Re: [secdir] comments on draft-irtf-rrg-recommendation-14

"Polk, William T." <william.polk@nist.gov> Fri, 29 October 2010 01:14 UTC

Return-Path: <william.polk@nist.gov>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 373AF3A69D5; Thu, 28 Oct 2010 18:14:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.146
X-Spam-Level:
X-Spam-Status: No, score=-6.146 tagged_above=-999 required=5 tests=[AWL=-0.347, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cj3-IulagHgk; Thu, 28 Oct 2010 18:14:12 -0700 (PDT)
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by core3.amsl.com (Postfix) with ESMTP id 462E93A67D0; Thu, 28 Oct 2010 18:14:12 -0700 (PDT)
Received: from WSXGHUB2.xchange.nist.gov (WSXGHUB2.xchange.nist.gov [129.6.18.19]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id o9T1FrEL004256; Thu, 28 Oct 2010 21:15:53 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB2.xchange.nist.gov ([129.6.18.19]) with mapi; Thu, 28 Oct 2010 21:15:38 -0400
From: "Polk, William T." <william.polk@nist.gov>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Sandra Murphy <Sandra.Murphy@sparta.com>
Date: Thu, 28 Oct 2010 21:15:49 -0400
Thread-Topic: [secdir] comments on draft-irtf-rrg-recommendation-14
Thread-Index: Act25k3YCKHusFNxRqWBbdaGr4gz8wAIIRV+
Message-ID: <C8EF9885.1F4B7%wpolk@nist.gov>
In-Reply-To: <4CC9E98D.1090804@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_C8EF98851F4B7wpolknistgov_"
MIME-Version: 1.0
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: william.polk@nist.gov
Cc: "tony.li@tony.li" <tony.li@tony.li>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] comments on draft-irtf-rrg-recommendation-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2010 01:14:14 -0000

Stephen,

We have not changed the process.  There was a tools error - the draft ended up on the agenda as an informational RFC on the IETF stream.  I actually pointed this out to the secretariat so that the document was moved to the right part of the agenda, but I did not notice that this document got assigned for a secdir review.  Sandy was diligent and did the review before the telechat.

We need to figure out why the tools error is occurring and get this corrected.  Adding a manual step for irtf stream filtering would be a real burden for Sam.

Thanks,

Tim


On 10/28/10 5:22 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>; wrote:



Not really for Sandy, more for the ADs/Sam W:

Why are we doing a secdir review of an IRTF draft? That's
not required by any process I know of (speaking as an IRTF
RG chair).

Unless maybe the RRG asked for it, in which case, ignore
this.

Otherwise we should try filter the assignments for
irtf drafts since this is not the 1st time this has
happened. (Last time, I spotted it before someone did a
review.)

Ta,
Stephen.

On 28/10/10 18:27, Sandra Murphy wrote:
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security
> area directors.  Document editors and WG chairs should treat these
> comments just like any other last call comments.
>
> I unfortunately was off-net for a few days and got to this assignment
> rather late.  The document is long and covers a broad swath of material
> and I was not able to cover it deeply.
>
> This document is a product of the rrg IRTF working group.  It summarizes
> 15 different proposals for a new routing and addressing architecture for
> the Internet, with short summaries, critiques and rebuttals for each,
> and gives a final recommendation to the IETF for future direction.
>
> With the breadth of scope of the document, there is no way for me to
> review each proposal's documents for security considerations.
>
> The security considerations of *this* document itself is quite terse:
>
> 20. Security Considerations
>
>    All solutions are required to provide security that is at least as
>    strong as the existing Internet routing and addressing architecture.
>
> Given the widely reported weakness of the "existing Internet routing and
> addressing architecture", this is a low bar indeed.  There are attempts
> in progress to attempt to improve the security of the Internet routing
> and addressing architecture.  I do not know what to suggest if these
> improvements leave the Internet with stronger security than is provided
> by these proposals.
>
> The summaries of the different proposals devote little attention to the
> infrastructure security ramifications of the proposal.  Given the stated
> goal, perhaps no attention was necessary.
>
> Many of these proposals include an encapsulation system, presenting the
> expected difficulties with end system authentication, filtering systems
> at boundaries, etc.  Some proposals addressed these concerns.  I am not
> sure if the security considerations section meant that the proposals
> were required to avoid weakening the end-host security protections
> already provided (ipsec, NAT, whatever).
>
> The rrg wg came to consensus that a fundamental architectural feature is
> a separation of locator and identifier for any node.  Many of the
> discussed alternatives include a mapping system that produce a locator
> for a given destination identifier.
>
> The mapping system would seem to be a very likely point of
> vulnerability, permitting traffic redirection for data exposure or
> blackholing, etc. Many proposals suggest a hierarchic architecture of
> the mapping system for scaling purposes.  I would presume that an
> authorization scheme for the mapping system would be essential, and that
> the hierarchy would be an important aspect of that scheme.  Of course, I
> can't tell much at this level of detail about how and if each proposals
> addresses this.  (One of the recommendations suggests communicating
> mapping info through bgp - I can not say at this point whether the SIDR
> suggestions for improving bgp security would be applicable.)
>
> --Sandy
>
> Nits:
>
>    PMTUD  Path Maximum Transmission Unit Discovery: The process or
>       mechanism that determines the largest packet that can be sent
>       between a given source and destination with being either i)
>       fragmented (IPv4 only), or ii) discarded (if not fragmentable)
>       because it is too large to be sent down one link in the path from
>       the source to the destination.
>
> It should say "*without* being either", right?  A long sentence so I may
> have lost my place.
>
>
> Several of the comments start using terms that are part of the wg
> deliberations, I'm sure.  But it makes reading the discussions and
> critiques obtuse.  In particular, "Core-Edge Separation" and "Core-Edge
> Elimination" seems to a well understood concept in the wg.  It needs to
> be defined somewhere.  A web search found references in some conference
> papers and in rrg mailing lists.
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
>