[secdir] draft-ietf-rtgwg-multisegment-sdwan-05 early Secdir review
Jon Geater via Datatracker <noreply@ietf.org> Fri, 08 August 2025 11:16 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@mail2.ietf.org
Received: from [10.244.4.112] (unknown [104.131.183.230]) by mail2.ietf.org (Postfix) with ESMTP id BD78351A3D2E; Fri, 8 Aug 2025 04:16:47 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Jon Geater via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.45.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <175465180759.840.13887141075635431146@dt-datatracker-6f95f9d9c-8g9j6>
Date: Fri, 08 Aug 2025 04:16:47 -0700
Message-ID-Hash: BIPRRFJYDZT7PYAXTHRJIXPKNLSNGMDE
X-Message-ID-Hash: BIPRRFJYDZT7PYAXTHRJIXPKNLSNGMDE
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-rtgwg-multisegment-sdwan.all@ietf.org, rtgwg@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: Jon Geater <jon.geater@gmail.com>
Subject: [secdir] draft-ietf-rtgwg-multisegment-sdwan-05 early Secdir review
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/JMbKzgt0bVS0zKYD2y3Vz9Kz6dc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Document: draft-ietf-rtgwg-multisegment-sdwan Title: Multi-segment SD-WAN via Cloud DCs Reviewer: Jon Geater Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Has Issues. Potentially small issues if they are addressed by other fundamental parts of SD-WAN security, but worth discussing. The Security Concerns section is generally well written and I am persuaded that most issues faced in the presence of this new technology are issues that existed already. No problem there. However the majority of effort in the Security Considerations focuses on one specific threat: manipulation of the new header contents to mis-steer packets (potentially for gain). The solution proposed is to HMAC the contents. I have 2 problems with this solution: - HMAC is a symmetric cipher, which requires all participants to have a copy of the same secret. And while the examples shown are very simple, isn't is very plausible that there might be many more than 2 steps in a path? So how will management and security of these secrets be facilitated practically? And how will identification of the presumably several secrets be done? Especially if crossing domains of control as the wider network is traversed. Seems highly unwieldy to me. - If this is a real problem, then what happens to people using SD-WAN who *don't* set these parameters at all, expecting not to use it? By the logic of the initial attack scenario isn't it possible for that same attacker to simply find traffic that isn't using this capability and insert completely new headers for fun and profit? Jon
- [secdir] draft-ietf-rtgwg-multisegment-sdwan-05 e… Jon Geater via Datatracker
- [secdir] Re: draft-ietf-rtgwg-multisegment-sdwan-… Linda Dunbar