Re: [secdir] secdir review of draft-ietf-isis-sbfd-discriminator-02

Tom Yu <tlyu@mit.edu> Wed, 18 November 2015 19:28 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 100FB1A8AE0; Wed, 18 Nov 2015 11:28:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.786
X-Spam-Level:
X-Spam-Status: No, score=-4.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BF50V8qelXyG; Wed, 18 Nov 2015 11:28:08 -0800 (PST)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DF181A888A; Wed, 18 Nov 2015 11:28:07 -0800 (PST)
X-AuditID: 1209190e-f79046d0000036c0-f0-564cd144466f
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 4F.97.14016.441DC465; Wed, 18 Nov 2015 14:28:04 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id tAIJS36I022407; Wed, 18 Nov 2015 14:28:04 -0500
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id tAIJS2E4031613; Wed, 18 Nov 2015 14:28:02 -0500
From: Tom Yu <tlyu@mit.edu>
To: "Les Ginsberg \(ginsberg\)" <ginsberg@cisco.com>
References: <ldv4mgk2ehg.fsf@sarnath.mit.edu> <f13edbe3b383420b9f029361f4b81a3b@XCH-ALN-001.cisco.com>
Date: Wed, 18 Nov 2015 14:28:01 -0500
In-Reply-To: <f13edbe3b383420b9f029361f4b81a3b@XCH-ALN-001.cisco.com> (Les Ginsberg's message of "Wed, 18 Nov 2015 04:31:53 +0000")
Message-ID: <ldvy4dv151a.fsf@sarnath.mit.edu>
Lines: 58
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrIIsWRmVeSWpSXmKPExsUixG6nruty0SfMYN90M4t3636zWGz4s5Hd YsaficwWHxY+ZHFg8ZjyeyOrx5IlP5k8vlz+zBbAHMVlk5Kak1mWWqRvl8CV0XdmJ3vBEdGK pd8nsTcw7hbsYuTkkBAwkZg3azs7hC0mceHeerYuRi4OIYHFTBKztvyBcjYySlza/5cNpEpI 4A2jxPlPziA2m4C0xPHLu5hAbBGgSb9Or2YHaWAWOMoo8e7IREaQhLCAs8STRV8YIZozJOYs ewO2jkVAVeLu7U5GkAZOgVZGif6NzWCTeAV0JSZcfQPWwCPAKbFxcRdUXFDi5MwnLCA2s4CW xI1/L5kmMArMQpKahSS1gJFpFaNsSm6Vbm5iZk5xarJucXJiXl5qka6xXm5miV5qSukmRlDI ckry7WD8elDpEKMAB6MSDy/HWZ8wIdbEsuLK3EOMkhxMSqK8PeeAQnxJ+SmVGYnFGfFFpTmp xYcYJTiYlUR4LxwCyvGmJFZWpRblw6SkOViUxHk3/eALERJITyxJzU5NLUgtgsnKcHAoSfDy XQBqFCxKTU+tSMvMKUFIM3FwggznARpuCVLDW1yQmFucmQ6RP8WoKCXOqwSSEABJZJTmwfWC U4oQ475XjOJArwjzRoNU8QDTEVz3K6DBTECDTzR4ggwuSURISTUwsvpm8u5ZcdM+Jznm6M/k y3o71Pg/aXSc8Lhb0fLx1qzqjjlPfS/MUWleJTbH3GnRpZK0hjvpF71WXOJsW37irFbe6rcT oo5seO3DkcZTdCtiwvoPx/0FuF+fq1IKPa+WI5V8LND619tJvSc/NrPsD/inOKdvxxquuoOp Kbd3dFzdtMF6cvdjLyWW4oxEQy3mouJEAOxG4g0EAwAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/LjzGVPYxMPRzcGG29ibXOHZlEv0>
Cc: "draft-ietf-isis-sbfd-discriminator.all@tools.ietf.org" <draft-ietf-isis-sbfd-discriminator.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-isis-sbfd-discriminator-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2015 19:28:10 -0000

Given that S-BFD is still in AD Evaluation, it seems that there is still
an opportunity to update the S-BFD Security Considerations, so that the
IS-IS draft will no longer point to apparently absent text in the S-BFD
Security Considerations.

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> writes:

> Tom -
>
> Thanx for the review.
>
> If you are not happy with the Security section of the base S-BFD draft it seems to me it makes the most sense to address any issues in that document. Trying to make up for any shortcomings in S-BFD draft by adding to  the IGP drafts (there is a similar OSPF S-BFD draft) when the IGPs are merely acting as a transport for opaque information (as you say) does not seem appropriate to me.
>
> Can we close on this issue?
>
>    Les
>
>
>> -----Original Message-----
>> From: Tom Yu [mailto:tlyu@mit.edu]
>> Sent: Tuesday, November 17, 2015 7:06 PM
>> To: iesg@ietf.org; secdir@ietf.org; draft-ietf-isis-sbfd-
>> discriminator.all@tools.ietf.org
>> Subject: secdir review of draft-ietf-isis-sbfd-discriminator-02
>> 
>> I have reviewed this document as part of the security directorate's ongoing
>> effort to review all IETF documents being processed by the IESG.  These
>> comments were written primarily for the benefit of the security area
>> directors.  Document editors and WG chairs should treat these comments
>> just like any other last call comments.
>> 
>> Summary: ready with nits
>> 
>> I agree with the first paragraph of the Security Considerations, in that I think
>> it's unlikely that this document introduces security risks for IS-IS, which as I
>> understand it, effectively transports the proposed S-BFD discriminators as an
>> uninterpreted opaque payload.
>> 
>> The second paragraph
>> 
>>    Advertisement of the S-BFD discriminators does make it possible for
>>    attackers to initiate S-BFD sessions using the advertised
>>    information.  The vulnerabilities this poses and how to mitigate them
>>    are discussed in the Security Considerations section of [S-BFD].
>> 
>> refers to the Security Considerations of the [S-BFD] base document.  The [S-
>> BFD] Security Considerations describe some strengthening practices, but
>> doesn't seem to describe the vulnerabilities in significant detail.
>> [S-BFD] Security Considerations seems to describe an attack where someone
>> impersonates the responder, but not one where someone impersonates an
>> initiator.
>> 
>> Other sections of [S-BFD] might imply the existence of this sort of
>> vulnerability, but the Security considerations seems not to mention it
>> explicitly.  I'm not sure whether it's best to leave things alone, revise this
>> document, or revise [S-BFD].
>> 
>> -Tom