IETF Logo Mail Archive

Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-05

Lou Berger <lberger@labn.net> Mon, 16 March 2020 11:29 UTC

Return-Path: <lberger@labn.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D1683A2312 for <secdir@ietfa.amsl.com>; Mon, 16 Mar 2020 04:29:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.362
X-Spam-Level:
X-Spam-Status: No, score=-3.362 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-1.463, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ofHCX6kNX9B5 for <secdir@ietfa.amsl.com>; Mon, 16 Mar 2020 04:29:49 -0700 (PDT)
Received: from gproxy7-pub.mail.unifiedlayer.com (gproxy7-pub.mail.unifiedlayer.com [70.40.196.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB9843A2315 for <secdir@ietf.org>; Mon, 16 Mar 2020 04:29:48 -0700 (PDT)
Received: from CMGW (unknown [10.9.0.13]) by gproxy7.mail.unifiedlayer.com (Postfix) with ESMTP id 938E1215EDE for <secdir@ietf.org>; Mon, 16 Mar 2020 05:29:46 -0600 (MDT)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id DnwIjc40gtoKZDnwIjK67e; Mon, 16 Mar 2020 05:29:46 -0600
X-Authority-Reason: nr=8
X-Authority-Analysis: v=2.2 cv=Qrsu5R6d c=1 sm=1 tr=0 a=h1BC+oY+fLhyFmnTBx92Jg==:117 a=h1BC+oY+fLhyFmnTBx92Jg==:17 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=SS2py6AdgQ4A:10 a=Vy_oeq2dmq0A:10 a=pGLkceISAAAA:8 a=wU2YTnxGAAAA:8 a=48vgC7mUAAAA:8 a=Cqp5pYgmsLkxk-JPjJQA:9 a=PoGEmgZM-z0fy8Kv:21 a=uxxTjkePg4vJ2kl6:21 a=QEXdDO2ut3YA:10 a=Yz9wTY_ffGCQnEDHKrcv:22 a=w1C3t2QeGrPiZgrLijVG:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject: References:In-Reply-To:Message-ID:Date:CC:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=OIl2O9lwocrQeUdoZ9JNGm/oahCwRHwgpBUzGrQxx7c=; b=vwTlzRIo7CJNI6Ewjyu7KQd89r tIb4FuO5/3doHRrkPhgqybFyAY+fMH79UimB6rgUzlWBgY/YDivLPG9vRvuV+fVjhYMRq7DntwS4Z ftUVoYd9ja+8LPXc2bKkGanCW;
Received: from pool-72-66-11-201.washdc.fios.verizon.net ([72.66.11.201]:48460 helo=[11.5.0.140]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <lberger@labn.net>) id 1jDnwI-002goz-51; Mon, 16 Mar 2020 05:29:46 -0600
From: Lou Berger <lberger@labn.net>
To: Stewart Bryant <stewart.bryant@gmail.com>
CC: secdir <secdir@ietf.org>, rtg-ads@ietf.org, draft-ietf-detnet-mpls.all@ietf.org, sec-ads@ietf.org, DetNet WG <detnet@ietf.org>
Date: Mon, 16 Mar 2020 07:29:46 -0400
Message-ID: <170e31b5c10.277b.9b4188e636579690ba6c69f2c8a0f1fd@labn.net>
In-Reply-To: <7A5A9066-7877-402A-9704-AD83AF4FD3D0@gmail.com>
References: <4834047a-838c-9f4c-96cb-c9486c16826a@labn.net> <1EAC1CA8-82B2-4D2E-89D5-3562DA1CCC4B@mit.edu> <7A5A9066-7877-402A-9704-AD83AF4FD3D0@gmail.com>
User-Agent: AquaMail/1.22.0-1511 (build: 102200004)
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 72.66.11.201
X-Source-L: No
X-Exim-ID: 1jDnwI-002goz-51
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-72-66-11-201.washdc.fios.verizon.net ([11.5.0.140]) [72.66.11.201]:48460
X-Source-Auth: lberger@labn.net
X-Email-Count: 6
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/6Mso6r-lYh7tIWIG7V4ScBdrC4Q>
Subject: Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2020 11:29:52 -0000

Stewart,

I think a number of your responses are actually more general than mpls and 
have to do with how routers and routing protocols are built. these concepts 
that are now generally taught in classes, not rfcs...

Lou


----------
On March 16, 2020 6:34:54 AM Stewart Bryant <stewart.bryant@gmail.com> wrote:

> Uri,
>
> That is a ridiculous position, and you flippancy demonstrates that.
>
> This technology fundamentally rests on MPLS and it is reasonable that the 
> reader of this RFC will understand MPLS and the security model it uses 
> before they implement or deploy it. Indeed I cannot think of any 
> implementor or operator that would not already have that knowledge before 
> taking on the task of building or running DN over MPLS.
>
> If SecDir reviews are to retain any credibility as expert reviews as 
> opposed to Genart random reader reviews they have to be carried out with 
> shared knowledge of both the security area and the draft’s host area.
>
> I have been thinking for some time that there needs to be a fundamental 
> review of the security review process.
>
> Stewart
>
>> On 15 Mar 2020, at 22:44, Uri Blumenthal <uri@mit.edu> wrote:
>> 
>> I say yes - unless you expect a person who wants just one RFC to have to 
>> read every cr^h^h stuff that came out of the routing area.
>> 
>> "Just do it"
>> 
>> 
>>> On Mar 15, 2020, at 17:39, Lou Berger <lberger@labn.net> wrote:
>>> 
>>> 
>>>> On 3/15/2020 5:22 PM, Watson Ladd wrote:
>>>>> On Sun, Mar 15, 2020 at 2:14 PM Lou Berger <lberger@labn.net> wrote:
>>>>> Hi Watson,
>>>>> 
>>>>>     I think Stewart's response really covers the main points. DetNet is
>>>>> really just MPLS (and IP) with some specific forwarding behaviors and
>>>>> queuing.  The only thing I'd add, is I see DetNet in general as a
>>>>> specific form of policy based routing. (The general form of which is
>>>>> pretty much as old as IP).
>>>> Then Stewart can put those points in the security considerations
>>>> section. What's the disadvantage of doing so?
>>> 
>>> At one level, it would be easiest for the authors to just put these in.  On 
>>> the other hand, this would mean that every RFC produced in the routing area 
>>> will acquire similar notes, e.g., routing protocols are currently built 
>>> with a chain of trust model.  Is this what the sec-dir really is asking the 
>>> routing area to do?
>>> 
>>> ADs,
>>> 
>>>    any opinion on this?     (for context, Stewart's response can be found at: 
>>>    https://mailarchive.ietf.org/arch/msg/detnet/-epL5Fb6bFIUltMrjH53C2316ZA/)
>>> 
>>> Thanks,
>>> 
>>> Lou
>>> 
>>>>> Lou
>>>>> 
>>>>> On 3/12/2020 9:35 PM, Watson Ladd wrote:
>>>>>> On Thu, Mar 12, 2020 at 4:07 AM Lou Berger <lberger@labn.net> wrote:
>>>>>>> Watson,
>>>>>>> 
>>>>>>> Can you provide context here? Can you be explicit on what you see needs to
>>>>>>> be addressed (beyond what is in this document as well as related rfcs)?
>>>>>> You have to talk about how the layers interact, and can't just say the
>>>>>> lower level handles anything without any guide as to what needs to be
>>>>>> provided by that lower layer.
>>>>>> 
>>>>>> I think my concerns about the assumptions this could be fixed by
>>>>>> saying. "All nodes are trusted and any of them can misbehave in ways
>>>>>> that affect the network.  If the MPLS layer cannot provide sufficient
>>>>>> determinism, then the DetNet mechanisms won't work".  I agree we
>>>>>> shoudn't require an entire massive security framework to be quoted
>>>>>> again here, but there must be some details of this embedding that are
>>>>>> worth noting, and yet I don't see them called out in the security
>>>>>> considerations section.
>>>>>> 
>>>>>> Are there really no specific concerns about the interaction between
>>>>>> DetNet and MPLS?
>>>>>> 
>>>>>>> Thank you,
>>>>>>> Lou
>>>>>>> 
>>>>>>> 
>>>>>>> ----------
>>>>>>> On March 11, 2020 10:30:27 PM Watson Ladd <watsonbladd@gmail.com> wrote:
>>>>>>> 
>>>>>>>> I don't see any reason why RFC 3552's guidelines shoudn't apply to this draft.
>>>>>>>> 
>>>>>>>> If there is a MPLS exception I'd like to see the rules that should be applied.
>>>>>>>> 
>>>>>>>> As is I don't see any reason why the assumptions can't be explicitly
>>>>>>>> spelled out, either in the Security Considerations or elsewhere.
>>>>>>>> 
>>>>>>>> _______________________________________________
>>>>>>>> detnet mailing list
>>>>>>>> detnet@ietf.org
>>>>>>>> https://www.ietf.org/mailman/listinfo/detnet
>>>>>>>> 
>>>> 
>>>> 
>>> 
>>> _______________________________________________
>>> secdir mailing list
>>> secdir@ietf.org
>>> https://www.ietf.org/mailman/listinfo/secdir
>>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>
> _______________________________________________
> detnet mailing list
> detnet@ietf.org
> https://www.ietf.org/mailman/listinfo/detnet

v2.23.0 | Report a Bug | By Email