart Bryant
- Re: [secdir] Secdir review of draft-ietf-pals-p2m… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-pals-p2m… Stewart Bryant
- Re: [secdir] Secdir review of draft-ietf-pals-p2m… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-pals-p2m… Sami Boutros