Re: [secdir] Secdir review of draft-ietf-ccamp-gmpls-ether-svcs
Paul Hoffman <phoffman@imc.org> Wed, 17 February 2010 16:49 UTC
Return-Path: <phoffman@imc.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 304AC3A7D2E for <secdir@core3.amsl.com>; Wed, 17 Feb 2010 08:49:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.746
X-Spam-Level:
X-Spam-Status: No, score=-4.746 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uwr88cQOYd3h for <secdir@core3.amsl.com>; Wed, 17 Feb 2010 08:49:56 -0800 (PST)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 377B23A7B89 for <secdir@ietf.org>; Wed, 17 Feb 2010 08:49:56 -0800 (PST)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o1HGcSPj088804 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 17 Feb 2010 09:38:29 -0700 (MST) (envelope-from phoffman@imc.org)
Mime-Version: 1.0
Message-Id: <p06240857c7a1caf6d177@[10.20.30.158]>
In-Reply-To: <3D3F33B1A4BB48FE84F8C39B90A29785@your029b8cecfe>
References: <p0624084fc7a0f5f984a3@[10.20.30.158]> <3D3F33B1A4BB48FE84F8C39B90A29785@your029b8cecfe>
Date: Wed, 17 Feb 2010 08:38:26 -0800
To: Adrian Farrel <Adrian.Farrel@huawei.com>, Paul Hoffman <paul.hoffman@vpnc.org>, secdir@ietf.org, draft-ietf-ccamp-gmpls-ether-svcs.all@tools.ietf.org
From: Paul Hoffman <phoffman@imc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-gmpls-ether-svcs
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2010 16:49:57 -0000
At 12:06 PM +0000 2/17/10, Adrian Farrel wrote: >Hi Paul, > >Thanks for the review. > >Off-topic of the draft, I think, you say... > >>RFC 3473 is GMPLS signalling with RSVP-TE. RSVP has hop-by-hop integrity protection >>that is often used in real-world deployments; no privacy is assumed in the signalling. However, >>RSVP-TE introduces non-hop-by-hop notifications that are adopted by draft-ietf-ccamp- >>gmpls-ether-svcs. Unlike the rest of RSVP-TE, those notifications have no integrity protection >>unless that operators run the protocol under a security service like IPsec > >I am not sure why you make this assertion. >The GMPLS Notification message is open to all of the security features available in RSVP-TE. Right, I said that. >It is true that Notification messages can be sent using "non-adjacent signaling" which would require the existence of security peerings between non-adjacent nodes. This can be achieved by group keying, but peer keying need not be so arduous in most use cases. Having looked again, I don't see how group keying achieves non-hop-by-hop security. You would need to combine group keying with guarantees that every hop uses the same key. I don't see where that guarantee is specified, but I could have missed it. >But an alternative mechanism for delivery of Notification messages is defined in RFC3473 where the messages are forwarded hop-by-hop within RSVP-TE. This enables the use of the normal RSVP-TE security model. We agree there. What I am saying is that the "normal RSVP-TE security model" does not actually provide end-to-end notification integrity. If I'm wrong about that, I'm happy to correct my assertion.
- [secdir] Secdir review of draft-ietf-ccamp-gmpls-… Paul Hoffman
- Re: [secdir] Secdir review of draft-ietf-ccamp-gm… Adrian Farrel
- Re: [secdir] Secdir review of draft-ietf-ccamp-gm… Paul Hoffman