Re: [secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 26 April 2016 14:57 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE2FE12B00C; Tue, 26 Apr 2016 07:57:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jPyBRGEFuuKZ; Tue, 26 Apr 2016 07:57:23 -0700 (PDT)
Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD26312D17B; Tue, 26 Apr 2016 07:57:22 -0700 (PDT)
Received: by mail-lf0-x232.google.com with SMTP id u64so19091890lff.3; Tue, 26 Apr 2016 07:57:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-transfer-encoding; bh=SoxphWmurFxh98w87nRPXWijtCCHai6pzmXMOaEWBVE=; b=A7gpbLFyrCydTqvVSc2AIxOW0RDBwaVitMttZNuCaUZlwXIukZhPHZW/201K2vfBAv xwFFWWhLZ7MURLGNbn67MguIjRt8HwmRqo6ymc8grNaWHKHx5ywH5RdBAnn8oD+p8Efg ssR6HYzaNjAWqcmdlgLSWgQLnD/6habdOw75tVW8rxjEw9lRiP5qgrlDHnH/s7KTER5n DKQ9Ebt+y/+acK5f89RiH5CnRRBYT5iNlDjRYApZSwEiU/c5H5r8UtilWGTE5byRYsAr +Ctlkny4fUlHdocZI1EimffYWHISNPhWZTUOmjV8vPRS8wtOGhjqSNzTMpYMfmhVDo/j kN5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=SoxphWmurFxh98w87nRPXWijtCCHai6pzmXMOaEWBVE=; b=Ph5BIZL4cUpbmP9DUV+RXdMMhE1yrF49AyAteYUMFH5p6on7PQ1z42qX8lBHSCVaqF GcAHvjCdDBq8fldb/WBCqe8Nr5bgjPUHgvvb+3QSLCQsHnGhxg4w/osgMxs7sVl9xY8D h+vqZUn2TMxb02gdJDjedm3ZVm2R4IJeCg4ueVRN9/cwIZCkIbhp67PPnrpldeaNb7+X yqhUxMxVhbFJmuS3EiTj3/OJxiEN5ZTEmceDhBbbhuWc3S0rt14491Fc7gZbjsYnNorA 2FfyqbnUqHDWjk/7pG4HjHv24KrZmM5XDncrQKFYN69UGhoXZvYXS6IBUeEhf6d1hKhW +v+A==
X-Gm-Message-State: AOPr4FV7FsjgGQWlGxZv0tz2tDNlp05+cGlUWFYOMMMVzqd+gTrzyg+xxW2tlL8Xtp45kSH41XLe/fLqplGU/Q==
MIME-Version: 1.0
X-Received: by 10.25.83.10 with SMTP id h10mr1277140lfb.39.1461682641115; Tue, 26 Apr 2016 07:57:21 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.3.102 with HTTP; Tue, 26 Apr 2016 07:57:21 -0700 (PDT)
In-Reply-To: <01160F37-0C73-42CE-AA8C-A09F876080A8@cisco.com>
References: <CAMm+Lwho5C8JzQ92Nk4mQjjhwKG0gvus=xH5G0e6s9smEg=DNg@mail.gmail.com> <01160F37-0C73-42CE-AA8C-A09F876080A8@cisco.com>
Date: Tue, 26 Apr 2016 10:57:21 -0400
X-Google-Sender-Auth: UY_1pUfQ-z9fEAwIJntqteKRQ3M
Message-ID: <CAMm+Lwhtuopf_yhhyWPfY0mDoU8bwt4HMb0OywD_9c7g5W+K0Q@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/mUFokz20TRmYpjdiPpQa-mhVzgg>
Cc: "draft-ietf-pals-seamless-vccv.all@ietf.org" <draft-ietf-pals-seamless-vccv.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 14:57:25 -0000

On Tue, Apr 26, 2016 at 10:26 AM, Carlos Pignataro (cpignata)
<cpignata@cisco.com> wrote:
> Phillip,
>
> Many thanks for your review.
>
> As you rightly call out, this is indeed an incremental addition — I might add for emphasis a very incremental change.
>
> One point of clarification, however, is that this solution as defined does _not_ use BGP. The relevant control protocols’ security considerations are addressed in RFC 5085. This is not 'IPsec pixy-dust' — if you follow the pointers, you will get to the control connection (endpoint and message) security as well as protection for data plane spoofing.


With respect, I disagree.

A collection of pointers to a dozen other documents is not a security
architecture.

I am aware that this is not BGP which is a layer 3 switching protocol.
This is layer 2 but the same security concerns apply. The fact that we
have seen nation state actors use BGP injection attacks as tools of
war demonstrate that this is a real concern.


> In re-reading the Security Considerations section (thanks again for the review), I do believe there is an area of improvement: from RFC 5885, since these PWs specify single-hop adjacencies, the document ought to specify the use of GTSM for the IP/UDP encapsulations.
>
> I’ll be happy to add that in. Please let me know if you have any concerns with it.

For an infrastructure of this scale, the security architecture should
really be described in a separate document and at length.