Re: [secdir] secdir review of draft-ietf-mext-aero-reqs8

"Davis, Terry L" <terry.l.davis@boeing.com> Fri, 21 August 2009 22:51 UTC

Return-Path: <terry.l.davis@boeing.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E96773A69EA; Fri, 21 Aug 2009 15:51:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.372
X-Spam-Level:
X-Spam-Status: No, score=-6.372 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_OBFU_Q1=0.227]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7e+WyeXAt3F8; Fri, 21 Aug 2009 15:51:25 -0700 (PDT)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id E34513A6826; Fri, 21 Aug 2009 15:51:24 -0700 (PDT)
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by slb-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id n7LMmvdW000483 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Aug 2009 15:48:57 -0700 (PDT)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id n7LMmuad003178; Fri, 21 Aug 2009 15:48:56 -0700 (PDT)
Received: from XCH-NWHT-08.nw.nos.boeing.com (xch-nwht-08.nw.nos.boeing.com [130.247.25.112]) by slb-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id n7LMmuMi003171 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Fri, 21 Aug 2009 15:48:56 -0700 (PDT)
Received: from XCH-NW-CCR1V.nw.nos.boeing.com ([130.247.64.97]) by XCH-NWHT-08.nw.nos.boeing.com ([130.247.25.112]) with mapi; Fri, 21 Aug 2009 15:48:55 -0700
From: "Davis, Terry L" <terry.l.davis@boeing.com>
To: "'Sam Hartman'" <hartmans-ietf@mit.edu>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "'Ivancic, William D. (GRC-RHN0)'" <william.d.ivancic@nasa.gov>, "weddy@grc.nasa.gov" <weddy@grc.nasa.gov>
Date: Fri, 21 Aug 2009 15:48:55 -0700
Thread-Topic: secdir review of draft-ietf-mext-aero-reqs8
Thread-Index: AcoiTLmXRs1VNJUrSkqOzFTnBn2IdQAXvPzA
Message-ID: <2557049CDBC35B4EBD79CFACFEC045841CCF748F@XCH-NW-CCR1V.nw.nos.boeing.com>
References: <tsl8whdqw9y.fsf@mit.edu>
In-Reply-To: <tsl8whdqw9y.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-tm-as-product-ver: SMEX-8.0.0.1181-3.800.1026-15056.000
x-tm-as-result: No--61.881900-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Mon, 24 Aug 2009 00:40:35 -0700
Cc: "draft-ietf-mext-aero-reqs@tools.ietf.org" <draft-ietf-mext-aero-reqs@tools.ietf.org>, "mext-chairs@tools.ietf.org" <mext-chairs@tools.ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-mext-aero-reqs8
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2009 22:51:26 -0000

Sam

One of the items that continues to seriously concern me across the whole IP protocol RFC set is the basic lack of simple vendor-to-vendor IP security interoperability!  All of NEMO and MEXT assumes that simple, easy to implement, IPSec, PKI, and IKE interoperability exist; they do NOT.

In aviation we do not have the luxury that Enterprise or Entity organizations have in being able to deploy "single vendor" solutions!  In the aviation space, if someone made one, aviation will have it somewhere in our infrastructure and we need to interoperate with it as our aircraft operate in a truly heterogeneous global space.  An aircraft in flight will usually 1 to 4 open communications links and these will be continuously changing as we hand off between communication providers and "Navigation Service Providers" who utilize entirely different vendors and PKIs.  

Nor can we have a "single PKI" global solution; nation/state laws preclude this in many cases as they reasonably require credentials that they control for authentication in their territory and bridge assurances, although fine for business level relationships, may reasonably not meet nation/state requirements for operations within their nation.

I continue to state that the lack of easy to use/configure vendor interoperability parameters for our basic IP security protocol associations is a major failure in of Internet architectures.  It cannot require a senior network engineer, a senior PKI analyst, and dozens of Wireshark traces to establish a secure link!  Entry level engineers/analysts and techs need to be able to perform this function as we do with basic network (DHCP) connectivity.  We need a "dynamic security association protocol" like DHCP for industries like aviation (and most the CI sectors too!).  

To me, this lack of a simple, easy to use, interoperability security association configuration is one of our most pressing issues in our efforts to establish "cyber space security" regardless of what CI sector we are looking at.

Take care
Terry

PS: I might also remind the IETF that DHCP came from commerical industry development not communications or academia.

> -----Original Message-----
> From: Sam Hartman [mailto:hartmans-ietf@mit.edu]
> Sent: Friday, August 21, 2009 3:47 AM
> To: secdir@ietf.org; iesg@ietf.org
> Cc: mext-chairs@tools.ietf.org; draft-ietf-mext-aero-reqs@tools.ietf.org
> Subject: secdir review of draft-ietf-mext-aero-reqs8
> 
> 
> 
> This is a security directorate review; editors should treat these
> comments as any other last call comments.
> 
> Sorry that the review is late.  I read the draft, prepared my comments
> and failed to send them out.
> 
> This draft describes requirements from the air and space communities
> for nemo route optimization for aircraft and spacecraft.
> 
> Within that scope, I have no additional security concerns.
> 
> However it is important to make sure that everyone involved
> understands meeting these requirements alone without more general
> security requirements would not produce an acceptable solution.  If
> the intent of this draft is to state all the requirements that mext
> needs to consider in developing a solution that meets IETF standards
> and that meets the needs of the air/space community, then it falls
> significantly short.  I don't think that is the intent though; I think
> this is simply intended to be one stakeholder's input.  Presumably,
> even if we are only targeting deployment in air/space enviroments, we
> will look at more general security and management requirements
> necessary to make the technology deployable on the internet.  If we're
> all on the same page on that point, then this draft is fine.
> 
> I think the stated requirements seem reasonable.  However, I'm not
> actually sure that a solution exists as an extension to current basic
> nemo.  In particular, requirements about minimizing or avoiding custom
> software may rule out nemo.  However, perhaps I'm missing something.