Re: [secdir] secdir review of draft-ietf-opsec-igp-crypto-requirements

Joel Jaeggli <joelja@bogus.com> Thu, 16 September 2010 18:31 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 834FB3A68F3; Thu, 16 Sep 2010 11:31:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.47
X-Spam-Level:
X-Spam-Status: No, score=-102.47 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 43yjuy2NhHzL; Thu, 16 Sep 2010 11:31:28 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id 3C2653A6998; Thu, 16 Sep 2010 11:31:27 -0700 (PDT)
Received: from joelja-mac.local (ip24-252-91-238.no.no.cox.net [24.252.91.238]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id o8GIVkAw049215 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Thu, 16 Sep 2010 18:31:48 GMT (envelope-from joelja@bogus.com)
Message-ID: <4C92628C.2090600@bogus.com>
Date: Thu, 16 Sep 2010 11:31:40 -0700
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.9) Gecko/20100825 Lightning/1.0b2 Thunderbird/3.1.3
MIME-Version: 1.0
To: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
References: <alpine.BSF.2.00.1009151357390.4814@fledge.watson.org> <7C362EEF9C7896468B36C9B79200D8350CF3916707@INBANSXCHMBSA1.in.alcatel-lucent.com>
In-Reply-To: <7C362EEF9C7896468B36C9B79200D8350CF3916707@INBANSXCHMBSA1.in.alcatel-lucent.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [147.28.0.81]); Thu, 16 Sep 2010 18:31:49 +0000 (UTC)
Cc: Samuel Weiler <weiler@watson.org>, "draft-ietf-opsec-igp-crypto-requirements.all@tools.ietf.org" <draft-ietf-opsec-igp-crypto-requirements.all@tools.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-opsec-igp-crypto-requirements
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Sep 2010 18:31:29 -0000

On 9/15/10 4:36 PM, Bhatia, Manav (Manav) wrote:
> Hi Samuel,
> 
> Thanks for the review.
> 
>> Is there a way to present this information more compactly?  I
>> suggest a table with routing protocol on one axis, crypto suite on
>> another, and requirement status in the elements (perhaps with a
>> cite to the doc that sets the requirement).  You might separely say
>> "MANDATORY to implement, OPTIONAL to use, NOT SUGGESTED for use".
> 
> This is precisely what we were doing till the OPSEC WG members asked
> us to change the format to the current one.

And the current method is still the right way to do it imho. the doc is
not intended to impose the requirement on protocol authors, rather to
point out how requirements would shift in the case of prference for
another algorithm...

>> 
>> You could also put suggestions and speculation about the future in
>> the same table, though you may need to define some terms.  And it
> 
> We were using extended 2119 terms like SHOULD+, MUST- and MAY+
> originally and these were again removed because of the strong
> consensus in the WG in favor of the current text.

They were confusing, and detracted from the recomendations.

to cite a particular section that I think underscores this:

   IS-IS implementations SHOULD provide support for the generic
   cryptographic authentication scheme [RFC5310] and it is our
   understanding that interoperability considerations will require
   change to a MUST as operators migrate to this authentication scheme.

which I interpret as:

RFC 5310 states that is-is implementations should implement support for
the generic cryptographic authentication scheme. If at some future date
recommendations were to support a key method other than HMAC-MD5 then it
would follow that support for the generic cryptographic authentication
scheme would become a requirement.

SHOULD- MUST+ makes interpreting that a WTF moment.

>> needs to be clear when this doc diverges from past ones or makes a
>> new statement.  I have not gone back through the previous docs to
>> confirm that this doc isn't changing anything.
>> 
>> I see a whole bunch of lower case "may" and "should", and I'm 
>> wondering what to make of them.

that they are not normative language.

>> In describing each routing protocol's authentication options, it
>> would be helpful to say whether there's any in-band negotiation
>> available.
> 
> I am not sure I understand whats being meant by in-band negotiation
> here?

this document is focused on operational considerations of exist
protocols so for example a karp supplied kmp is probably out of scope
for the document in it's present form.

>> If so, more needs to be said about that in the security 
>> considerations.  If not, it should be documented here.
>> 
>> I don't need to hear three or four separate times that cleartext 
>> passwords are bad.
> 
> Just making sure that folks don't miss this! :)
> 
>> 
>> Minor: remove citations from the abstract (per rfc editor policy).
> 
> Sure, will do.
> 
> Cheers, Manav
> 
>> 
>> -- Sam
>> 
>> 
> _______________________________________________ Ietf mailing list 
> Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
>