Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
Russ Mundy <mundy@sparta.com> Thu, 01 September 2011 18:37 UTC
Return-Path: <mundy@sparta.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22E0C21F97B7; Thu, 1 Sep 2011 11:37:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fx2pzGi3o-0H; Thu, 1 Sep 2011 11:37:24 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 0791721F97B4; Thu, 1 Sep 2011 11:37:23 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p81Icolp008905; Thu, 1 Sep 2011 13:38:50 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p81IciPk024508; Thu, 1 Sep 2011 13:38:44 -0500
Received: from nermal.tislabs.com ([192.94.214.97]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Thu, 1 Sep 2011 14:38:43 -0400
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Russ Mundy <mundy@sparta.com>
In-Reply-To: <65E295F7-0904-417C-B483-98413B451DE9@gmail.com>
Date: Thu, 01 Sep 2011 14:38:41 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <4E040684-41CC-43E2-BFD7-2B4FE376E946@sparta.com>
References: <CA7AE8B2.C2F68%mundy@sparta.com> <6425C318-F3AB-4321-A238-2828F43580E0@gmail.com> <4E5CCEF5.1020303@cs.tcd.ie> <9CCF3C81-D31A-40F6-80E8-3567E4E7E88E@gmail.com> <4E5CE411.7070708@cs.tcd.ie> <13205C286662DE4387D9AF3AC30EF456D48D92B2CD@EMBX01-WF.jnpr.net> <65E295F7-0904-417C-B483-98413B451DE9@gmail.com>
To: jouni korhonen <jouni.nospam@gmail.com>
X-Mailer: Apple Mail (2.1084)
X-OriginalArrivalTime: 01 Sep 2011 18:38:43.0296 (UTC) FILETIME=[60302600:01CC68D6]
Cc: "secdir@ietf.org" <secdir@ietf.org>, Ronald Bonica <rbonica@juniper.net>, "draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org" <draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, Russ Mundy <mundy@sparta.com>
Subject: Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2011 18:37:25 -0000
Jouni, Thanks for the additions to the Security Considerations section, I believe that they add substantially to the document especially for readers that do not already have a thorough understanding of 3GPP architecture and technology. Since the document is planned for Informational status, I believe that these additions make the Security Considerations section sufficient. Russ On Aug 31, 2011, at 3:40 AM, jouni korhonen wrote: > > I have just uploaded -05 with updated security considerations section. > > - Jouni > > > On Aug 30, 2011, at 4:43 PM, Ronald Bonica wrote: > >> I think that it would be a good idea to spin a new version before the call next week. >> >> Ron >> >> >>> -----Original Message----- >>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf Of >>> Stephen Farrell >>> Sent: Tuesday, August 30, 2011 9:22 AM >>> To: jouni korhonen >>> Cc: Russ Mundy; draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org; >>> iesg@ietf.org; secdir@ietf.org >>> Subject: Re: secdir Review of draft-ietf-v6ops-3gpp-eps >>> >>> >>> I think its worth including. Why don't you talk to Ron and >>> see if he'd prefer you to push out a version now or not and >>> we can go from there. >>> >>> Cheers, >>> S. >>> >>> On 08/30/2011 02:07 PM, jouni korhonen wrote: >>>> >>>> Stephen, >>>> >>>> Thanks for picking up the nits. And yes, I would push out a new >>> version with the additional security consideration text below, *if* >>> folks think it is worth having it there. >>>> >>>> And for prohibiting the use of IMSI/MSISDN (or any "3GPP identity") >>> as the IID, the reference would be Section 5.3.1.2.2 of [TS.23401]. >>>> >>>> - Jouni >>>> >>>> >>>> On Aug 30, 2011, at 2:52 PM, Stephen Farrell wrote: >>>> >>>>> >>>>> Hi Jouni, >>>>> >>>>> Just checking - do you intend to push out a new version with this >>>>> included before the telechat next week? >>>>> >>>>> A few nits below as well. >>>>> >>>>> Ta, >>>>> Stephen. >>>>> >>>>> On 08/25/2011 11:50 AM, jouni korhonen wrote: >>>>>> Russ, >>>>>> >>>>>> Thanks for the review. You are echoing the same thing as the most >>> in IESG. I crafted a bit of text that could be put into the security >>> considerations section. I don't know if this would be enough. >>>>>> >>>>>> - JOuni >>>>>> >>>>>> ---- >>>>>> >>>>>> >>>>>> In 3GPP access the UE and the network always perform a mutual >>>>>> authentication during the network attachment >>> [TS.33102][TS.33401]. >>>>>> Furthermore, each time a PDP Context/PDN Connection gets >>> created, >>>>>> a new connection, a modification of an existing connection and >>>>>> an assignment of an IPv6 prefix or an IP address can be >>> authorized >>>>>> against the PCC infrastructure [TS.23203] and/or PDN's AAA >>> server. >>>>>> >>>>>> The wireless part of the 3GPP link between the UE and the >>> (e)NodeB >>>>>> as well as the signaling messages between the UE and the >>> MME/SGSN >>>>>> can be protected depending on the regional regulation an >>> operator >>>>>> deployment policy. User plane traffic can be confidentially >>>>> >>>>> s/confidentially/confidentiality/ would be better. >>>>> >>>>> If you can add references as to how that can be achieved that >>>>> would also be good. >>>>> >>>>> The same points apply for the control plane I guess. >>>>> >>>>>> protected. The control plane is always at least integrity and >>>>>> replay protected, and may also be confidentially protected. The >>>>>> protection within the transmission part of the network depends >>>>>> on the operator deployment policy. >>>>>> >>>>>> Due the nature of 3GPP point-to-point link model, the UE and >>> the >>>>>> first hop router (PGW/GGSN or SGW) are the only nodes on the >>> link, >>>>>> which mitigates most of the known on-link attacks. For off-link >>> IPv6 >>>>>> attacks the 3GPP EPS is as vulnerable as any IPv6 system. There >>> has >>>>> >>>>> s/has/have/ >>>>> >>>>>> also been concerns that UE IP stack might use permanent >>> subscriber >>>>> >>>>> s/UE IP stack/the UE IP stack/ >>>>> >>>>>> identities, such as IMSI and MSISDN, as the source for IPv6 >>> address >>>>>> Interface Identifier. This would be a privacy threat and allow >>>>>> tracking of subscribers, and therefore use of IMSI and MSISDN >>> as the >>>>>> Interface Identifier is prohibited. However, there is no >>> standardized >>>>>> method to block such misbehaving UEs. >>>>> >>>>> Prohibited by whom? Maybe add a reference? >>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> [TS.33102] >>>>>> 3GPP, "3G Security; Security architecture", >>>>>> 3GPP TS 33.102 10.0.0, December 2010. >>>>>> >>>>>> >>>>>> [TS.33401] >>>>>> 3GPP, "3GPP System Architecture Evolution (SAE); >>>>>> Security architecture", 3GPP TS 33.401 10.1.1, >>>>>> June 2011. >>>>>> >>>>>> On Aug 25, 2011, at 12:43 AM, Russ Mundy wrote: >>>>>> >>>>>>> >>>>>>> I have reviewed this document as part of the security >>> directorate's ongoing >>>>>>> effort to review all IETF documents being processed by the IESG. >>> These >>>>>>> comments were written primarily for the benefit of the security >>> area >>>>>>> directors. Document editors and WG chairs should treat these >>> comments just >>>>>>> like any other last call comments. >>>>>>> >>>>>>> While I do agree with the factual correctness of the Security >>> Considerations >>>>>>> section (the document does not _introduce_ any security related >>> concerns), >>>>>>> the support for IPv6 in 3GPP networks described in document >>> certainly does >>>>>>> have a number of security concerns. Some obvious examples, use of >>> DHCP >>>>>>> based address management and access control/authorization of the >>> PDN >>>>>>> Connection (shown in Figure 8). Although these and other security >>> issues >>>>>>> are likely addressed in various other documents, it would be >>> useful to make >>>>>>> a definitive statement to that effect in the Security >>> Considerations >>>>>>> section. It would be even more useful if some more specific >>> references were >>>>>>> to be included in parts of the document that clearly deal with >>> security >>>>>>> issues such as address management and access control and >>> authorization. >>>>>>> >>>>>>> >>>>>>> Russ Mundy >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>> >>>>
- [secdir] secdir Review of draft-ietf-v6ops-3gpp-e… Russ Mundy
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… jouni korhonen
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Stephen Farrell
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… jouni korhonen
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Stephen Farrell
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… jouni korhonen
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Ronald Bonica
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Russ Mundy