Re: [secdir] Secdir review of draft-ietf-pals-p2mp-pw-03

Stewart Bryant <stewart.bryant@gmail.com> Sun, 27 August 2017 09:30 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38FA11323B4; Sun, 27 Aug 2017 02:30:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uZUu_umtrzX8; Sun, 27 Aug 2017 02:30:34 -0700 (PDT)
Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E83413202D; Sun, 27 Aug 2017 02:30:34 -0700 (PDT)
Received: by mail-wm0-x243.google.com with SMTP id i76so4061085wme.1; Sun, 27 Aug 2017 02:30:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=6zoyhywnGDLDbzVZPJtAAFRd8G9A/YzJHocmYuhVN3o=; b=I6XwZVSn+Q1rUxU+UcLC1IXhv3gfofjABdmQouRwCKbIMvUQzJzqXHR2lKyLaYAtVY Erhe13bIAbr9WTgrN76rP0CFTuJch+Sh2JD5B8rA/skD1HO4HsNd3lQHfq8m0O/zsbAm EiMJm3Db1VV7ZnNE6Qdiw9FhLpX7swzKDmF9+x1Ovy5fbrqDfQQeHK9EnuFnCOf/X94u PQJP/axN+nKqG+tv7Fv/KeD7SCtisEmKPpKCtZabNtdDrWBjs/r0kDhOVqZBou8/a+PL kyzYd37YGhNZQbHCnw3EYPZnLw9GQhkB0HWlcS2eEEsFAHKL/9t9iey8svRphsEsm0R2 zdAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=6zoyhywnGDLDbzVZPJtAAFRd8G9A/YzJHocmYuhVN3o=; b=tK6Y4emyDyvX7gw48WdFg0Z9VbuYoz6F0+se/9V9un5seQ+O4tz1uZGPVcg6ze4ir2 h88YAUIHSX1i6ifDI61djs+uhW6R4Kyz3eXGgmIG9yEh69tEyuTM9lcFjUTe94Q8Wn6w P/Mp3Cxfgc2W9p1bG7/jSZ0EDdFYw+ca3FrxmoJEOf+Nb/T1GPL0leIlQCb/p2yLoNXd J49PcT66CSD1LnCeMhvU6G4rxpC3MC0XHVOTtQyLUg7f51hiDeOUU5Deq7ENmxpn+/Rn Bjx+9mHMCO9rU4pbKfQYnYn793g0ePXgwJnD02/0DBc7ChUL/2uWI3NcJnrIPtXji7TK RLhQ==
X-Gm-Message-State: AHYfb5jMWg6axvDgo2jD2D5d5oGZhJX9weHyT8UkuMETDHquR6RZQNUe 7OMSwsxdlpIfcS7l5dI=
X-Received: by 10.28.57.135 with SMTP id g129mr1863349wma.186.1503826232569; Sun, 27 Aug 2017 02:30:32 -0700 (PDT)
Received: from [192.168.2.126] (host213-123-124-182.in-addr.btopenworld.com. [213.123.124.182]) by smtp.gmail.com with ESMTPSA id q45sm23086285wrb.3.2017.08.27.02.30.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 27 Aug 2017 02:30:32 -0700 (PDT)
To: Tero Kivinen <kivinen@iki.fi>, iesg@ietf.org, secdir@ietf.org, draft-ietf-pals-p2mp-pw.all@tools.ietf.org, "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>
References: <201708270627.v7R6RLjk004141@fireball.acr.fi>
From: Stewart Bryant <stewart.bryant@gmail.com>
Message-ID: <aed969e4-31be-cf77-8bbe-598f0407c4f3@gmail.com>
Date: Sun, 27 Aug 2017 10:30:30 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <201708270627.v7R6RLjk004141@fireball.acr.fi>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/UXRAKc_E72n3KlurRNqgm_csLBk>
Subject: Re: [secdir] Secdir review of draft-ietf-pals-p2mp-pw-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Aug 2017 09:30:36 -0000

Tero

Thank you for your comment.

I believe that it if wrong to hold this document hostage to a security 
issue that applies to a major MPLS protocol widely used throughout the 
Internet.

The right way to address the problem is via an update to the security of 
LDP (in the MPLS WG) and have that specification update the RFCs that 
use LDP.

If an attacker were able to use the vulnerability in MD5 as a vector to 
attack LDP, I doubt that this relatively low key aspect of pseudowires 
would be their first priority.

Regards

- Stewart


On 27/08/2017 07:27, Tero Kivinen wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> This document describes the mechanims to signal point-to-multipoint
> pseudowires using LDP. The security considerations section simply
> points to the RFC4447bis (i.e., RFC8077) saying that security
> mechanisms described there are adequate.
>
> On the other hand RFC8077, says that LDP MD5 authentication key option
> as described in the section 2.9 of RFC5036 MUST be implemented. The
> section 2.9 of RFC5036 describes TCP MD5 signature option for LDP.
> This might have been adequate security for some protocol in 2007 (when
> RFC5036 was published, altought MD5 was already then known to be
> broken), but it IS NOT adequate security in 2017.
>
> I understand that this document is not really the one supposed to
> update the security option for the LDP, but there is
> draft-ijln-mpls-rfc5036bis which is moving LDP to internet standard
> still trying to keep the same broken MD5 based security in it. I think
> this document should include note saying, that security of the RFC5036
> is no longer adequate for any use because it uses broken security
> protocol, but there is nothing better out there yet (or is there, I do
> not know enough of the LDP to know that), and perhaps point to the
> rfc5036bis also in hopes that it might some day fix the security of
> the LDP.
>
> I think this document (or whole PW and LDP system) has issues that
> needs to be fixed before it can be published.