IETF Logo Mail Archive

Re: [secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02

Stewart Bryant <stewart.bryant@gmail.com> Wed, 27 April 2016 09:00 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56CE312D63C; Wed, 27 Apr 2016 02:00:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GLESUGmyWV-v; Wed, 27 Apr 2016 02:00:02 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9649812D11C; Wed, 27 Apr 2016 02:00:01 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id e201so28883351wme.0; Wed, 27 Apr 2016 02:00:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=jzQapfs8r07v2PiK22f7y3c5GV0fx87xe/a+yg8Ceq8=; b=udpEvXqElbAursNqm1RcViq01crFERz17GoQCMHdHdAR71/PYQ2XBnQlqYyJQTOzR/ B8zSUrhr2dw5I7Jp0Y6bkj0HBzGor7g/6pz6xZHY33rlhEw13m/oSwHzLx7b44F8nfA1 K6m67ajAAX49efa34yCstggULELGXM8N2NtSrUNcFrn82ngJu3XJDPk7p3RtEfZsvNMZ 4mPhGoNCHsZKconoRa3T6SwF59Z50z8RbIMZ0yc12pbmg5ecSLGci9J97w4KWavByae0 caomTpAKn0X55S3g+qg6NFzLo5TxMg+J7LpcXSV+9GgdBsVOVrDNPW0mQGPTGT9JWg19 qqoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=jzQapfs8r07v2PiK22f7y3c5GV0fx87xe/a+yg8Ceq8=; b=WA4qee0/D86RVfrIhtswnKhZvFvDbEEa1L91JkEuz0BxMxNrjY/4wE/fAftPaGYLR4 MFnp2QbUGNnXg8HNXDCg3U4YzQN/ZdBSqOhnwlvnaGGnULA3FPrM7KFC14P+Q22eDxu+ voyj9Yu3EzdD7p31o3eQOgcqPigh3sy3SNsnpnL33el+lf0zeiz+Rffi8LQTtTb3otoL X/97jiYlB/kgMPgcuLClhJEQV6DC8p85U/k3rFpo8OM0Mvuu7+lZ3X5Ik8TcCe12ZEFk F3vnQ7N+Cxe64N2Pp9PmGErn7Zwl75hKHJEhT+RftkpRU/vN6O23m8aHc1rsvdnWhmQH bK3Q==
X-Gm-Message-State: AOPr4FUvlME+2jOrGQBRBs5ht7Q72ZEsaQTE5K2qYcJJUloXTAof2kys6ptN4k1u9bFqXQ==
X-Received: by 10.194.107.6 with SMTP id gy6mr7966664wjb.20.1461747600108; Wed, 27 Apr 2016 02:00:00 -0700 (PDT)
Received: from [192.168.2.126] (host213-123-124-182.in-addr.btopenworld.com. [213.123.124.182]) by smtp.gmail.com with ESMTPSA id m20sm7318501wma.23.2016.04.27.01.59.58 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 27 Apr 2016 01:59:58 -0700 (PDT)
To: Phillip Hallam-Baker <phill@hallambaker.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-pals-seamless-vccv.all@ietf.org
References: <CAMm+Lwho5C8JzQ92Nk4mQjjhwKG0gvus=xH5G0e6s9smEg=DNg@mail.gmail.com>
From: Stewart Bryant <stewart.bryant@gmail.com>
Message-ID: <57207F8D.9080000@gmail.com>
Date: Wed, 27 Apr 2016 09:59:57 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <CAMm+Lwho5C8JzQ92Nk4mQjjhwKG0gvus=xH5G0e6s9smEg=DNg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------090609020509060702020904"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/X4dOxd8A5xI5apveISvZae9JOS0>
Subject: Re: [secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2016 09:00:08 -0000


On 26/04/2016 13:48, Phillip Hallam-Baker wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
>
> This document is an incremental change to a layer 2 virtualization
> layer (Software Defined Networking).

I don't see how you conclude that this is anything to do with SDN, other
than noting that SDN is ONE of the control planes that might be used,
except that in the early days of this work we called it "static".

> As such it properly references
> RFC5085 for security considerations.

As others later state this is a small update to RFC5085. As such it 
should not be held
hostage to your concerns about RFC5085, which is a widely deployed protocol
with significant interoperation, at least in its MPLS variant.

>
> That said, I am a bit surprised at the security considerations in
> RFC5085 which points out that denial of service is an issue but not
> the introduction of a new set of opportunities for interception. This
> is surprising given that BGP interception had already been used in
> international hostilities when the RFC was published.

So I am curious what would an interception attack on an OAM protocol look
like and what would harm would such an attack do? If you could simply
read the packets you could find out the loss, delay, jitter and outage rate
but I don't see why an attacker would be that interested in such data.

If you could intercept the OAM packets, I am sure that the data packets 
carried
over the same path would be far more interesting, and securing those would
secure the OAM since they fate share.

>
> Further the proposed solution is to sprinkle on some magic IPSEC dust
> or equivalent. While that might be an appropriate approach in an
> experimental protocol, it is hardly adequate for a production protocol
> with implications for Internet security as a whole.

I really don't understand this point.

In the MPLS case we use exactly the same dataplane and exactly the same
signalling plane as is used by Internet traffic. You may have concerns 
about the
security of those aspects of the Internet, but this is not the place to 
address
those concerns. If you extend the security of MPLS, this protocol will 
inherit
those extensions.

I am not sure how widely L2TP OAM is actually deployed, but both the L2TP
control and dataplane (and the OAM fate shares with the dataplane) run
over IP, and will inherit any security enhancements that are applied to IP.

>
> Given the critical function of this layer and the date of its
> inception, I would expect to see a comprehensive security architecture
> developed as part of the overall scheme.

As I noted above, the most widely deployed version is the MPLS variant
and any concern about MPLS security needs to be addressed to the MPLS
WG. PALS will automatically pick up any MPLS security extensions.

- Stewart

v2.23.0 | Report a Bug | By Email