Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14
OSCAR GONZALEZ DE DIOS <oscar.gonzalezdedios@telefonica.com> Tue, 28 October 2014 16:26 UTC
Return-Path: <oscar.gonzalezdedios@telefonica.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D56F1A9051; Tue, 28 Oct 2014 09:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.457
X-Spam-Level:
X-Spam-Status: No, score=-0.457 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FRT_BELOW2=2.154, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjHbrPn_EkK7; Tue, 28 Oct 2014 09:26:09 -0700 (PDT)
Received: from smtpjc.telefonica.com (smtpjc.telefonica.com [81.47.204.76]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 288061A9029; Tue, 28 Oct 2014 09:24:34 -0700 (PDT)
Received: from smtpjc.telefonica.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B08A7E0356; Tue, 28 Oct 2014 17:24:31 +0100 (CET)
Received: from ESTGVMSP104.EUROPE.telefonica.corp (unknown [10.92.4.9]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtpjc.telefonica.com (Postfix) with ESMTPS id 947A2E012A; Tue, 28 Oct 2014 17:24:31 +0100 (CET)
Received: from emea01-db3-obe.outbound.protection.outlook.com (10.92.5.139) by tls.telefonica.com (10.93.6.50) with Microsoft SMTP Server (TLS) id 14.3.195.1; Tue, 28 Oct 2014 17:24:31 +0100
Received: from AMSPR06MB104.eurprd06.prod.outlook.com (10.242.90.155) by AMSPR06MB102.eurprd06.prod.outlook.com (10.242.90.147) with Microsoft SMTP Server (TLS) id 15.1.6.9; Tue, 28 Oct 2014 16:24:29 +0000
Received: from AMSPR06MB104.eurprd06.prod.outlook.com ([169.254.8.166]) by AMSPR06MB104.eurprd06.prod.outlook.com ([169.254.8.166]) with mapi id 15.01.0006.000; Tue, 28 Oct 2014 16:24:30 +0000
From: OSCAR GONZALEZ DE DIOS <oscar.gonzalezdedios@telefonica.com>
To: Leeyoung <leeyoung@huawei.com>, Dan Harkins <dharkins@lounge.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org" <draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org>
Thread-Topic: secdir review of draft-ietf-pce-wson-routing-wavelength-14
Thread-Index: AQHP8gooJOOKdmTvf0KrSFkWZt9q25xFqaMAgAAaVgA=
Date: Tue, 28 Oct 2014 16:24:29 +0000
Message-ID: <D0757F26.6C188%oscar.gonzalezdedios@telefonica.com>
References: <28335d401a6c792d0259a03c5767c1dc.squirrel@www.trepanning.net> <7AEB3D6833318045B4AE71C2C87E8E1729C41344@dfweml706-chm>
In-Reply-To: <7AEB3D6833318045B4AE71C2C87E8E1729C41344@dfweml706-chm>
Accept-Language: es-ES, en-US
Content-Language: es-ES
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [195.235.92.26]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:AMSPR06MB102;
x-forefront-prvs: 0378F1E47A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(377454003)(51704005)(479174003)(189002)(13464003)(20776003)(19580405001)(97736003)(64706001)(19580395003)(2656002)(92726001)(66066001)(92566001)(2501002)(87936001)(85852003)(2201001)(85306004)(76176999)(21056001)(77096002)(101416001)(50986999)(54356999)(36756003)(230783001)(4396001)(31966008)(99396003)(122556002)(40100003)(95666004)(106116001)(105586002)(46102003)(80022003)(120916001)(86362001)(83506001)(106356001)(15202345003)(15975445006)(76482002)(107886001)(107046002); DIR:OUT; SFP:1102; SCL:1; SRVR:AMSPR06MB102; H:AMSPR06MB104.eurprd06.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <25F3FFD097880C48AA31DED6A98FB768@eurprd06.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: telefonica.com
X-TM-AS-MML: No
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/l1W8ecDQH5Radq7jSCD6aVvoKRo
X-Mailman-Approved-At: Tue, 28 Oct 2014 10:23:53 -0700
Subject: Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 16:26:12 -0000
Hi Dan, I recently worked in the PCEP extensions for GMPLS security section, where I did an analysis on the threats on adding PCEP in GMPLS networks. This particular draft in last call, draft-ietf-pce-wson-routing-wavelength-14, is focused on the support of PCE for Wavelength Switched optical networks. I think the analysis done for GMPLS networks, with some modifications may be valid for this case of WSON networks. Please find bellow the text of http://tools.ietf.org/html/draft-ietf-pce-gmpls-pcep-extensions-10. GMPLS controls multiple technologies and types of network elements. The LSPs that are established using GMPLS, whose paths can be computed using the PCEP extensions to support GMPLS described in this document, can carry a high amount of traffic and can be a critical part of a network infrastructure. The PCE can then play a key role in the use of the resources and in determining the physical paths of the LSPs and thus it is important to ensure the identity of PCE and PCC, as well as the communication channel. In many deployments there will be a completely isolated network where an external attack is of very low probability. However, there are other deployment cases in which the PCC-PCE communication may be more exposed and there could be more security considerations. Three main situations in case of an attack in the GMPLS PCE context could happen: o PCE Identity theft: A legitimate PCC could requests a path for a GMPLS LSP to a malicious PCE, which poses as a legitimate PCE. The answer can make that the LSP traverses some geographical place known to the attacker where some sniffing devices could be installed. Also, the answer can omit constraints given in the requests (e.g. excluding certain fibers, avoiding some SRLGs) which could make that the LSP which will be later set-up may look perfectly fine, but will be in a risky situation. Also, the answer can lead to provide a LSP that does not provide the desired quality and gives less resources tan necessary. o PCC Identity theft: A malicious PCC, acting as a legitimate PCC, requesting LSP paths to a legitimate PCE can obtain a good knowledge of the physical topology of a critical infrastructure. It could get to know enough details to plan a later physical attack. o Message deciphering: As in the previous case, knowledge of an infrastructure can be obtained by sniffing PCEP messages. The security mechanisms can provide authentication and confidentiality for those scenarios where the PCC-PCE communication cannot be completely trusted. Authentication can provide origin verification, message integrity and replay protection, while confidentiality ensures that a third party cannot decipher the contents of a message. The document [I-D.ietf-pce-pceps <http://tools.ietf.org/html/draft-ietf-pce-gmpls-pcep-extensions-10#ref-I-D .ietf-pce-pceps>] describes the usage of Transport Layer Security (TLS) to enhance PCEP security. The document describes the initiation of the TLS procedures, the TLS handshake mechanisms, the TLS methods for peer authentication, the applicable TLS ciphersuites for data exchange, and the handling of errors in the security checks. Finally, as mentioned by [RFC7025 <http://tools.ietf.org/html/rfc7025>] the PCEP extensions to support GMPLS should be considered under the same security as current PCE work and this extension will not change the underlying security issues. However, given the critical nature of the network infrastructures under control by GMPLS, the security issues described above should be seriously considered when deploying a GMPLS-PCE based control plane for such networks. For more information on the security considerations on a GMPLS control plane, not only related to PCE/PCEP, [RFC5920 <http://tools.ietf.org/html/rfc5920>] provides an overview of security vulnerabilities of a GMPLS control plane. Do you think a similar analysis for WSON networks may be useful? Best Regards, Óscar El 28/10/14 16:50, "Leeyoung" <leeyoung@huawei.com> escribió: >Hi Dan, > >Thanks a lot for your review and providing comments. > >Would the following work for you in Security Section to add: > >"Solutions that address the requirements in this document need to verify >that existing PCEP security mechanisms adequately protect the additional >network capabilities and must include new mechanisms as necessary." > >Best regards, >Young > >-----Original Message----- >From: Dan Harkins [mailto:dharkins@lounge.org] >Sent: Monday, October 27, 2014 12:04 PM >To: iesg@ietf.org; secdir@ietf.org; >draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org >Subject: secdir review of draft-ietf-pce-wson-routing-wavelength-14 > > > Hello, > > I have reviewed draft-ietf-pce-wson-routing-wavelength as part of the >security directorate's ongoing effort to review all IETF documents being >processed by the IESG. These comments were written primarily for the >benefit of the security area directors. Document editors and WG chairs >should treat these comments just like any other last call comments. > > This is a requirements document for additions to the PCEP protocol to >support path computation in a wavelength-switched optical network. It >describes what needs to be added to requests/responses to support routing >and wavelength assignment to a path computation element (that supports >both functions) for a path computation client. > > The security considerations are basically a punt. There's information >that an operator may not want to disclose and "[c]onsideration should be >given to securing this information." That seems a little thin. At the >very least some explanation of how this should be done. Do only the TLVs >that represent these required additions require confidentiality? >Is KARP a potential solution to this problem? If so it might be nice to >explain that; if not, then why and what else would be required? > > It is a well-organized and well-written document. I would say it is >"ready with nits", my nits being the thinness of the Security >Consideration section. > > regards, > > Dan. > > ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
- [secdir] secdir review of draft-ietf-pce-wson-rou… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-pce-wson… Adrian Farrel
- Re: [secdir] secdir review of draft-ietf-pce-wson… Leeyoung
- Re: [secdir] secdir review of draft-ietf-pce-wson… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-pce-wson… Leeyoung
- Re: [secdir] secdir review of draft-ietf-pce-wson… OSCAR GONZALEZ DE DIOS