[secdir] draft-ietf-tsvwg-rsvp-security-groupkeying-05

Stephen Kent <kent@bbn.com> Sat, 19 December 2009 02:23 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id BD48B28C11C for <secdir@core3.amsl.com>; Fri, 18 Dec 2009 18:23:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id I21v2uOX2i3M for <secdir@core3.amsl.com>; Fri, 18 Dec 2009 18:23:35 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com []) by core3.amsl.com (Postfix) with ESMTP id D53FE3A659A for <secdir@ietf.org>; Fri, 18 Dec 2009 18:23:34 -0800 (PST)
Received: from dommiel.bbn.com ([] helo=[]) by smtp.bbn.com with esmtp (Exim 4.63) (envelope-from <kent@bbn.com>) id 1NLoyT-0002rX-A3 for secdir@ietf.org; Fri, 18 Dec 2009 21:23:19 -0500
Mime-Version: 1.0
Message-Id: <p06240803c751e90f6344@[]>
In-Reply-To: <alpine.BSF.2.00.0912181810060.73148@fledge.watson.org>
References: <alpine.BSF.2.00.0912181810060.73148@fledge.watson.org>
Date: Fri, 18 Dec 2009 21:23:14 -0500
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/mixed; boundary="============_-950933100==_============"
Subject: [secdir] draft-ietf-tsvwg-rsvp-security-groupkeying-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Dec 2009 02:23:36 -0000

This is the message I sent to the WG chairs  o 11/30, in response to 
this special request.



As per your request I reviewed the subject document.

It has a LOT of problems:

	- the authors are inconsistent in their use of terms in 
various places in the document (e.g., trust zone, trust domain, trust 

	- the authors do not clearly define what they mean by static, 
manual, or  dynamic keying. they then make general assertions about 
the costs of various keying methods without providing any analysis to 
support their assertions.

	- the authors are clearly big proponents of group keying, and 
so they sweep under the rug all the details of what one has to do to 
authenticate group members to a group key server and what the server 
needs to do to distribute keys to the group members. there may be 
good arguments for why group keying is preferable to alternatives, 
but this document does not make that case

	- the authors assert that tunnel mode ESP is unsuitable for 
use with RSVP due to a MITM vulnerability, but the argument they 
present is flawed.

	- the authors assert that using the group keying mechanisms 
in RFC 3547 solves the problems of using IPsec with RSVP, which 
contradicts statements elsewhere about problems with IPsec protocols 
and RSVP.

	- the authors argue that Section 3.1 of RFC 5374 describes 
how to use tunnel mode in a way that fixes problems otherwise present 
with AH or ESP, but the argument is suspect. The cited section talks 
about a new version of tunnel mode for use by secruity gateways when 
sending traffic on multicast SAs, but there is not reason why routers 
using RSVP should be viewed as secruity gateways with respect to RSVP 

	- overall, the document is very poorly organized. it rambles 
and makes arguments in one section that appear to contradict analyses 
in other sections.

I have attached an edited version of the document with suggested 
edits and lots of comments.