Re: [secdir] Sec Dir review of draft-ietf-mpls-ldp-multi-topology-09.txt
"Moriarty, Kathleen" <kathleen.moriarty@emc.com> Fri, 21 February 2014 14:40 UTC
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1D1E1A018B for <secdir@ietfa.amsl.com>; Fri, 21 Feb 2014 06:40:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Level:
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fHgGBRrvO4Jd for <secdir@ietfa.amsl.com>; Fri, 21 Feb 2014 06:40:12 -0800 (PST)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id F25231A0169 for <secdir@ietf.org>; Fri, 21 Feb 2014 06:40:11 -0800 (PST)
Received: from maildlpprd05.lss.emc.com (maildlpprd05.lss.emc.com [10.253.24.37]) by mailuogwprd03.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s1LEe41M002456 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Feb 2014 09:40:06 -0500
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd03.lss.emc.com s1LEe41M002456
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1392993607; bh=r+nHo7EFinAYTq3BgvoUK6/LbkY=; h=From:To:CC:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=K4aEbdeOYGTaa52hfzY5htHpSeqAWiT8nEB5urkiMoIkiEDir6JeIGJVDE1sS+9re 6A2UQ2hxe2B09MoA3qLePqSDqoiRI19IrMmeN4+dGHWarhSKh4EZFihv5mPZZ/MJmi 2aIoXMckQtVu++F5g5M8uJ8UbnRKfN8vG2znY3+s=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd03.lss.emc.com s1LEe41M002456
Received: from mailusrhubprd53.lss.emc.com (mailusrhubprd53.lss.emc.com [10.106.48.18]) by maildlpprd05.lss.emc.com (RSA Interceptor); Fri, 21 Feb 2014 06:39:56 -0800
Received: from mxhub18.corp.emc.com (mxhub18.corp.emc.com [10.254.93.47]) by mailusrhubprd53.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s1LEdtjC018346 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 21 Feb 2014 09:39:56 -0500
Received: from mx15a.corp.emc.com ([169.254.1.167]) by mxhub18.corp.emc.com ([10.254.93.47]) with mapi; Fri, 21 Feb 2014 09:39:55 -0500
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Daniel King <daniel@olddog.co.uk>
Date: Fri, 21 Feb 2014 09:39:47 -0500
Thread-Topic: Sec Dir review of draft-ietf-mpls-ldp-multi-topology-09.txt
Thread-Index: AQHkDiVHbpwcnyd5R7MzcDez/HCHegEKUfAlmoygyfCAABWr0A==
Message-ID: <F5063677821E3B4F81ACFB7905573F24065BE94EC1@MX15A.corp.emc.com>
References: <F5063677821E3B4F81ACFB7905573F240653E7FE11@MX15A.corp.emc.com> <017601cf1943$8ebabe20$ac303a60$@olddog.co.uk> <02dd01cf2e8a$10469760$30d3c620$@olddog.co.uk>
In-Reply-To: <02dd01cf2e8a$10469760$30d3c620$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd53.lss.emc.com
X-RSA-Classifications: public
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/UP41QhGIve0wrSW0gpdlo2v4MoY
Cc: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, "mpls-chairs@tools.ietf.org" <mpls-chairs@tools.ietf.org>, "draft-ietf-mpls-ldp-multi-topology@tools.ietf.org" <draft-ietf-mpls-ldp-multi-topology@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Sec Dir review of draft-ietf-mpls-ldp-multi-topology-09.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2014 14:40:15 -0000
Hello Dan, Thank you for the update to the draft and response to my comments. I'll have to read through the draft again to see why I thought labels changed. If I find a specific point, I'll let you know so it could be clarified for other readers, but it may not be an issue. I have a couple of responses below that start with KM>. Thank you! Kathleen -----Original Message----- From: Daniel King [mailto:daniel@olddog.co.uk] Sent: Thursday, February 20, 2014 5:21 PM To: Moriarty, Kathleen Cc: draft-ietf-mpls-ldp-multi-topology@tools.ietf.org; adrian@olddog.co.uk; mpls-chairs@tools.ietf.org; secdir@ietf.org Subject: RE: Sec Dir review of draft-ietf-mpls-ldp-multi-topology-09.txt Dear Kathleen, Thank you for your review of draft-ietf-mpls-ldp-multi-topology-09. We have updated the document to address a number of comments, including your Sec Dir review: http://tools.ietf.org/html/draft-ietf-mpls-ldp-multi-topology-11 Please see our specific responses and/or how addressed your comments inline ("Authors:") below: > -----Original Message----- > From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf > Of Moriarty, Kathleen > Sent: 03 November 2013 23:27 > To: secdir@ietf.org; iesg@ietf.org; draft-ietf-mpls-ldp-multi- > topology.all@tools.ietf.org > Cc: rtorvi@juniper.net; daniel@olddog.co.uk; lichenyj@chinamobile.com; > huaimochen@huawei.com; zhenbin.li@huawei.com; huanglu@chinamobile.com; > ning.so@tatacommunications.com; emily.chen220@gmail.com > Subject: Sec Dir review of draft-ietf-mpls-ldp-multi-topology-09.txt > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > Review: > It is unclear to me how there could not be any security > considerations. The draft > introduces the ability to segregate traffic, allowing for the MT > capability to be > supported and then transitioned to equipment where the capability is > not supported. See section 3.2: > > If an LSR is changed from IGP-MT capable to non-MT capable, it may > wait until the routes update to withdraw FEC and release the label > mapping for existing LSPs of specific MT. > > The introduction states this feature may be used to segregate traffic > for different > purposes, including the use of management traffic. Typically, > management traffic > requires security protections such as session encryption. The > labeling also appears to allow for labels to change in addition to the > feature support disappearing. The security considerations should at > least mention that no additional protections are offered through this > mechanism of segregating traffic, > so that the reader is informed of this risk. The advantages may be > limited to QoS > and other possible benefits. Users should be aware that the > segregation offers > no security advantage over MPLS without MT. Authors: Thanks for your comments and as you suggest we have updated the Security section to state that MPLS MT does not offer any additional security over MPLS. Although we do not believe that the reader needs to be informed of any "risk" because we do not believe there is any additional risk. KM> I agree there is no additional risk, the 'risk' is more the perception a reader may have if they see something is segregated and assumes that means it is secure. The reader just needs to understand the points noted above so they are clear that the traffic may not remain segregated. MPLS security, as discussed in RFC5920, is split into two items: control plane security and data plane security: - For the control plane (and our document is chiefly about the control plane) the security relies on the security provided for LDP; LDP runs over TCP so it can leverage TLS and TCP/AO. - The MPLS data plane is not secure and it is the responsibility of the application to secure its traffic as necessary (e.g., running management traffic over IPsec tunnels). We believe that the document makes no change to those basic concepts. However, we have clarified the Security section and included a reference to RFC5920 to assist/remind the reader. KM> Thank you! Also, we would like to underline that when MT support is withdrawn, there is no change in labeling. We have documented that when an LSR stops supporting MT, the LSPs that exist for non-default topologies must be torn down (because they are no longer supported) and this should be done by withdrawing the labels that were advertised for the other topologies. KM> OK, This was my first time through the draft and I'll go back to see why I came to that assumption. > Editorial nits: > > In Introduction, change from isolated to isolate: > Separate routing and MPLS domains may be used to isolated > multicast and IPv6 islands within the backbone network. > > To: Separate routing and MPLS domains may be used to isolate > multicast and IPv6 islands within the backbone network. Authors: Thanks, updated. > Change Carries to carry: > Management traffic could be separated from customer traffic using > multiple MTs, where the management traffic MT does not use links > that carries customer traffic. > To: Management traffic could be separated from customer traffic using > multiple MTs, where the management traffic MT does not use links > that carry customer traffic. > > Section 3.6: Change "imply" to "simply": > Since using different label spaces for different topologies would > imply significant changes to the data plane, a single global label > space is supported in this solution. Authors: Thanks, but this was intended so left. > Change "peer" to "peers": > There will be one session > supported for each pair of peer, even there are multiple topologies > supported between these two peers. > > Section 4.3.4: > Change from: > For the case that the LSP ping with return path not specified , the > reply packet must go through the default topology instead of the > topology where the Echo Request goes through. > To: For the case that the LSP ping with return path is not specified, the > reply packet must go through the default topology instead of the > topology where the Echo Request goes through. Authors: Thanks, updated. > Section 5.1: > Recommend breaking this text into multiple sentences. Authors: Thanks, updated. > Section 6: > Change from: > In case the bad things does happen, according > to [RFC5036], processing of such message should be aborted. > To: In case the bad things happen, according > to [RFC5036], processing of such messages should be aborted. Authors: Thanks, updated. > Section 7: I recommend breaking the second paragraph into multiple sentences. Authors: Thanks, updated. > Best regards, > Kathleen Again, thank you for your valuable comments and suggestions. Br, Dan & Authors.
- [secdir] Sec Dir review of draft-ietf-mpls-ldp-mu… Moriarty, Kathleen
- Re: [secdir] Sec Dir review of draft-ietf-mpls-ld… Daniel King
- Re: [secdir] Sec Dir review of draft-ietf-mpls-ld… Moriarty, Kathleen