IETF Logo Mail Archive

Re: [secdir] Secdir last call review of draft-ietf-rtgwg-net2cloud-problem-statement-36

Deb Cooley <debcooley1@gmail.com> Mon, 18 March 2024 13:23 UTC

Return-Path: <debcooley1@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79DB3C151985; Mon, 18 Mar 2024 06:23:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.857
X-Spam-Level:
X-Spam-Status: No, score=-6.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DBUQCOmoGrk3; Mon, 18 Mar 2024 06:23:54 -0700 (PDT)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1E2AC151710; Mon, 18 Mar 2024 06:23:54 -0700 (PDT)
Received: by mail-il1-x130.google.com with SMTP id e9e14a558f8ab-3668cdfc771so18839265ab.2; Mon, 18 Mar 2024 06:23:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710768234; x=1711373034; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4YkavpcFIE3pRisD0STXn12b94+ZTwbkg13QAW+YFbA=; b=R7qEF7OvYYOhau1mTYQWzoQ4ZJB3nKubYX2Kzjx7kG7yeQc0GlgtAu2HbvtK0Tck+c OFv766LDxAwMCBWBkKaU7qH9mhi57jtMCUg/Yn+dzjY0/3bwWcaiAM1038Z7nzjXe9WH A1qY3xNH7/5bJ4JH2/2mbJYF72L2AA7UtHqafe5Y7lbC+IfJraKZvSYK3W8xubLjxz1c TCtWhah7R3Q+SpqKviprxgye4mz87u3BgVG7AkPMvcgtZJUQnQlY0fMWXHCDzpfVkjBm R7P1lmhGFb6SNK8n01BwgU2sb4RzvVwO7o6pdVkblruEQUMcBgr8aytUNyKPRQ5il4eB dR0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710768234; x=1711373034; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4YkavpcFIE3pRisD0STXn12b94+ZTwbkg13QAW+YFbA=; b=Ucz8S0/6zl5atWU1t6DzEoZFiFxSrgycbxffQiIpndZsvrrGeiiyNSnuy08WmAmU5Q 0AokMGGK3S1sSh/S2Au5XOyyiei8RZ4Z5Oe8Z/lu7DD0fj7zIc4z/kWohetzKMKchuo1 +Bfzug7JMSw1QTESDI7+0hkD+rV6kzIm/XPW/NwyNjo3XkU0MZOTAwwpgencZwgY4vnV 6OqA4ZYg4dwe71ys86I8hCQyfkeBsD3ifw+fGSW723bsSaTCK/F3805y3TUzbu+TESDC N6Iw81oO+SJqpSgkgFQqSeug4/18Tees+mHnnRVXZK3MkPO4QXlrpnp5dD/TAmrSbpRo TWvg==
X-Forwarded-Encrypted: i=1; AJvYcCU+JNQNgS8t93qxPkiK7EqQZAfQZxwiyY4iToFTFN2NJ0uZaDVD1I7IUv4+ZzUYPPx94SMb0CUapA+HuvoJDcyoDBv22kUKj9RMIzxSfSatWimXcrvrV++gyjzd9+X+Jv4ZGX0Kbgy5qg/gpOb2lUI/T4HcbB4wPX14
X-Gm-Message-State: AOJu0YxeaHQrtKhLFu97qAARieGNa0263FaIrcC1Me10DzJ1pFNTtcAf L7j0/Q7TWF/g1rncTPCcb41oNKuLYbX6eKyX49yD/UKx/b0ESolzBHjUzKHgrC43oEyjpacNyTI 2WG3ADYtPmfVl9UlmRo/v7PWJ0JmESA3brQ==
X-Google-Smtp-Source: AGHT+IH4z8imUuYd2GQUheX1qn2CdwJY1SYN/pSCm07ESFvCTqdqObVR4o+RxrCwGWNDybaoP1VNMBDn8F9CqXiYdwk=
X-Received: by 2002:a05:6e02:6cd:b0:366:6bc6:8b4e with SMTP id p13-20020a056e0206cd00b003666bc68b4emr10261794ils.32.1710768233754; Mon, 18 Mar 2024 06:23:53 -0700 (PDT)
MIME-Version: 1.0
References: <170929516566.22050.4912794500698236384@ietfa.amsl.com> <CO1PR13MB49202C23241E301DB62DEE9085222@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1Of_3KuOpg4G9Pf0N4Qm-g+a0ymrVUV36Q0RY93gc-9Tfg@mail.gmail.com>
In-Reply-To: <CAGgd1Of_3KuOpg4G9Pf0N4Qm-g+a0ymrVUV36Q0RY93gc-9Tfg@mail.gmail.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Mon, 18 Mar 2024 09:23:41 -0400
Message-ID: <CAGgd1Oev+UPzLCpf+m+sKUt55KoDXX89gxfhdzqi057Avr51sA@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org" <draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ddb9cb0613ef447a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/CR1c3pg93satiS72I2rOV9zhKv8>
Subject: Re: [secdir] Secdir last call review of draft-ietf-rtgwg-net2cloud-problem-statement-36
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 13:23:55 -0000

Here is my review update for
draft-ietf-rtgwg-net2cloud-problem-statement-37:

I will update my review in the datatracker.

original comments (in black), updates (in blue)

1.  Section 5.1, paragraph 2:  Certainly the principles and assumptions of
RFC 4535* would apply to any group key management situation (note the word
change from 'group encryption' to 'group key management').  The specific
protocol addressed by that RFC isn't being used here (even though they
mention ISAKMP). How about something like this:

"The group key management protocol documented in [RFC4535] outlines the
relevant security risks for any group key management system in Section 3
(Security Considerations).  While this particular protocol isn't being
suggested, the drawbacks and risks of group key management are still
relevant."

done.

2.  Section 5.1, paragraph 3:  The draft referenced here is expired and the
security of the methods would have to be reviewed.  (that is listed in
Section 7)

The expired draft has been replaced with another draft.  The security of
the methods would have to be reviewed.  Please list that in Section 7.

3.  Section 5.2:  The draft referenced in this section is (currently) an
individual draft, and again the security of the methods would have to be
reviewed. (I see that WG adoption has been requested, and the draft is
listed in Section 7).

This is just a note to the WG - no action required as long as the WG agrees.

4.  Section 5.2, para 2:  nit:  Please spell out SRH and VxLAN.

done.

5.  Section 7, second to last bullet:  Please see my comments on Section
5.1.  I would use the words 'group key management' vice 'group
encryption'.  It is the key management of a group system that is tricky and
problematic, not the actual encryption per se. Something like this perhaps:

"Group key management comes with security risks such as:  keys being used
too long, single points of compromise (one compromise affects the whole
group), key distribution vulnerabilities, key generation vulnerabilities,
to name a few.  [RFC4535] outlines the security risks in Section 3
(Security Considerations).  While this specific protocol isn't being
suggested the risks and vulnerabilities apply to any group key management
system."

done with a nit:  There are two sentences which are basically repeats of
each other, they should be streamlined into a single sentence.  If it
doesn't get edited out, the remaining 'group key encryption' phrase should
be changed to 'group key management'.

6.  Section 7, last bullet:  Change 'improved IPsec tunnel management' to
'scaling IPsec tunnel management' to match the heading for Section 5.1.

done

7.  Note:  there are at least 3 expired drafts referenced as informational
by this draft (1 of them is suggested as security improvements).  It looks
unusual to my eye.  Again, either the WG or the IESG should weigh in.

Again, just a note to the working group:  The expired draft referenced as a
security improvement has been replaced with a different draft.  Other
expired drafts and personal drafts still remain.



On Tue, Mar 5, 2024 at 6:19 AM Deb Cooley <debcooley1@gmail.com> wrote:

> These are fine resolutions.  I'll check the draft once the publication
> window opens again.
>
> Deb
>
> On Mon, Mar 4, 2024 at 8:05 PM Linda Dunbar <linda.dunbar@futurewei.com>
> wrote:
>
>> Deb,
>>
>> Thank you very much for the second review and the comments.
>> The detailed resolutions are inserted below.
>>
>> Linda
>>
>> -----Original Message-----
>> From: Deb Cooley via Datatracker <noreply@ietf.org>
>> Sent: Friday, March 1, 2024 6:13 AM
>> To: secdir@ietf.org
>> Cc: draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org;
>> rtgwg@ietf.org
>> Subject: Secdir last call review of
>> draft-ietf-rtgwg-net2cloud-problem-statement-36
>>
>> Reviewer: Deb Cooley
>> Review result: Has Issues
>>
>> Reviewer: Deb Cooley
>>
>> Review result: Has Issues
>>
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the IESG.
>> These comments were written primarily for the benefit of the security area
>> directors.
>> Document editors and WG chairs should treat these comments just like any
>> other last call comments.
>>
>> Document: draft-ietf-rtgwg-net2cloud-problem-statement-36
>>
>> Reviewer: Deb Cooley
>>
>> Review Date: 2024-03-01 (sort of last call)
>>
>> The summary of the review is:
>>
>> 1.  Section 5.1, paragraph 2:  Certainly the principles and assumptions
>> of RFC
>> 4535* would apply to any group key management situation (note the word
>> change from 'group encryption' to 'group key management').  The specific
>> protocol addressed by that RFC isn't being used here (even though they
>> mention ISAKMP).
>> How about something like this:
>>
>> "The group key management protocol documented in [RFC4535] outlines the
>> relevant security risks for any group key management system in Section 3
>> (Security Considerations).  While this particular protocol isn't being
>> suggested, the drawbacks and risks of group key management are still
>> relevant."
>> [Linda] Thank you very much for the suggested wording. Changed in v-37
>>
>> 2.  Section 5.1, paragraph 3:  The draft referenced here is expired and
>> the security of the methods would have to be reviewed.  (that is listed in
>> Section
>> 7)
>> [Linda] removed the reference to SECURE-EVPN as the draft authors seem
>> not eager to move the draft forward.
>>
>> 3.  Section 5.2:  The draft referenced in this section is (currently) an
>> individual draft, and again the security of the methods would have to be
>> reviewed. (I see that WG adoption has been requested, and the draft is
>> listed in Section 7).
>> [Linda] Is it Okay?
>>
>> 4.  Section 5.2, para 2:  nit:  Please spell out SRH and VxLAN.
>> [Linda] added.
>>
>>
>> 5.  Section 7, second to last bullet:  Please see my comments on Section
>> 5.1.
>> I would use the words 'group key management' vice 'group encryption'.  It
>> is the key management of a group system that is tricky and problematic, not
>> the actual encryption per se. Something like this perhaps:
>>
>> "Group key management comes with security risks such as:  keys being used
>> too long, single points of compromise (one compromise affects the whole
>> group), key distribution vulnerabilities, key generation vulnerabilities,
>> to name a few.
>> [RFC4535] outlines the security risks in Section 3 (Security
>> Considerations).
>> While this specific protocol isn't being suggested the risks and
>> vulnerabilities apply to any group key management system."
>> [Linda] Thank you very much for the suggested wording. Changed in v-37.
>>
>> 6.  Section 7, last bullet:  Change 'improved IPsec tunnel management' to
>> 'scaling IPsec tunnel management' to match the heading for Section 5.1.
>> [Linda] Changed.
>>
>> 7.  Note:  there are at least 3 expired drafts referenced as
>> informational by this draft (1 of them is suggested as a security
>> improvement).  It looks unusual to my eye.  Again, either the WG or the
>> IESG should weigh in.
>> [Linda] all updated.
>>
>> * RFC 4535: Thanks for that blast from the past, it has been decades
>> since  I've seen some of those authors names.
>>
>>
>>
>>
>>
>

v2.23.0 | Report a Bug | By Email