Re: [secdir] Security review of draft-ietf-teas-sr-rsvp-coexistence-rec-02
Harish Sitaraman <hsitaraman@juniper.net> Thu, 26 April 2018 13:42 UTC
Return-Path: <hsitaraman@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B360B12422F; Thu, 26 Apr 2018 06:42:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YDVbRSSPho1p; Thu, 26 Apr 2018 06:42:08 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1EC91201F8; Thu, 26 Apr 2018 06:42:08 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w3QDekx1027665; Thu, 26 Apr 2018 06:42:08 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=+8V5Rsp00TGVMae2xVb4FfORqn7Qj9FmDeDI9lrJSY0=; b=UddoJfM+2gaxEbhInroghB+JHqc3d74lrkubF+uwfljyEb84UL3oBGTiXTylj7swg4YM V3+DW/+qNIkfSJKjsR9yip9JGDGkMVhBGlQ3/JKcAprwnmrqxOQuT9EouDUI5f0HB3tD RfeX5jpsQYGCyvYnEUv4goPWfUYZy60K6Fy6pOKvHw4szQukdADtwJV7TNklUNpZzQb+ vfpmSitKXRxLQl+lux6sQ+E3iEPmL+BYnxqaz3lE/5ve8EDRDLH0U9X2p/vKhpenISGt TtlhLPguAnCb+/6hLSd3x1UmbGlBAsqEYtXHr8/3XI0sgLAFpXwDZEwye6xiF9P3IxCA Lw==
Received: from nam02-bl2-obe.outbound.protection.outlook.com (mail-bl2nam02lp0087.outbound.protection.outlook.com [207.46.163.87]) by mx0a-00273201.pphosted.com with ESMTP id 2hkchhgahk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 26 Apr 2018 06:42:08 -0700
Received: from BN7PR05MB3923.namprd05.prod.outlook.com (52.132.216.10) by BN7PR05MB4579.namprd05.prod.outlook.com (52.135.249.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.715.13; Thu, 26 Apr 2018 13:42:05 +0000
Received: from BN7PR05MB3923.namprd05.prod.outlook.com ([fe80::6580:763:8d31:8cf]) by BN7PR05MB3923.namprd05.prod.outlook.com ([fe80::6580:763:8d31:8cf%13]) with mapi id 15.20.0715.014; Thu, 26 Apr 2018 13:42:05 +0000
From: Harish Sitaraman <hsitaraman@juniper.net>
To: Hilarie Orman <hilarie@purplestreak.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-teas-sr-rsvp-coexistence-rec.all@tools.ietf.org" <draft-ietf-teas-sr-rsvp-coexistence-rec.all@tools.ietf.org>
Thread-Topic: Security review of draft-ietf-teas-sr-rsvp-coexistence-rec-02
Thread-Index: AQHT2O+MQ8Ax6vu5e0+8Qg7ez4a15KQSoYKA
Date: Thu, 26 Apr 2018 13:42:05 +0000
Message-ID: <310E5D20-FB07-420A-A8FA-B93D7C486263@juniper.net>
References: <201804202134.w3KLYlMY016971@rumpleteazer.rhmr.com>
In-Reply-To: <201804202134.w3KLYlMY016971@rumpleteazer.rhmr.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.b.0.180311
x-originating-ip: [66.129.239.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN7PR05MB4579; 7:XLhxkAnbvof22TQ5addo/Kjv8ez0VAiJKZs+n5cDuTdhR2gsWzXsmFyaCAf0gvcVlWhiTJLmJ5KDRydGej+4CfGSP8nmn+Uck2LU6J2rd5wVLXd4AUAQ0oHg8mRimVjTZqRPG1WI97LzRaM5jJPTX0TXSiIM/Zva9GgGG7QSurJCYlfRi4PZTbO4S5gorqym3QGPYQQjdxWUbagcq6x70tXDD5UsfFF3d25EyOgBusRIohi3nYfKxIENLb4ftguA
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BN7PR05MB4579;
x-ms-traffictypediagnostic: BN7PR05MB4579:
x-microsoft-antispam-prvs: <BN7PR05MB45794010CCB0326EC6CFE4A8C28E0@BN7PR05MB4579.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231232)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041310)(20161123564045)(201703131423095)(201703011903075)(201702281528075)(20161123555045)(201703061421075)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:BN7PR05MB4579; BCL:0; PCL:0; RULEID:; SRVR:BN7PR05MB4579;
x-forefront-prvs: 0654257CF5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7966004)(346002)(396003)(366004)(39860400002)(39380400002)(376002)(51444003)(51914003)(37854004)(189003)(199004)(97736004)(2906002)(53936002)(5660300001)(2900100001)(186003)(486006)(6246003)(4326008)(33656002)(3660700001)(36756003)(2616005)(15650500001)(6486002)(11346002)(6512007)(446003)(102836004)(83716003)(2201001)(58126008)(81166006)(26005)(5250100002)(76176011)(8676002)(82746002)(6506007)(508600001)(81156014)(305945005)(86362001)(476003)(8936002)(229853002)(59450400001)(3280700002)(68736007)(3846002)(6116002)(106356001)(99286004)(6436002)(7736002)(110136005)(316002)(2501003)(14454004)(105586002)(66066001)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR05MB4579; H:BN7PR05MB3923.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: KigUy+UOnlGV0siQwY/2iyH3rdwy4DkIGIxpqS6t7t1bKUCg6yKC4AdNK1v4KHmyyQhobYCUqr/0ylCHPq87ksf2T8l4RZC6zikBxl1pgZi+cNpdV9Iha7W+Ny2ACu037Cn0RiFRIuRWxBulMSf4QpIIN22efqLxICDmQDiJZej8+17sBG6g9SHrK6HMhB95
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <D7589139AD031E4FB88B288EC252CD8B@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: ecb9fd54-f767-4a28-a0c3-08d5ab7b7fa5
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: ecb9fd54-f767-4a28-a0c3-08d5ab7b7fa5
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2018 13:42:05.3056 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB4579
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-04-26_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804260131
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HbPua85fcR_4_pLaSVV2P69ZwxE>
Subject: Re: [secdir] Security review of draft-ietf-teas-sr-rsvp-coexistence-rec-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2018 13:42:11 -0000
Hi Hilarie,
Thanks for the review. We've posted a -03 version of the draft. Let us know if it helps with your comments. See inline [HS]...
On 4/20/18, 2:35 PM, "Hilarie Orman" <hilarie@purplestreak.com> wrote:
Security review of
Recommendations for RSVP-TE and Segment Routing LSP co-existence
draft-ietf-teas-sr-rsvp-coexistence-rec-02
Do not be alarmed. I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG. These comments were written primarily
for the benefit of the security area directors. Document editors and
WG chairs should treat these comments just like any other last call
comments.
When two independent protocols are used to manage bandwidth on one
shared link, the problem of efficient use of the total bandwidth
will depend on how much information the traffic engineering database
has about the utilization and reservations handled by the two
protocols. This situation occurs when RSVP-TE and Segment Routing
LSP are used simultaneously.
The draft rules out centralized controllers for RSVP-TE as an option.
It also notes that the co-existence of two protocols might be a
temporary situation arising during a transition from RSVP-TE to SR
LSP. This seems to imply that the recommendations are a stopgap
measure.
Although there is a claim of "no new security considerations", I think
that the proposed solution, of giving SR traffic demands the best
preemption priority in the network, could be a problem in terms of
covert channels and denial of service. If the adjustments in the TED
result in any observable change in traffic patterns, then a malicious
party might be able to infer usage on an SR channel or even disrupt
the RSVP-TE channels by driving up demand on the SR channel.
Moreover, it might be possible to send the traffic management
algorithms into some kind of resonance crisis by increasing and
diminishing demand rapidly. Although the proposed solution has
a damping factor, I would be concerned about systems operating
in parallel that might exhibit second order effects.
Could the draft address the security and stability concerns in
some reassuring way? Like, "don't let this happen"?
[HS] Expanded on the Security considerations section.
In section 3.5, this sentence threw me for a loop:
However, changing the maximum bandwidth for the TE link will
prevent any compute engine for SR or RSVP to decipher the real
static bandwidth of the TE link
After rereading it several times, I think that "decipher" has no
cryptographic significance and should be replaced by "determine"
or "measure", and rewritten in the form "will prevent any compute
engine ... from determining ...".
[HS] Changed to the recommended text.
Harish
- [secdir] Security review of draft-ietf-teas-sr-rs… Hilarie Orman
- Re: [secdir] Security review of draft-ietf-teas-s… Harish Sitaraman
- Re: [secdir] Security review of draft-ietf-teas-s… Hilarie Orman