Re: [secdir] Secdir review of draft-ietf-pce-gmpls-pcep-extensions-12
Cyril Margaria <cmargaria@juniper.net> Wed, 30 January 2019 23:08 UTC
Return-Path: <cmargaria@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECEE7130ED7; Wed, 30 Jan 2019 15:08:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.263
X-Spam-Level:
X-Spam-Status: No, score=-3.263 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, KHOP_DYNAMIC=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id frakqgAUX9BZ; Wed, 30 Jan 2019 15:08:16 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8F48130F05; Wed, 30 Jan 2019 15:08:13 -0800 (PST)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0UN2jdv014817; Wed, 30 Jan 2019 15:08:13 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=0tPqQ5dmiIaDhH0osU/+bX4f8bBpj4EtNFr4ENOm+Cg=; b=x98JoPqnaLP+xEfXlN+3Q8744bRsSgEG9+945hOU8ngevGX4I4aFYOQCxJkVIbmkqMax A4HM6ZhEYFlWykgETVR4nMcG82fK79FBVDc5C4WlQMDtIkiZM4fzDLvraGrQj5K8gCWv fuEUtu371B6fpAotD1/MXVt+AFg6kAnigF9VUo/z6lB7X3n0/X/mmAqcREj0WgrsfB5z kwQBs/epJlrg+Z1M7kYU2ijDnqkdv5hobwCfaug3VHQANDKSAoGXwvbUyEdVnSB52iLk q3iGkpjZLpKi+L3wYI4948vKkUQQFIq1/UzZ4NSrpJROOcS3TIwn66AeJhnHqIuMDun2 MA==
Received: from nam01-by2-obe.outbound.protection.outlook.com (mail-by2nam01lp2057.outbound.protection.outlook.com [104.47.34.57]) by mx0a-00273201.pphosted.com with ESMTP id 2qbdm80uwq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 30 Jan 2019 15:08:13 -0800
Received: from CY4PR0501MB3698.namprd05.prod.outlook.com (52.132.97.154) by CY4PR0501MB3843.namprd05.prod.outlook.com (52.132.100.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.11; Wed, 30 Jan 2019 23:08:11 +0000
Received: from CY4PR0501MB3698.namprd05.prod.outlook.com ([fe80::4e9:c3bf:1c78:68d6]) by CY4PR0501MB3698.namprd05.prod.outlook.com ([fe80::4e9:c3bf:1c78:68d6%5]) with mapi id 15.20.1580.017; Wed, 30 Jan 2019 23:08:11 +0000
From: Cyril Margaria <cmargaria@juniper.net>
To: Vincent Roca <vincent.roca@inria.fr>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-pce-gmpls-pcep-extensions.all@ietf.org" <draft-ietf-pce-gmpls-pcep-extensions.all@ietf.org>
Thread-Topic: Secdir review of draft-ietf-pce-gmpls-pcep-extensions-12
Thread-Index: AQHUgwvDphDSiahwmUOqL/DqfyKS4aXI2la7
Date: Wed, 30 Jan 2019 23:08:11 +0000
Message-ID: <CY4PR0501MB36985EA23D8870C52322CD26B5900@CY4PR0501MB3698.namprd05.prod.outlook.com>
References: <BB25281B-EB32-40A3-A0BE-7D9375832608@inria.fr>
In-Reply-To: <BB25281B-EB32-40A3-A0BE-7D9375832608@inria.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.239.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR0501MB3843; 6:GGxSp2fU8XwnSRas0Wg+u8luayd/+1KYYDgu4zuIasajqX1m2DV1J1mHVtAQmYHWzEL4stcXIGKZIt2RX1pInZ8Y6lCW7uYr/Wkuk1hyv8zCIMVfSBm9buaSI9KDDZ7W/GuyY10NoLObdJbVYBo9XhKAI8QH/DNoJgEjk/nDtFaR+UIdOJOoUjDEp/aGLOTE+KRZlEJySlUTWIUuI5UzmL8qfVN6HFmtlHPDZT9tvGZvzKMXrCDFsvZvXr+jno0hdIsTVp2Zf3EGKf/vWryEWNUxGu2Dr8DHo/Nl0nUZ8aPwyLt6FqzWKe82p7qnfdJAPhvTSvRhfMa7r7WiqQt8CqTVAHpAb83y3JWUf5ke4AiFKA4GG9ApP/oF+/TANU27xs8ctf5ub8b/+LSFJeRWT+/apVRSUTJlojYb+Eb8OUNiO+d2+xo1yTeTDGoXhS0hRg1S0nSAPniEO0sA4ApE5Q==; 5:ghEzmpqHQua06O9GZZKAOdN4igRsDoZEXXzAlRHohE2DDJ2Sso1VCQoE+2IyvT19WbZZKRvo515KTDqIaEitRbBJtlJmD4L88+Z3mAooOOxsftivSpzmtAVR5I0GU/DjU3mxk6+1rF8gfyeVRh+AnAU43KhrMUtg5m+mpzcio2HhPTphY9w6Tl+bbgJRPWCUHmMy3++PRbF5/grDWBRDaQ==; 7:nwrhSuln2/v1qzJH41wrTanO08V92jGHrlA17GHLUkK0ljZQcMo96xU1Tp1/MK3VAEWqcgB2Vyxs3p8XVc9NE4toijsPczsegZ+zwobDN3pdlwkAGPaQzFSy5sT0mliGFKQTjb/YgSAQJAT7Mx2vLg==
x-ms-office365-filtering-correlation-id: 2abae5c9-4045-4e08-d819-08d68707ce50
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4618075)(2017052603328)(7153060)(7193020); SRVR:CY4PR0501MB3843;
x-ms-traffictypediagnostic: CY4PR0501MB3843:
x-microsoft-antispam-prvs: <CY4PR0501MB38439D4A345922AA760CB0E8B5900@CY4PR0501MB3843.namprd05.prod.outlook.com>
x-forefront-prvs: 0933E9FD8D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(346002)(39860400002)(366004)(396003)(376002)(199004)(189003)(6506007)(81166006)(8676002)(606006)(81156014)(256004)(71200400001)(102836004)(14444005)(53546011)(71190400001)(2906002)(86362001)(74316002)(186003)(446003)(486006)(66066001)(11346002)(2201001)(476003)(26005)(68736007)(7696005)(8936002)(76176011)(105004)(25786009)(33656002)(54896002)(6116002)(97736004)(9686003)(6246003)(106356001)(6306002)(55016002)(236005)(7736002)(3846002)(229853002)(53936002)(316002)(110136005)(2501003)(14454004)(99286004)(478600001)(105586002)(19627405001)(6436002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR0501MB3843; H:CY4PR0501MB3698.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Y/1xQxt/p49XfLheY/c8abkBd9UKude6fAU1tWMm2A/KLiBmpkwbgVsb1UIFgAldroFMVNLR+g1w3fvgjVrQIfI6lwAVVEPafFsz9UXTbXeY5HtJawVZUrxihVpROPWQf9CARB/KgfVfnFE+coRZvKawKa1zKaKbtmEbUZZUov5H5tf1xDOEj0EcETfLo07Vyll6x2DQVQzVJXE3zdfwZHRZl5+wG3O83qITCFOJVXD7K/zAeVu3uBfnaO2UQUQo4yhq4JCAKWDsu+FXBXlwE4HtclWGTc4A6wZKMdsYXvhoTUw9sT2OBXNeM3I6mUKMbH9LuRsBp5VtbNNBHc+2xO6dh/NE+u6fQxcaW+E50XprajubWxmMwfvKPE+90rch6UDJk81At/lGWnGZe38Tfkoxwp32c0dot0Cj3LyHq+s=
Content-Type: multipart/alternative; boundary="_000_CY4PR0501MB36985EA23D8870C52322CD26B5900CY4PR0501MB3698_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 2abae5c9-4045-4e08-d819-08d68707ce50
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jan 2019 23:08:11.4608 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR0501MB3843
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-30_17:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901300166
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-5ec0iGrIG3P8s0h0Xsf14zmAIw>
Subject: Re: [secdir] Secdir review of draft-ietf-pce-gmpls-pcep-extensions-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2019 23:08:20 -0000
Thanks a lot for the review, please see inline for answers, a revised I.D will be posted shortly ________________________________ From: Vincent Roca <vincent.roca@inria.fr> Sent: Friday, November 23, 2018 01:05 To: The IESG; secdir@ietf.org; draft-ietf-pce-gmpls-pcep-extensions.all@ietf.org Cc: Vincent Roca Subject: Secdir review of draft-ietf-pce-gmpls-pcep-extensions-12 Hello, I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready with issues The Security Considerations section provides a good introduction to the risks. However my main concern is the lack of discussion around security policies. After reading this section, we have the feeling that TLS alone is sufficient to secure the GMPLS PCE WRT the three attacks described. With scenario 1, a fundamental part of the solution consists in setting up security policies: what is acceptable or not in terms of path? It may be discussed in the two references mentioned in the last paragraph, but even in that case, the way the current section is written is misleading. [MC] Would the following change clarify the section? OLD: The security mechanisms can provide authentication and confidentiality for those scenarios where the PCC-PCE communication cannot be completely trusted. Authentication can provide origin verification, message integrity and replay protection, while confidentiality ensures that a third party cannot decipher the contents of a message. NEW: The security mechanisms can provide authentication and confidentiality for those scenarios where the PCC-PCE communication cannot be completely trusted. [RFC8253] provides origin verification, message integrity and replay protection, and ensures that a third party cannot decipher the contents of a message. In order to protect against against the malicious PCE case the PCC SHOULD have policies in place to accept or not the path provided by the PCE. Those policies can verify if the path follows the provided constraints. In addition Technology specific data plane mechanism can be used (following [RFC5920] Section 5.8) to verify the data plane connectivity and deviation from constraints END I have two additional comments: ** Ambiguous text: it is said o Message deciphering: As in the previous case, knowledge of an infrastructure can be obtained by sniffing PCEP messages. Message deciphering suggests the message is encrypted but the attacker has enough knowledge to decrypt it. I'm not sure it's what the authors mean. I think there's a confusion in the use of "deciphering" which in security explicitely refers to encryption (https://en.wikipedia.org/wiki/Cipher<https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Cipher&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=v8kOGBIadQ654pIrYCNQnqFCp1HfR6KLM8nYfCB2wLo&m=6zoL9zghXv0tN5FBNpN3Ww5fnLs1R9j_WCQLwxxN0io&s=4xX1Ddm1KChDZ1kmgFKbEPGUU1brkJmMSCoUVHuXMdE&e=>). [MC] It should be replaced by message inspection ** Ambiguous text: it is said "Authentication can provide origin verification, message integrity and replay protection,..." [MC] Will be replaced by RFC8253 provides.. Àuthentication of the two peers on the one hand, and integrity/replay protection on the other hand, are different services. There's probably a package where these three services are bundled together, but that's a design choice. I suggest changing a little bit the sentence to avoid this confusion. Typo: ** Section 6: "A legitimate PCC could requests" : s/requests/request/ [MC] OK Cheers, Vincent
- [secdir] Secdir review of draft-ietf-pce-gmpls-pc… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-pce-gmpl… Julien Meuric
- Re: [secdir] Secdir review of draft-ietf-pce-gmpl… Cyril Margaria