Re: [secdir] SECDIR review of draft-ietf-lisp-crypto-07

Dino Farinacci <farinacci@gmail.com> Wed, 28 September 2016 01:29 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2BEA12B04E; Tue, 27 Sep 2016 18:29:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IVbTQz34jL4y; Tue, 27 Sep 2016 18:28:58 -0700 (PDT)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF66612B3A9; Tue, 27 Sep 2016 18:28:58 -0700 (PDT)
Received: by mail-pa0-x22a.google.com with SMTP id oz2so10943216pac.2; Tue, 27 Sep 2016 18:28:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8GZEn0+3+5vypED0i4+frqEI8hSy/D7bLzQAS43PRzI=; b=eB7UEnlVTh91ywOiI47LQyWT3ITY67WM61Cwh3OBnaISWWeJ15XFyK7Epta4IpINaQ 8b8KuXhIx70DwkLD4DWA3FLsu2srWkbHQTPhW8MSl7TMGlAEQMeWDdqwwzXz7yulzI/3 CRVmJNsv9kV7HzZo5Ey3f/RDLKIpgP7F/DRbWh/JJAIj/mWDApjn+SilcZSRy759I76G hvipKxbATg2kDK5x66e2pCm6BFvaOmWUujSv5JwSG0NeGks+vIOj3orJqsUrNymUyfi7 t4idlBB79q/ugg/oFQ6ue8+fAk7MjXeQzrhtmwgbueyLfp8hoAYlcEquI5zyup6tBnxW kyMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8GZEn0+3+5vypED0i4+frqEI8hSy/D7bLzQAS43PRzI=; b=VfK1FZXufN5IJjuklbDbNqJpU2WRLFWTf3pxSRpu0rkSN5jnIgBjWiFYqpyWseQjVU 5BkKhFV/ty/EEn1QJBbGnja4JRpp1ZPIi1zoWHJfTvCITsai6dcugEOY4ARB6J8rHe+D iQ7EdpEi55/4q9vEEPhgb+gRdxbg2zCCiPvdz5yGfu7A9qY60JsJXgyOpdVQkBQlchTp mUBPnICgs12joMqp0Gd0qcOC/hb37vWIkQ3qjUko0uf0u2gfDs/QUlWN5kW6uwdeXCUA DKk+EROa8fqKadKFuupikTNacfMzpRtA41mtg040PpRRo35TzQEmBDE4ezETcyQA2aoj MDrQ==
X-Gm-Message-State: AE9vXwMnJ8Mb8KkMl+qwEMcyWpl0ILraknjb5gDl/S9W+ZJgghqWK607An9NBlhFlHFOVg==
X-Received: by 10.66.131.74 with SMTP id ok10mr52353748pab.126.1475026138368; Tue, 27 Sep 2016 18:28:58 -0700 (PDT)
Received: from dino-macbook.wp.comcast.net (173-8-188-29-SFBA.hfc.comcastbusiness.net. [173.8.188.29]) by smtp.gmail.com with ESMTPSA id i4sm7589054pav.27.2016.09.27.18.28.57 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 27 Sep 2016 18:28:57 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <57EB1C33.60000@gmail.com>
Date: Tue, 27 Sep 2016 18:28:56 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <FF20FC80-A83A-4621-BF0B-8C11273B482A@gmail.com>
References: <57E68FB7.10408@gmail.com> <57E690AD.2030207@gmail.com> <65A320B3-F8AD-461B-8F4B-1EF029E538DD@gmail.com> <57E87980.2050209@gmail.com> <7345DDFF-0D4F-4F47-87D1-56459ED94D2A@cisco.com> <067010BC-5EE7-46AF-B06F-B227BEE9A565@gmail.com> <57E95D87.4090104@gmail.com> <57EB1C33.60000@gmail.com>
To: Chris Lonvick <lonvick.ietf@gmail.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/otEr3-NrZUW13mNsmqqszvR2RAA>
Cc: "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-lisp-crypto.all@ietf.org" <draft-ietf-lisp-crypto.all@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] SECDIR review of draft-ietf-lisp-crypto-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2016 01:29:01 -0000

Thanks. I will post -08. Thanks.

Dino

> On Sep 27, 2016, at 6:26 PM, Chris Lonvick <lonvick.ietf@gmail.com> wrote:
> 
> Resending - Looks like Dino didn't get this.
> 
> Best regards,
> Chris
> 
> On 9/26/16 12:40 PM, Chris Lonvick wrote:
>> Hi Dino and Brian,
>> 
>> Yup - all looks good. I didn't mean to push too much on the point because I figured that it wasn't needed or wanted for being an experimental document. Good luck with it.
>> 
>> Best regards,
>> Chris
>> 
>> On 9/26/16 11:47 AM, Dino Farinacci wrote:
>>> Chris, if you are fine with Brian’s response, I can post the -08. Please ack. Thanks.
>>> 
>>> Dino
>>> 
>>>> On Sep 25, 2016, at 8:11 PM, Brian Weis (bew) <bew@cisco.com> wrote:
>>>> 
>>>> Hi Chris,
>>>> 
>>>> Thanks for the review. I’ve added one comment below.
>>>> 
>>>>> On Sep 25, 2016, at 6:27 PM, Chris Lonvick <lonvick.ietf@gmail.com> wrote:
>>>>> 
>>>>> Hi Dino,
>>>>> 
>>>>> On 9/25/16 4:37 PM, Dino Farinacci wrote:
>>>>>>>> I don't follow LISP so I'm not sure if there is an actual mechanism for a device receiving a map request packet to decline an offered cipher suite. If there is, I didn't see it explained in the
>>>>>> Yes, there is. If the Map-Reply this is returned contains no Security LCAF that means to the ITR that it either needs to go unencrypted encapsulating packets to the ETR or try another cipher text.
>>>>>> 
>>>>>>>>>> draft. You should address this in a future draft. This will be needed for when new cipher suites are
>>>>>> Understand the need. We intentionally wanted to support this.
>>>>>> 
>>>>>>>>>> added and a receiving device does not have the capability to handle the new cipher suite, or the case where an old cipher suite has been administratively disabled; like if it's been compromised and shouldn't be used. There are several ways to do this.
>>>>>> We have this in section x of the draft. Is it not sufficient?
>>>>>> 
>>>>>>   If an ITR, PITR, or RTR sends a Map-Request with the Security Type
>>>>>>   LCAF included and the ETR or RTR does not want to have encapsulated
>>>>>>   traffic encrypted, they will return a Map-Reply with no RLOC records
>>>>>>   encoded with the Security Type LCAF.  This signals to the ITR, PITR
>>>>>>   or RTR not to encrypt traffic (it cannot encrypt traffic anyways
>>>>>>   since no ETR public-key was returned).
>>>>>> 
>>>>> That text just says that if the cipher suite is declined then there will be no encryption. I was interpreting that to mean that the receiver just isn't going to accept any attempt at encryption. If it's just meant to be for that particular cipher suit then you'll need to add a line to that paragraph to say that the ITR, PITR, or RTR can attempt a different cipher suite if it is administratively configured to do so. However, that could get to be very inefficient if the ITR has to make 6 attempts before understanding that the ETR just isn't going to accept any encryption request - if it's so configured, or if it just doesn't support the feature whatsoever. So even if you allow the sender to make offer after offer, it would still be a good idea to have a way for the receiver to entirely decline encrypting packets from the sender.
>>>>> 
>>>>> But, with all that being said, I'm figuring that we're getting outside the intent of your experimental specification. When you do get around to getting this onto a standards track, then you should make some decisions around how to convey capabilities between the sender and receiver so they can quickly and efficiently figure out what's going to work, or if it's just not, rather than making one offer after another. TLS and SSH have ways for a sender to offer a list from which the receiver can choose, if you're looking for examples. Another way is for the sender to proffer a version number which is associated with a select group of capabilities. From that, the receiver can make a choice, or efficiently decline all.
>>>> Thanks for the suggestions. In this effort we were intentionally avoiding the complexities and added security analysis requirements of a multiple round-trip method capabilities negotiation such as TLS. But maybe a capabilities declaration more along the lines of the version number you suggest might be appropriate.  I agree that at such time as the protocol was prepared for standards-track that this would be important to add.
>>>> 
>>>> Thanks,
>>>> Brian
>>>> 
>>>>> Best regards,
>>>>> Chris
>>>> -- 
>>>> Brian Weis
>>>> Security, CSG, Cisco Systems
>>>> Telephone: +1 408 526 4796
>>>> Email: bew@cisco.com
>>>> 
>> 
>