Re: [secdir] (Security sections) SecDir and AppsDir review of draft-ietf-storm-iscsi-cons-06

Alexey Melnikov <alexey.melnikov@isode.com> Thu, 11 October 2012 11:38 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5B021F8704; Thu, 11 Oct 2012 04:38:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.358
X-Spam-Level:
X-Spam-Status: No, score=-102.358 tagged_above=-999 required=5 tests=[AWL=0.241, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQNw-a15qP42; Thu, 11 Oct 2012 04:38:20 -0700 (PDT)
Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 174ED21F8703; Thu, 11 Oct 2012 04:38:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1349955499; d=isode.com; s=selector; i=@isode.com; bh=H4yBC1AvjkWtm4vNGYqyAG6h+p4A/PLQhex1JDfhLso=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=KaR1dqFmi+DgjPtFfWhRaHQU9btSxX53kjnpJQCU6zx9GI3cj6NNJI8xuJkHo7cQQmD9tx nsOVxxbh2rbmO/3LghJ948OEuPS/fRXViPF8k4ac4q7Dyqzhc9fkuEdyQrVoSyrc6zTr+W rznMiubyV0NRXXBRX7tT2cJEA/jZkEo=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by waldorf.isode.com (submission channel) via TCP with ESMTPA id <UHavqgB4nj9m@waldorf.isode.com>; Thu, 11 Oct 2012 12:38:19 +0100
Message-ID: <5076AFB0.5020102@isode.com>
Date: Thu, 11 Oct 2012 12:38:24 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: "Black, David" <david.black@emc.com>
References: <E160851FCED17643AE5F53B5D4D0783A4C411CA2@BL2PRD0610MB361.namprd06.prod.outlook.com> <8D3D17ACE214DC429325B2B98F3AE7120DF11D8F@MX15A.corp.emc.com>
In-Reply-To: <8D3D17ACE214DC429325B2B98F3AE7120DF11D8F@MX15A.corp.emc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Mallikarjun Chadalapaka <cbm@chadalapaka.com>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-storm-iscsi-cons.all@tools.ietf.org" <draft-ietf-storm-iscsi-cons.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] (Security sections) SecDir and AppsDir review of draft-ietf-storm-iscsi-cons-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Oct 2012 11:38:21 -0000

Hi David,

On 09/10/2012 17:14, Black, David wrote:
>> Hi Alexey, here are the responses to your comments specific to security
>> sections of iSCSI consolidated draft - actually, I am deferring mostly to
>> Julian and David who are better suited than me to comment on this area, :-)
> That would be my cue ... inline ...
>
>>> In 9.3.1:
>>>
>>> - HMAC-SHA1 MUST be implemented [RFC2404].
>>>
>>> RFC 2404 seems to define HMAC-SHA-1-96, not HMAC-SHA1.
>> [Mallikarjun:] That is true. I do not know the reason for this citing.
>> Julian/David?
>>
>> I also found it interesting that the abstract for 2404 itself does not use the
>> "96" qualifier.
> IPsec uses HMAC-SHA1 with its output truncated to 96 bits.  HMAC-SHA1 was
> used here as being a more recognizable algorithm name, but the specific
> requirements of RFC 2404 do apply.  Here's some revised text that handles
> both concerns:
>
>   - HMAC-SHA1 MUST be implemented in the specific form of HMAC-SHA-1-96 [RFC2404].

I like this. Thanks.

>>> 9.3.2. Confidentiality
>>>
>>>     The NULL encryption algorithm MUST also be implemented.
>>>
>>> I find it odd that the section talks about how weak DES is and then
>>> requires NULL encryption to be supported. What is the reason for this?
>>   [Mallikarjun:] IIRC, I *think* this was because we wanted implementations to
>> be able to use the authentication/MAC of IPSec suite, without forcing them
>> always to use encryption. David, can you please add/correct?
> Mallikarjun is basically correct, but there's more to explain.
>
> The NULL encryption algorithm is needed to allow use of ESP for authentication
> (cryptographic integrity) without encryption.  This is often preferred to AH
> for that purpose, especially in hardware implementations.

Ok.

>>> 9.3.3. Policy, Security Associations, and Cryptographic Key
>>>           Management
>>>
>>>        - When digital signatures are used to achieve authentication,
>>>          an IKE negotiator SHOULD use IKE Certificate Request
>>>          Payload(s) to specify the certificate authority. IKE
>>>          negotiators SHOULD check the pertinent Certificate
>>>          Revocation List (CRL) before accepting a PKI certificate for
>>>          use in IKE authentication procedures.
>>>
>>> What are the reasons for these requirements being SHOULD level (as
>>> opposed to MUST level)?
> There are environments in which a small number of certificates are statically
> configured as trust anchors in which these mechanisms may not be needed.

I think mentioning this would be useful.

>>>     - The following identification type requirements apply to IKEv1.
>>>       ID_IPV4_ADDR, ID_IPV6_ADDR (if the protocol stack supports
>>>       IPv6) and ID_FQDN Identification Types MUST be supported;
>>>       ID_USER_FQDN SHOULD be supported. The IP Subnet, IP Address
>>>       Range, ID_DER_ASN1_DN, and ID_DER_ASN1_GN Identification Types
>>>       SHOULD NOT be used. The ID_KEY_ID Identification Type MUST NOT
>>>       be used.
>>>
>>> It would be good to know the reason for the last SHOULD NOT and the last
>>> MUST NOT.
>>   [Mallikarjun:] I will defer to Julian and David on these.
> Sure ... this was done back in RFC 3270 and is being carried forward
> from there (i.e., none of these requirements are new).
>
> IP Subnet and IP Address Range are too broad to usefully identify an
> iSCSI endpoint, hence they are "SHOULD NOT".
>
> The _DN and _GN types are X.500 identities; unless one is a PKI
> expert, the better approach is usually to use subjectAltName.
> The primary reason for the "SHOULD NOT" was to warn those who
> are not PKI experts away from X.500 identities.
>
> ID_KEY_ID is not interoperable as specified in RFC 2407
> ("opaque byte stream which may be used to pass vendor-specific
> information"), hence they are "MUST NOT".
>
> Should explanatory text for these be added to the draft?

I think this would be useful. It might also help you with revising the 
document in the future.