Re: [secdir] Review of draft-ietf-ccamp-wson-impairments-07
Nico Williams <nico@cryptonector.com> Wed, 12 October 2011 18:02 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ED9621F8BEF; Wed, 12 Oct 2011 11:02:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yQ3m3w5UoYLu; Wed, 12 Oct 2011 11:02:11 -0700 (PDT)
Received: from homiemail-a63.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207]) by ietfa.amsl.com (Postfix) with ESMTP id C227A21F8BDE; Wed, 12 Oct 2011 11:02:11 -0700 (PDT)
Received: from homiemail-a63.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a63.g.dreamhost.com (Postfix) with ESMTP id E81EA2F4081; Wed, 12 Oct 2011 11:01:55 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=Vc54pohdugfS76EZ31MEyU2C3elU+Ddl7RDMcG94a1j4 2C8sUAKt8HPwHCHVK9liAGxtBYNp9bOmxjYKAHFTYgRV8hxY5rGErAiP4kBK9E2h dHMx3IDXTdrmX8yw6pn7OCaRFVmbLe4iYfiMHpVxPYz7uDByKjDnhopPui6qFv4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=mCwScrbH1VtkH0kvs2Atk0Mgu6w=; b=oWYzeUdQM5k WB/LsFw5+nHFdO4PxFBwagxKdV2Rp2EQNSHA2Oj6JAyTwrexCSMF2+vVj8wFNizl TPHXweagVtSkR+O3GoJGaAAkthHHlKahyDmcBRuvcTSrgbZuU/h4xns3ZUMKY+uF l0XX4avXRAUNk5vaf/AqsrtXQPTn9XUg=
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a63.g.dreamhost.com (Postfix) with ESMTPSA id BC5B52F4076; Wed, 12 Oct 2011 11:01:00 -0700 (PDT)
Received: by qadb12 with SMTP id b12so1052531qad.31 for <multiple recipients>; Wed, 12 Oct 2011 11:00:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.57.102 with SMTP id h6mr2820729pbq.7.1318442459747; Wed, 12 Oct 2011 11:00:59 -0700 (PDT)
Received: by 10.68.59.169 with HTTP; Wed, 12 Oct 2011 11:00:59 -0700 (PDT)
In-Reply-To: <7AEB3D6833318045B4AE71C2C87E8E171817FEAA@DFWEML501-MBX.china.huawei.com>
References: <CAK3OfOj5Y8waYhCpoiiYg0GrL3E5SvWAPkkxmhP+2RHhoDdzgw@mail.gmail.com> <7AEB3D6833318045B4AE71C2C87E8E171817FEAA@DFWEML501-MBX.china.huawei.com>
Date: Wed, 12 Oct 2011 13:00:59 -0500
Message-ID: <CAK3OfOhvV6HwH5i14LqmZX-o4aEzCe3Wk=8iZdg9AnVCXuJcsw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Leeyoung <leeyoung@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-ccamp-wson-impairments@tools.ietf.org" <draft-ietf-ccamp-wson-impairments@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Review of draft-ietf-ccamp-wson-impairments-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2011 18:02:12 -0000
On Wed, Oct 12, 2011 at 12:30 PM, Leeyoung <leeyoung@huawei.com> wrote: > Modified security section reads: > > This document discusses a number of control plane architectures that > incorporate knowledge of impairments in optical networks. If such > architecture is put into use within a network it will by its nature > contain details of the physical characteristics of an optical > network. Such information would need to be protected from intentional > or unintentional disclosure similar to other network information used > within intra-domain protocols. > > This document does not require changes to the security models within > GMPLS and associated protocols. That is, the OSPF-TE, RSVP-TE, and > PCEP security models could be operated unchanged. However, satisfying > the requirements for impairment information dissemination using the existing > protocols may significantly affect the loading of those protocols. > This may make the operation of the network more vulnerable to denial- > of-service attacks or active attacks. Therefore, additional care maybe > required to ensure that the protocols are secure in the impairment-aware > WSON environment. > > Furthermore, the additional information distributed in order to > address impairment information represents a disclosure of network > capabilities that an operator may wish to keep private. Consideration > should be given to securing this information. For a general discussion > on MPLS- and GMPLS-related security issues, see the MPLS/GMPLS security > framework [RFC5920]. > > Please suggest some texts if these are not satisfactory to your need. Thanks. I'm not concerned about denial of service attacks in particular as it is often the case that there are denial of service attack surfaces about which there's little we can do. What I'm concerned about is whether the framework can handle active attacks such as injections, impersonation, and MITMs. The reference to OSPF and friends is probably sufficient in this regard for me to figure out an answer, though saying something to the effect that a) you rely on such protocols for security (your proposed change says so), and b) that those protocols meet whatever you think the requirements ought to be for IA-RWA. Oh, and I suppose you should c) list what you think those requirements are. Of course, if these protocols don't today meet those requirements, then that'd be a problem, but I suspect that won't prove to be the case. This is one of those occasions where it's good to ask "what's your threat model" too. My guess is that there isn't that much of a threat from eavesdropping on IA-RWA, so passive attackers are not part of the threat model. What active attacks might be in the threat model? Nico --
- [secdir] Review of draft-ietf-ccamp-wson-impairme… Nico Williams
- Re: [secdir] Review of draft-ietf-ccamp-wson-impa… Nico Williams
- Re: [secdir] Review of draft-ietf-ccamp-wson-impa… Leeyoung
- Re: [secdir] Review of draft-ietf-ccamp-wson-impa… Nico Williams
- Re: [secdir] Review of draft-ietf-ccamp-wson-impa… Leeyoung
- Re: [secdir] Review of draft-ietf-ccamp-wson-impa… Leeyoung