Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
Ronald Bonica <rbonica@juniper.net> Tue, 30 August 2011 13:47 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C02021F8B5D; Tue, 30 Aug 2011 06:47:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.518
X-Spam-Level:
X-Spam-Status: No, score=-106.518 tagged_above=-999 required=5 tests=[AWL=0.081, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywBUfK6qVPdL; Tue, 30 Aug 2011 06:47:22 -0700 (PDT)
Received: from exprod7og109.obsmtp.com (exprod7og109.obsmtp.com [64.18.2.171]) by ietfa.amsl.com (Postfix) with ESMTP id 2530021F8B56; Tue, 30 Aug 2011 06:47:18 -0700 (PDT)
Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob109.postini.com ([64.18.6.12]) with SMTP ID DSNKTlzqOcR/xgO+0Z/6HfewS+e1tX76zgCS@postini.com; Tue, 30 Aug 2011 06:48:50 PDT
Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.2.254.0; Tue, 30 Aug 2011 06:43:27 -0700
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Tue, 30 Aug 2011 09:43:27 -0400
From: Ronald Bonica <rbonica@juniper.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, jouni korhonen <jouni.nospam@gmail.com>
Date: Tue, 30 Aug 2011 09:43:25 -0400
Thread-Topic: secdir Review of draft-ietf-v6ops-3gpp-eps
Thread-Index: AcxnF/ZwpNhsDzCiQsuls6bVRt/+agAAr6Eg
Message-ID: <13205C286662DE4387D9AF3AC30EF456D48D92B2CD@EMBX01-WF.jnpr.net>
References: <CA7AE8B2.C2F68%mundy@sparta.com> <6425C318-F3AB-4321-A238-2828F43580E0@gmail.com> <4E5CCEF5.1020303@cs.tcd.ie> <9CCF3C81-D31A-40F6-80E8-3567E4E7E88E@gmail.com> <4E5CE411.7070708@cs.tcd.ie>
In-Reply-To: <4E5CE411.7070708@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 01 Sep 2011 09:06:00 -0700
Cc: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org" <draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, Russ Mundy <mundy@sparta.com>
Subject: Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2011 13:47:23 -0000
I think that it would be a good idea to spin a new version before the call next week. Ron > -----Original Message----- > From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf Of > Stephen Farrell > Sent: Tuesday, August 30, 2011 9:22 AM > To: jouni korhonen > Cc: Russ Mundy; draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org; > iesg@ietf.org; secdir@ietf.org > Subject: Re: secdir Review of draft-ietf-v6ops-3gpp-eps > > > I think its worth including. Why don't you talk to Ron and > see if he'd prefer you to push out a version now or not and > we can go from there. > > Cheers, > S. > > On 08/30/2011 02:07 PM, jouni korhonen wrote: > > > > Stephen, > > > > Thanks for picking up the nits. And yes, I would push out a new > version with the additional security consideration text below, *if* > folks think it is worth having it there. > > > > And for prohibiting the use of IMSI/MSISDN (or any "3GPP identity") > as the IID, the reference would be Section 5.3.1.2.2 of [TS.23401]. > > > > - Jouni > > > > > > On Aug 30, 2011, at 2:52 PM, Stephen Farrell wrote: > > > >> > >> Hi Jouni, > >> > >> Just checking - do you intend to push out a new version with this > >> included before the telechat next week? > >> > >> A few nits below as well. > >> > >> Ta, > >> Stephen. > >> > >> On 08/25/2011 11:50 AM, jouni korhonen wrote: > >>> Russ, > >>> > >>> Thanks for the review. You are echoing the same thing as the most > in IESG. I crafted a bit of text that could be put into the security > considerations section. I don't know if this would be enough. > >>> > >>> - JOuni > >>> > >>> ---- > >>> > >>> > >>> In 3GPP access the UE and the network always perform a mutual > >>> authentication during the network attachment > [TS.33102][TS.33401]. > >>> Furthermore, each time a PDP Context/PDN Connection gets > created, > >>> a new connection, a modification of an existing connection and > >>> an assignment of an IPv6 prefix or an IP address can be > authorized > >>> against the PCC infrastructure [TS.23203] and/or PDN's AAA > server. > >>> > >>> The wireless part of the 3GPP link between the UE and the > (e)NodeB > >>> as well as the signaling messages between the UE and the > MME/SGSN > >>> can be protected depending on the regional regulation an > operator > >>> deployment policy. User plane traffic can be confidentially > >> > >> s/confidentially/confidentiality/ would be better. > >> > >> If you can add references as to how that can be achieved that > >> would also be good. > >> > >> The same points apply for the control plane I guess. > >> > >>> protected. The control plane is always at least integrity and > >>> replay protected, and may also be confidentially protected. The > >>> protection within the transmission part of the network depends > >>> on the operator deployment policy. > >>> > >>> Due the nature of 3GPP point-to-point link model, the UE and > the > >>> first hop router (PGW/GGSN or SGW) are the only nodes on the > link, > >>> which mitigates most of the known on-link attacks. For off-link > IPv6 > >>> attacks the 3GPP EPS is as vulnerable as any IPv6 system. There > has > >> > >> s/has/have/ > >> > >>> also been concerns that UE IP stack might use permanent > subscriber > >> > >> s/UE IP stack/the UE IP stack/ > >> > >>> identities, such as IMSI and MSISDN, as the source for IPv6 > address > >>> Interface Identifier. This would be a privacy threat and allow > >>> tracking of subscribers, and therefore use of IMSI and MSISDN > as the > >>> Interface Identifier is prohibited. However, there is no > standardized > >>> method to block such misbehaving UEs. > >> > >> Prohibited by whom? Maybe add a reference? > >> > >>> > >>> > >>> > >>> > >>> [TS.33102] > >>> 3GPP, "3G Security; Security architecture", > >>> 3GPP TS 33.102 10.0.0, December 2010. > >>> > >>> > >>> [TS.33401] > >>> 3GPP, "3GPP System Architecture Evolution (SAE); > >>> Security architecture", 3GPP TS 33.401 10.1.1, > >>> June 2011. > >>> > >>> On Aug 25, 2011, at 12:43 AM, Russ Mundy wrote: > >>> > >>>> > >>>> I have reviewed this document as part of the security > directorate's ongoing > >>>> effort to review all IETF documents being processed by the IESG. > These > >>>> comments were written primarily for the benefit of the security > area > >>>> directors. Document editors and WG chairs should treat these > comments just > >>>> like any other last call comments. > >>>> > >>>> While I do agree with the factual correctness of the Security > Considerations > >>>> section (the document does not _introduce_ any security related > concerns), > >>>> the support for IPv6 in 3GPP networks described in document > certainly does > >>>> have a number of security concerns. Some obvious examples, use of > DHCP > >>>> based address management and access control/authorization of the > PDN > >>>> Connection (shown in Figure 8). Although these and other security > issues > >>>> are likely addressed in various other documents, it would be > useful to make > >>>> a definitive statement to that effect in the Security > Considerations > >>>> section. It would be even more useful if some more specific > references were > >>>> to be included in parts of the document that clearly deal with > security > >>>> issues such as address management and access control and > authorization. > >>>> > >>>> > >>>> Russ Mundy > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >>> > > > >
- [secdir] secdir Review of draft-ietf-v6ops-3gpp-e… Russ Mundy
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… jouni korhonen
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Stephen Farrell
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… jouni korhonen
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Stephen Farrell
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… jouni korhonen
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Ronald Bonica
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Russ Mundy