Re: [secdir] Security directorate review of draft-ietf-tcpm-yang-tcp-06
"Scharf, Michael" <Michael.Scharf@hs-esslingen.de> Fri, 17 June 2022 09:13 UTC
Return-Path: <Michael.Scharf@hs-esslingen.de>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C12CC15AAE6; Fri, 17 Jun 2022 02:13:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hs-esslingen.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f3k4OcfItO_K; Fri, 17 Jun 2022 02:13:32 -0700 (PDT)
Received: from mail.hs-esslingen.de (mail.hs-esslingen.de [134.108.32.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 491CAC1527AF; Fri, 17 Jun 2022 02:13:32 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.hs-esslingen.de (Postfix) with ESMTP id 15BFE25A2B; Fri, 17 Jun 2022 11:13:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hs-esslingen.de; s=mail; t=1655457210; bh=VeHjneRxzlRC1xSiReYgaIu8S83UB7OXdjCpTZ6fpXo=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=o3yRrkuzGIl4UZOvm3l3M9Rbq4B+nXHsOQfgru4wN+lIJhWlpn32l+s7uOr0yVLyN hiSnM62aGyaCmFGQ5PFKVulPoOchL/nhEgOfOhJkk1GJO5ch3WVl3TI6gOadN+zfTH pdEaLjozpvqYRgyj/XybMEP44oYXh0WDH/bA8LFw=
X-Virus-Scanned: by amavisd-new-2.7.1 (20120429) (Debian) at hs-esslingen.de
Received: from mail.hs-esslingen.de ([127.0.0.1]) by localhost (hs-esslingen.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xpLTDwsFPnkD; Fri, 17 Jun 2022 11:13:28 +0200 (CEST)
Received: from rznt8201.rznt.rzdir.fht-esslingen.de (rznt8201.hs-esslingen.de [134.108.48.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hs-esslingen.de (Postfix) with ESMTPS; Fri, 17 Jun 2022 11:13:28 +0200 (CEST)
Received: from rznt8202.rznt.rzdir.fht-esslingen.de (134.108.48.165) by rznt8201.rznt.rzdir.fht-esslingen.de (134.108.48.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Fri, 17 Jun 2022 11:13:28 +0200
Received: from rznt8202.rznt.rzdir.fht-esslingen.de ([fe80::aca4:171a:3ee1:57e0]) by rznt8202.rznt.rzdir.fht-esslingen.de ([fe80::aca4:171a:3ee1:57e0%3]) with mapi id 15.01.2375.028; Fri, 17 Jun 2022 11:13:28 +0200
From: "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>
To: Hilarie Orman <hilarie@purplestreak.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-tcpm-yang-tcp.all@ietf.org" <draft-ietf-tcpm-yang-tcp.all@ietf.org>
Thread-Topic: Security directorate review of draft-ietf-tcpm-yang-tcp-06
Thread-Index: AQHYLmdvJJJJrTpm906GpBnOhpDhia1T9REw
Date: Fri, 17 Jun 2022 09:13:28 +0000
Message-ID: <eb92eedeeb6e4be3b75c190ae1927341@hs-esslingen.de>
References: <202203021856.222Iukla026216@rumpleteazer.rhmr.com>
In-Reply-To: <202203021856.222Iukla026216@rumpleteazer.rhmr.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [134.108.140.249]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/BnjVJ7_IgN7mSNaGi3H2ujVYvn0>
Subject: Re: [secdir] Security directorate review of draft-ietf-tcpm-yang-tcp-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2022 09:13:36 -0000
Hi Hilarie, Thanks a lot for this review. We have changed the wording regarding TCP-AO to be more explicit that TCP-AO is only required if TCP authentication is required (i.e., not IPsec or TLS). The suggested wording is now: Given an installed base, the model also allows enabling of the legacy TCP MD5 [RFC2385] signature option. The TCP MD5 signature option was obsoleted by TCP-AO in 2010. If current implementations require TCP authentication, it is RECOMMENDED to use TCP-AO TCP-AO [RFC5925]. The lack of authentication failure statistics is indeed a good catch. Yet, I believe that authentication failure statistics could be modeled generically for several security protocols, i.e., they may not be specific to TCP-AO. As a result, an alternative approach might be a generic YANG model for such statistics, which could hopefully be used by TCP-AO implementations as well. Yet, the TCPM WG would not be the right place for specifying such a more widely applicable statistics model. Version -07 tries to address also other IETF last call reviews and thus includes several changes. Please have a look at the new version (https://datatracker.ietf.org/doc/html/draft-ietf-tcpm-yang-tcp-07) or the diff (https://www.ietf.org/rfcdiff?url2=draft-ietf-tcpm-yang-tcp-07) and let us know if more is needed. Best regards Michael > -----Original Message----- > From: Hilarie Orman <hilarie@purplestreak.com> > Sent: Wednesday, March 2, 2022 7:57 PM > To: iesg@ietf.org; secdir@ietf.org > Cc: draft-ietf-tcpm-yang-tcp.all@ietf.org > Subject: Security directorate review of draft-ietf-tcpm-yang-tcp-06 > > Security review of > A YANG Model for Transmission Control Protocol (TCP) Configuration > draft-ietf-tcpm-yang-tcp-06 > > Do not be alarmed. I generated this review of this document as part > of the security directorate's ongoing effort to review all IETF > documents being processed by the IESG. These comments were written > with the intent of improving security requirements and considerations > in IETF drafts. Comments not addressed in last call may be included > in AD reviews during the IESG review. Document editors and WG chairs > should treat these comments just like any other last call comments. > > The abstract: > This document specifies a minimal YANG model for TCP on devices that > are configured by network management protocols. The YANG model > defines a container for all TCP connections and groupings of > authentication parameters that can be imported and used in TCP > implementations or by other models that need to configure TCP > parameters. The model also includes basic TCP statistics. > > This is a well-written document that brings up a troubling issue, the > outdated use of a keyed hash for authentication in TCP. The fact that > there is such an option seems to be an expediency introduced long ago. > Originally, the hash algorithm was MD5, which made sense at the time. > Apparently that has become deeply embedded in network infrastructure. > Although the Authentication Option was later updated to include a > better hash algorithm, the unfortunate choice was SHA-1. Both MD5 and > SHA-1 are considered "broken". > > The keyed hash with MD5 or SHA-1 might be justified as "better than > nothing" or "good enough for our use cases", but it has the effect of > forcing two bad hash algorithms to reside permanently in the code base > for network management. There are security efforts to move to > post-quantum cryptography and a quantum Internet, yet the oldest and > most unsuitable cryptographic algorithms seem set in stone. It is as > though one looked into an ALU with a microscope and found a tiny > abacus etched into the silicon for backwards compatibility. > > >From a security standpoint, it would be best if the YANG TCP document > were to recommend strongly against using TCP authentication no matter > what the hash algorithm is. The recommended security solution is to > use IPSec or TLS to secure connections. > > In the event that TCP authentication remains in YANG, I note that > there are no statistics kept for authentication failures. If a shared > key falls out of synch, the statistics might help detect that. > > Hilarie >
- [secdir] Security directorate review of draft-iet… Hilarie Orman
- Re: [secdir] Security directorate review of draft… Scharf, Michael