[secdir] Re: Secdir last call review of draft-ietf-mops-treedn-04
Leonard Giuliano <lenny@juniper.net> Fri, 12 July 2024 02:58 UTC
Return-Path: <lenny@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA12DC15106C; Thu, 11 Jul 2024 19:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.952
X-Spam-Level:
X-Spam-Status: No, score=-2.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="Iob+6Xmj"; dkim=neutral reason="invalid (public key: not available)" header.d=juniper.net header.b="g80CD02F"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ETV4BoXSG42J; Thu, 11 Jul 2024 19:58:28 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9FE1C14F6BF; Thu, 11 Jul 2024 19:58:23 -0700 (PDT)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 46BIu5SX011491; Thu, 11 Jul 2024 19:58:20 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=PPS1017; bh=cV8SO/DglANb3I3dvLnOCYw16l OcB9GkKW4uGT3yiWA=; b=Iob+6XmjcVSJ3huHCFkDY610k+5Xx2xDPaLiYmhlH8 GmlNYqKv68G4i50ibh1lF0t4aAvgZqt2iNHzsCehO588BqtzApyqOXv5SUo6W2Ss 2dPZYQ7okkv06s0MzSCkPeVBIzS5y5pCzxIzZDGPckrtQ2454qonmbeAhdh+2Sgg 9GT7Dk65qTYPQ0l/xCK78WqMPmcead9lCZkZ2dyerRVmmjtwoJvquX3nHu0qstLh Acwt6pc2oi91G9XgG4ALwsDn3/YijYwAb4ilZEMZLuOzmk17cpn86j/tL/++xhmD BkKNZsEJkZIz3nOneZnPCfE4bdiwLjSw3SzBXHbQtTVg==
Received: from sn4pr2101cu001.outbound.protection.outlook.com (mail-southcentralusazlp17012053.outbound.protection.outlook.com [40.93.14.53]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 4073ucc8u3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 11 Jul 2024 19:58:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Gp8BH7B1b8bWTlYWprNUrvRup125rJ/pYFMQBcdW+CozbmOnpS5FLEksWqM14Jo+/vHQ57B8mXwncUov+S1+ml3WWZkjnIok1wI2iizYu35rmqybinCroG+USfBtXnqpXHuGzI3CzSTZhPl5++Y1dT2Syxc0GytXiLCItSCwzv8LkPrVWY/L6DLcFjN6R4NTiUmJHz7wb4mTSzwD400LtpuzQ4r5v7FDtlhG6TKx/wW0QAADeCl1LMko3gULGhNzWkQvREwx7k8HdTwUOLOASQsvNem/hhQYV8WVhxdwfpU+m6mk+UpagMDIm+MF4g4qyLWWEsD/kJzO46ngrYV7bg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cV8SO/DglANb3I3dvLnOCYw16lOcB9GkKW4uGT3yiWA=; b=F91J7lg8V1w1hc/c65QOR8ghj5P+eOQRUMFYnbD3ovQTcjCzzV2kMwjS4xTedrkKLdfn25bZXEOVaFbDJ+umNKWaQq5i00hEgdVXz88/DCA1+9SXRL/RxMJmE0q1NMOfKrCA58eRt4yldwGf4SQI7/FMto8zyhwOxOABF9QG4P+bnQz9d58GoAj9aVKo41avv2fxy+iE2DEGkZMvTDzjLDx89L82vCINIPrvCC9zIJkrqXgRX50r82jfIcPB9dlovgumGkr3XVloM1PR9YEzWzxNOBSd9oIcw3mpmby5AHPcrEk7mnB0ZSnKT/rwsh/zd4uKtQu5lxcUtSAi2qjiCg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.14) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cV8SO/DglANb3I3dvLnOCYw16lOcB9GkKW4uGT3yiWA=; b=g80CD02F1Y3jXJNXud3/WprYwXeBjxqCFmn1gooK/vWCYlKJCpEEyRHyh5hf9wKLGlhnAHQ3n4hqqTMwm9XBhbEwGXZnUyrP3nR0v6dJyqK4Bh2KPmDtR2i+LFzkehqT2Kx28OyG3TKOSVC0juUIph8aP8ACaBVgr2UFDVVb0Us=
Received: from MN2PR13CA0014.namprd13.prod.outlook.com (2603:10b6:208:160::27) by BLAPR05MB7250.namprd05.prod.outlook.com (2603:10b6:208:298::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.22; Fri, 12 Jul 2024 02:58:16 +0000
Received: from BL6PEPF0001AB73.namprd02.prod.outlook.com (2603:10b6:208:160:cafe::ed) by MN2PR13CA0014.outlook.office365.com (2603:10b6:208:160::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.23 via Frontend Transport; Fri, 12 Jul 2024 02:58:16 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.14) smtp.mailfrom=juniper.net; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.14 as permitted sender)
Received: from p-exchfe-eqx-01.jnpr.net (66.129.239.14) by BL6PEPF0001AB73.mail.protection.outlook.com (10.167.242.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.17 via Frontend Transport; Fri, 12 Jul 2024 02:58:16 +0000
Received: from p-exchbe-eqx-01.jnpr.net (10.104.9.14) by p-exchfe-eqx-01.jnpr.net (10.104.9.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 11 Jul 2024 21:58:15 -0500
Received: from p-exchbe-eqx-01.jnpr.net (10.104.9.14) by p-exchbe-eqx-01.jnpr.net (10.104.9.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 11 Jul 2024 21:58:15 -0500
Received: from p-mailhub01.juniper.net (10.104.20.6) by p-exchbe-eqx-01.jnpr.net (10.104.9.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4 via Frontend Transport; Thu, 11 Jul 2024 21:58:15 -0500
Received: from eng-mail03.juniper.net (eng-mail03.juniper.net [10.108.22.11]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 46C2wFYl025105; Thu, 11 Jul 2024 19:58:15 -0700 (envelope-from lenny@juniper.net)
Received: from eng-mail03.juniper.net (localhost [127.0.0.1]) by eng-mail03.juniper.net (8.18.1/8.18.1) with ESMTPS id 46C2wE3v048856 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Thu, 11 Jul 2024 19:58:14 -0700 (PDT) (envelope-from lenny@juniper.net)
Received: from localhost (lenny@localhost) by eng-mail03.juniper.net (8.18.1/8.18.1/Submit) with ESMTP id 46C2wEIu048853; Thu, 11 Jul 2024 19:58:14 -0700 (PDT) (envelope-from lenny@juniper.net)
X-Authentication-Warning: eng-mail03.juniper.net: lenny owned process doing -bs
Date: Thu, 11 Jul 2024 19:58:14 -0700
From: Leonard Giuliano <lenny@juniper.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <171440147936.51938.15814933407749997561@ietfa.amsl.com>
Message-ID: <51b92ff2-d6bb-fa2f-e608-a9bb61da681a@juniper.net>
References: <171440147936.51938.15814933407749997561@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB73:EE_|BLAPR05MB7250:EE_
X-MS-Office365-Filtering-Correlation-Id: 09738742-69d6-4cc3-ef43-08dca21e7a7e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|376014;
X-Microsoft-Antispam-Message-Info: 5WTfBhW1RiaSr8XjEWfYklOVqKTafuamA3Nu11OuRzuV/H0l5beiXV8FE8V6e3z59LyupTZWxvXGrFlLXc+hssofNTIryKTsaU59HD3LjwIDJGJizR8eZDrgdfCxLjj39xLXd8Wt7aM/AQtO7JiDtyrdbofPto0dBmIR7jUoq8V7dzknYKIJwsNRANTVemdrJwNiNAXh2x6iFlLFnKaLZbDib6lA3MZe36IR2GcTPeRAJoYXoVGQdC+XJQwiHeBmFAMw1OLxJWrRZZm4p8i1t/3VJEUCvkcFw8Erm2RJJx46kTt4HnbZIiXjksUGDnTAMvRX0RWFSnDvgBNZ7xC8D12if6Luf+KX88qcEVM0aegQvDt522FW8u9ziQ/M/b1oGYuT2FxJkw0wFc13bRXp+34cIRwLLWqFdEDD3Ew/r/2b56AGj49alZAJ9nZa6lIxYq+GwFRfO+w2ZJJiDgpQorugBz56W7COQChmPTOQNE2mKHcbby0iEFWtNlE8HSjzolTT0zDITKKhsTjbkyVCQI+glvlth9vG32fYqOEF+XW1Ig5jU67bJsx8P5YZF5BjzHh+6Aa56ZbagoQkrRuEvJXqB+sOk0ldQB+C83RhenLIwgaUfAL/xFU3lF5zBh2p2HKroGV/Du0+V6O2uhkeilxxXI6uu2NRKtQtGb6Xgk0u0YI7a5dQFxfsWdoL97g0+XjPJjic1kIyGAnWRPVMt8MiHoCcMAvLAFG7xR/hy7uXFWzusuKyiQ78WRJBHLQBhn4JAZn8H0bdw4YK+NHp9xvv/9Xzd3S8FYWhv8HtOrV5N04JKdkGvZhXAULYoeVzRNI0uBDriUEzG/zyCINI30xO5Hut0wjWAmi9FbsPCYv3eEFJmv9HMeg/LRggEHQxhow5z6ItquyCZF4skN1x2tjXfiAcc1dUQirI/SKPOYcXlb5KB2eR4dxdONiId4t1ZJwnvtMETqqK8p/mPhLZi7tQUsKDxRv58fAQp+wKcZYxxFwlWCjcIyTLfQzmfKJAw3GPZ2HyutyXFM0+vZDSVBNpYgf31Zc6KsZbT4BSmkCZUylZjCpOsHm04J8H8DlFHi0oIeujHOCPdzNfD8V25E9/bBx/Bdcq5Ibh5eqOxlCsOq/xsEEP24ZGBFgJz1/0pUj9wpguggr2o6sh+K/mbnfOS3Zyow+HXCfUCc35FKy6iMgKAi94SW6NLm/fb22At5fCryBTwbFqIgQZ/eSeaVRBqmE8lzJmGYbE+ezw29lJoKx6sUWYlLvQ1/OnDanMQNnopKg5Agx6C50JT9ZvMfIaBGiVi8qI3YroivLNObhBv6/yYFYiZb9nUDcJXV7yyjGpbDWgRjcP+fZtIU9njliKmM/ysjIKW7KIw1af6C54nWn/7GpswbU+WH/p9vsbRjPmro+SALKqZxUY1E/Imw==
X-Forefront-Antispam-Report: CIP:66.129.239.14;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:p-exchfe-eqx-01.jnpr.net;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(376014);DIR:OUT;SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2024 02:58:16.6219 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 09738742-69d6-4cc3-ef43-08dca21e7a7e
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4;Ip=[66.129.239.14];Helo=[p-exchfe-eqx-01.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB73.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR05MB7250
X-Proofpoint-ORIG-GUID: PRMpGFsYV68xUKuEubNmpk2A-mke3CGJ
X-Proofpoint-GUID: PRMpGFsYV68xUKuEubNmpk2A-mke3CGJ
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-11_19,2024-07-11_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 clxscore=1011 suspectscore=0 priorityscore=1501 adultscore=0 mlxlogscore=999 lowpriorityscore=0 mlxscore=0 impostorscore=0 spamscore=0 phishscore=0 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2406140001 definitions=main-2407120020
Message-ID-Hash: NK33HH7LGUHMRXNBWOV32IEPU6Y3MHZA
X-Message-ID-Hash: NK33HH7LGUHMRXNBWOV32IEPU6Y3MHZA
X-MailFrom: lenny@juniper.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: secdir@ietf.org, draft-ietf-mops-treedn.all@ietf.org, last-call@ietf.org, mops@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: Secdir last call review of draft-ietf-mops-treedn-04
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/H4ZtDbgOV5RGpiVnMnOmUT9RS2Q>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Stephen- thank you for the thoughtful review. We have updated the draft based on your feedback. In particular, we added section 8 to describe several TreeDN deployments to provide some more concrete details on real-world deployments. Please let us know if the latest revision addresses your concerns. A diff can be found here: https://author-tools.ietf.org/iddiff?url1=draft-ietf-mops-treedn-04&url2=draft-ietf-mops-treedn-05&difftype=--html Further comments inline: On Mon, 29 Apr 2024, Stephen Farrell via Datatracker wrote: | | Reviewer: Stephen Farrell | Review result: Has Issues | | The draft describes TreeDN, a scheme for using AMT (automatic multicast | tunnelling) to overcome issues with IP multicast. Overall, the ideas appear | sound enough, esp. for an informational/overivew document, but I did see a few | issues that probably ought be fixed before publication. (They should be easily | fixed though.) | | - The security considerations section needs to refer to the security | considerations of RFC7450 (AMT) and also really ought include some analysis of | how esp. the potential DoS issues described there might (or do not) affect uses | such as broadcasting large-scale sports events. Explicitly called out the security considerations of RFC7450 and how they apply to TreeDN. | | - I only had a quick look I had at RFC7450 but if the anycast IP of the AMT | relay tends to identify the kind of content (whether a specific event, or some | kind of "TV channel" equivalent), then TreeDN may have a privacy issue that | perhaps wouldn't have been as much appreciated when RFC7450 was being | developed. (And certainly wasn't when the -00 that became RFC7450 was | started:-) In other contexts we're starting to be much more sensitive to such | issues and those also deserve consideration here, e.g. adding some text to the | effect that if the AMT gateway is associated with a mobile-device/home/person, | then the privacy issue exists (that a n/w observer can know e.g. the time, the | g/w and relay IPs and base inferences on those) and maybe something like MASQUE | would be an appropriate way to improve matters. (I'd not expect a document like | this to provide solutions there, but it is important to recognise such issues | as early as possible I think.) The IP address of the relay is probably far less of a concern from a confidentiality perspective than the receiving host/gw, as IGMP/MLD certainly could be used to associate particular content with an end user. Added explicit mention of this in the security considerations. | | - There's a conflict between the kind of sales/marketing text claiming (without | references) that TreeDN is super-good, and the arm-waving in section 7.3 that | says that there are loads of (unspecified) ways to distribute keys to | authorized clients. Given the lack of references to e.g. things deployed | following the TreeDN approach and stats as to how much those deployments | actually improved things, I guess a way to handle this would be to tone down | the sales/marketing text and just say that TreeDN is a neat idea and that | deploying it would need some TBD way to distribute keys to authorized | receivers. Or else maybe add the references that back up the sales/marketing | claims and then point to how some of those deployments did key distribution.(*) Added description of three real-world deployments in sect 8 to provide more concrete examples of how TreeDN is being used today. | | (*) Apologies if this point is made a little bluntly, but my antennae fire when | I read lots of text like "the TreeDN architecture is ideal for..." with zero | backup via references;-) Removed the word "ideal"
- [secdir] Secdir last call review of draft-ietf-mo… Stephen Farrell via Datatracker
- [secdir] Re: Secdir last call review of draft-iet… Leonard Giuliano