Re: [secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02

Phillip Hallam-Baker <> Tue, 26 April 2016 14:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DE2FE12B00C; Tue, 26 Apr 2016 07:57:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jPyBRGEFuuKZ; Tue, 26 Apr 2016 07:57:23 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DD26312D17B; Tue, 26 Apr 2016 07:57:22 -0700 (PDT)
Received: by with SMTP id u64so19091890lff.3; Tue, 26 Apr 2016 07:57:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-transfer-encoding; bh=SoxphWmurFxh98w87nRPXWijtCCHai6pzmXMOaEWBVE=; b=A7gpbLFyrCydTqvVSc2AIxOW0RDBwaVitMttZNuCaUZlwXIukZhPHZW/201K2vfBAv xwFFWWhLZ7MURLGNbn67MguIjRt8HwmRqo6ymc8grNaWHKHx5ywH5RdBAnn8oD+p8Efg ssR6HYzaNjAWqcmdlgLSWgQLnD/6habdOw75tVW8rxjEw9lRiP5qgrlDHnH/s7KTER5n DKQ9Ebt+y/+acK5f89RiH5CnRRBYT5iNlDjRYApZSwEiU/c5H5r8UtilWGTE5byRYsAr +Ctlkny4fUlHdocZI1EimffYWHISNPhWZTUOmjV8vPRS8wtOGhjqSNzTMpYMfmhVDo/j kN5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=SoxphWmurFxh98w87nRPXWijtCCHai6pzmXMOaEWBVE=; b=Ph5BIZL4cUpbmP9DUV+RXdMMhE1yrF49AyAteYUMFH5p6on7PQ1z42qX8lBHSCVaqF GcAHvjCdDBq8fldb/WBCqe8Nr5bgjPUHgvvb+3QSLCQsHnGhxg4w/osgMxs7sVl9xY8D h+vqZUn2TMxb02gdJDjedm3ZVm2R4IJeCg4ueVRN9/cwIZCkIbhp67PPnrpldeaNb7+X yqhUxMxVhbFJmuS3EiTj3/OJxiEN5ZTEmceDhBbbhuWc3S0rt14491Fc7gZbjsYnNorA 2FfyqbnUqHDWjk/7pG4HjHv24KrZmM5XDncrQKFYN69UGhoXZvYXS6IBUeEhf6d1hKhW +v+A==
X-Gm-Message-State: AOPr4FV7FsjgGQWlGxZv0tz2tDNlp05+cGlUWFYOMMMVzqd+gTrzyg+xxW2tlL8Xtp45kSH41XLe/fLqplGU/Q==
MIME-Version: 1.0
X-Received: by with SMTP id h10mr1277140lfb.39.1461682641115; Tue, 26 Apr 2016 07:57:21 -0700 (PDT)
Received: by with HTTP; Tue, 26 Apr 2016 07:57:21 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Tue, 26 Apr 2016 10:57:21 -0400
X-Google-Sender-Auth: UY_1pUfQ-z9fEAwIJntqteKRQ3M
Message-ID: <>
From: Phillip Hallam-Baker <>
To: "Carlos Pignataro (cpignata)" <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Cc: "" <>, "" <>, "" <>
Subject: Re: [secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 26 Apr 2016 14:57:25 -0000

On Tue, Apr 26, 2016 at 10:26 AM, Carlos Pignataro (cpignata)
<> wrote:
> Phillip,
> Many thanks for your review.
> As you rightly call out, this is indeed an incremental addition — I might add for emphasis a very incremental change.
> One point of clarification, however, is that this solution as defined does _not_ use BGP. The relevant control protocols’ security considerations are addressed in RFC 5085. This is not 'IPsec pixy-dust' — if you follow the pointers, you will get to the control connection (endpoint and message) security as well as protection for data plane spoofing.

With respect, I disagree.

A collection of pointers to a dozen other documents is not a security

I am aware that this is not BGP which is a layer 3 switching protocol.
This is layer 2 but the same security concerns apply. The fact that we
have seen nation state actors use BGP injection attacks as tools of
war demonstrate that this is a real concern.

> In re-reading the Security Considerations section (thanks again for the review), I do believe there is an area of improvement: from RFC 5885, since these PWs specify single-hop adjacencies, the document ought to specify the use of GTSM for the IP/UDP encapsulations.
> I’ll be happy to add that in. Please let me know if you have any concerns with it.

For an infrastructure of this scale, the security architecture should
really be described in a separate document and at length.