Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-05
Lou Berger <lberger@labn.net> Mon, 16 March 2020 14:22 UTC
Return-Path: <lberger@labn.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49D0C3A090A for <secdir@ietfa.amsl.com>; Mon, 16 Mar 2020 07:22:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.361
X-Spam-Level:
X-Spam-Status: No, score=-3.361 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-1.463, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rnQ2PLheCmuk for <secdir@ietfa.amsl.com>; Mon, 16 Mar 2020 07:22:54 -0700 (PDT)
Received: from gproxy7-pub.mail.unifiedlayer.com (gproxy7-pub.mail.unifiedlayer.com [70.40.196.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C54E63A092D for <secdir@ietf.org>; Mon, 16 Mar 2020 07:22:54 -0700 (PDT)
Received: from cmgw11.unifiedlayer.com (unknown [10.9.0.11]) by gproxy7.mail.unifiedlayer.com (Postfix) with ESMTP id DF43E215DC0 for <secdir@ietf.org>; Mon, 16 Mar 2020 08:22:49 -0600 (MDT)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id DqdljsSfOVKjoDqdljQrGR; Mon, 16 Mar 2020 08:22:49 -0600
X-Authority-Reason: nr=8
X-Authority-Analysis: v=2.3 cv=dJyIZtRb c=1 sm=1 tr=0 a=h1BC+oY+fLhyFmnTBx92Jg==:117 a=h1BC+oY+fLhyFmnTBx92Jg==:17 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=xqWC_Br6kY4A:10:nop_ipv6 a=SS2py6AdgQ4A:10:nop_rcvd_month_year a=Vy_oeq2dmq0A:10:endurance_base64_authed_username_1 a=r77TgQKjGQsHNAKrUKIA:9 a=48vgC7mUAAAA:8 a=pGLkceISAAAA:8 a=wU2YTnxGAAAA:8 a=2oqSnHMV4Z3bUipraykA:9 a=J3Vv16-NA7Rc4M9S:21 a=HPhST2ZdynFQX3NX:21 a=QEXdDO2ut3YA:10:nop_charset_2 a=HOegm7vpLclc9V2hf2IA:9 a=YLQGlklLBOgM2PVj:21 a=FivuYDexwT57tvfO:21 a=NAb3cl6HliiaYlxJ:21 a=_W_S_7VecoQA:10:nop_html a=w1C3t2QeGrPiZgrLijVG:22 a=Yz9wTY_ffGCQnEDHKrcv:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From: References:Cc:To:Subject:Sender:Reply-To:Content-Transfer-Encoding:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=Sdi75d79EOVhit0V5q5ueIh1g7FIsqtlx3yAqUlVfVE=; b=2IlGwVzy++vTE/QrouUsUapy1Z y8yJQOM1HcYa9hLRGvTxf07w3GV6TBqqBMw7yDrSSfL3zB3sEznCZSmqCYZumf4dhz9k0/9pfFOch +qyREAbHncNF1JvN7ziuMT4oW;
Received: from [127.0.0.1] (port=35461 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <lberger@labn.net>) id 1jDqdl-003oLI-DK; Mon, 16 Mar 2020 08:22:49 -0600
To: Watson Ladd <watsonbladd@gmail.com>, Stewart Bryant <stewart.bryant@gmail.com>
Cc: Uri Blumenthal <uri@mit.edu>, draft-ietf-detnet-mpls.all@ietf.org, DetNet WG <detnet@ietf.org>, secdir <secdir@ietf.org>, rtg-ads@ietf.org, "<sec-ads@ietf.org>" <sec-ads@ietf.org>
References: <7A5A9066-7877-402A-9704-AD83AF4FD3D0@gmail.com> <E0A8CA63-8C58-4AFA-B213-76A7FD261833@mit.edu> <96BB26AA-3314-4E0A-98F3-4F2E93F1D9FF@gmail.com> <CACsn0cnCAo082hB4MK=dRTxbha1niGsSQ4-dW4_UvQ8bZ0TBLw@mail.gmail.com>
From: Lou Berger <lberger@labn.net>
Message-ID: <a8dfd766-7770-0baa-7ec7-bd844f769716@labn.net>
Date: Mon, 16 Mar 2020 10:22:48 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1
MIME-Version: 1.0
In-Reply-To: <CACsn0cnCAo082hB4MK=dRTxbha1niGsSQ4-dW4_UvQ8bZ0TBLw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------E8BAD5B8E6EDDB0992398FA9"
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 127.0.0.1
X-Source-L: Yes
X-Exim-ID: 1jDqdl-003oLI-DK
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([IPv6:::1]) [127.0.0.1]:35461
X-Source-Auth: lberger@labn.net
X-Email-Count: 10
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/tH_y4dbxihr8pzlG7S8EkwXiS-U>
Subject: Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2020 14:22:58 -0000
Watson, Uri, would a reference to https://tools.ietf.org/html/draft-ietf-detnet-security-08#section-7 help? note that Detnet operates/extends the IP and MPLS layers. It is not a service that rides on general IP or separate from the MPLS layers. Lou On 3/16/2020 10:18 AM, Watson Ladd wrote: > > > On Mon, Mar 16, 2020, 7:01 AM Stewart Bryant <stewart.bryant@gmail.com > <mailto:stewart.bryant@gmail.com>> wrote: > > The requirement is NOT for a draft to provide the security > analysis of all of all of the technologies that it calls up. It > is, I believe, to describe the deltas that apply to the new idea. > Anything else and the text would be a security analysis with a > short technology preamble. > > We are describing a technology that is overlaid on MPLS. We should > not need to describe the security model of MPLS, but instead > confine our remarks to issues that specifically apply to the > additional technology we are describing. > > > RFC 3552 requires that in a case such as this you explicitly describe > what the lower layer is providing to the top layer. RFC 3552 section 5 > also demands that attacks be enumerated and those out of scope be > called out. > > E.g "use TLS" isn't good enough and imho neither is "use MPLS". > > Again, the sentences in the security considerations as it stands are > about MPLS and Detnet, and they don't seem to come together. Are there > really no security considerations when putting the two together? Every > MPLS network will just work with Detnet on top, no matter how rushed > the deploy is? > > > Early in the document we call up RFC3031 and RFC3032, the > fundamental MPLS RFCs. They are in section 3.1 the first part of > the serious technical discussion. In my view these establish a > baseline of understand that the reader is expected to have. > > It is important to realise, as I have said before, that without > understanding that baseline the rest of the document is meaningless. > > Regards > > Stewart > > BTW > > It might be as well if you refrained from illustrating the lack of > professionalism that the security area applies to its reviews by > continuing with the flippancy. There is a serious point that needs > to be debated here about what assumptions are a given and what > assumptions need to be spelled out when modifying or layering a > technology. > > > > On 16 Mar 2020, at 12:22, Uri Blumenthal <uri@mit.edu > <mailto:uri@mit.edu>> wrote: > > > > IETF position (add fat as I remember) regarding RFCs has been > that RFCs should provide with everything information for a > reasonable developer to implement correctly and securely the > standard they define, and provide enough information for the > person who will deploy a compliant implementation to do that > correctly and securely. > > > > One purpose of Security Review is to ensure that a person > doesn't have to be an expert in the field to deal with the > proposed document. > > > > In a flippant way, if using your stuff is requires special > classes - perhaps it belongs to a book rather than an RFC. > > > > In a non-flippant way - what's the problem in mentioning the > issues and providing the appropriate references? A "normal" RFC > cannot be self-contained, but it's unreasonable to epect a reader > to just "know" where all the omitted things are described. > > > >> On Mar 16, 2020, at 06:33, Stewart Bryant > <stewart.bryant@gmail.com <mailto:stewart.bryant@gmail.com>> wrote: > >> > >> Uri, > >> > >> That is a ridiculous position, and you flippancy demonstrates that. > >> > >> This technology fundamentally rests on MPLS and it is > reasonable that the reader of this RFC will understand MPLS and > the security model it uses before they implement or deploy it. > Indeed I cannot think of any implementor or operator that would > not already have that knowledge before taking on the task of > building or running DN over MPLS. > >> > >> If SecDir reviews are to retain any credibility as expert > reviews as opposed to Genart random reader reviews they have to be > carried out with shared knowledge of both the security area and > the draft’s host area. > >> > >> I have been thinking for some time that there needs to be a > fundamental review of the security review process. > >> > >> Stewart > >> > >>> On 15 Mar 2020, at 22:44, Uri Blumenthal <uri@mit.edu > <mailto:uri@mit.edu>> wrote: > >>> > >>> I say yes - unless you expect a person who wants just one RFC > to have to read every cr^h^h stuff that came out of the routing area. > >>> > >>> "Just do it" > >>> > >>> > >>>>> On Mar 15, 2020, at 17:39, Lou Berger <lberger@labn.net > <mailto:lberger@labn.net>> wrote: > >>>> > >>>> > >>>>> On 3/15/2020 5:22 PM, Watson Ladd wrote: > >>>>>> On Sun, Mar 15, 2020 at 2:14 PM Lou Berger > <lberger@labn.net <mailto:lberger@labn.net>> wrote: > >>>>>> Hi Watson, > >>>>>> > >>>>>> I think Stewart's response really covers the main points. > DetNet is > >>>>>> really just MPLS (and IP) with some specific forwarding > behaviors and > >>>>>> queuing. The only thing I'd add, is I see DetNet in > general as a > >>>>>> specific form of policy based routing. (The general form of > which is > >>>>>> pretty much as old as IP). > >>>>> Then Stewart can put those points in the security considerations > >>>>> section. What's the disadvantage of doing so? > >>>> > >>>> At one level, it would be easiest for the authors to just put > these in. On the other hand, this would mean that every RFC > produced in the routing area will acquire similar notes, e.g., > routing protocols are currently built with a chain of trust > model. Is this what the sec-dir really is asking the routing area > to do? > >>>> > >>>> ADs, > >>>> > >>>> any opinion on this? (for context, Stewart's response > can be found at: > https://mailarchive.ietf.org/arch/msg/detnet/-epL5Fb6bFIUltMrjH53C2316ZA/) > >>>> > >>>> Thanks, > >>>> > >>>> Lou > >>>> > >>>>>> Lou > >>>>>> > >>>>>> On 3/12/2020 9:35 PM, Watson Ladd wrote: > >>>>>>> On Thu, Mar 12, 2020 at 4:07 AM Lou Berger > <lberger@labn.net <mailto:lberger@labn.net>> wrote: > >>>>>>>> Watson, > >>>>>>>> > >>>>>>>> Can you provide context here? Can you be explicit on what > you see needs to > >>>>>>>> be addressed (beyond what is in this document as well as > related rfcs)? > >>>>>>> You have to talk about how the layers interact, and can't > just say the > >>>>>>> lower level handles anything without any guide as to what > needs to be > >>>>>>> provided by that lower layer. > >>>>>>> > >>>>>>> I think my concerns about the assumptions this could be > fixed by > >>>>>>> saying. "All nodes are trusted and any of them can > misbehave in ways > >>>>>>> that affect the network. If the MPLS layer cannot provide > sufficient > >>>>>>> determinism, then the DetNet mechanisms won't work". I > agree we > >>>>>>> shoudn't require an entire massive security framework to > be quoted > >>>>>>> again here, but there must be some details of this > embedding that are > >>>>>>> worth noting, and yet I don't see them called out in the > security > >>>>>>> considerations section. > >>>>>>> > >>>>>>> Are there really no specific concerns about the > interaction between > >>>>>>> DetNet and MPLS? > >>>>>>> > >>>>>>>> Thank you, > >>>>>>>> Lou > >>>>>>>> > >>>>>>>> > >>>>>>>> ---------- > >>>>>>>> On March 11, 2020 10:30:27 PM Watson Ladd > <watsonbladd@gmail.com <mailto:watsonbladd@gmail.com>> wrote: > >>>>>>>> > >>>>>>>>> I don't see any reason why RFC 3552's guidelines > shoudn't apply to this draft. > >>>>>>>>> > >>>>>>>>> If there is a MPLS exception I'd like to see the rules > that should be applied. > >>>>>>>>> > >>>>>>>>> As is I don't see any reason why the assumptions can't > be explicitly > >>>>>>>>> spelled out, either in the Security Considerations or > elsewhere. > >>>>>>>>> > >>>>>>>>> _______________________________________________ > >>>>>>>>> detnet mailing list > >>>>>>>>> detnet@ietf.org <mailto:detnet@ietf.org> > >>>>>>>>> https://www.ietf.org/mailman/listinfo/detnet > >>>>>>>>> > >>>>> > >>>>> > >>>> > >>>> _______________________________________________ > >>>> secdir mailing list > >>>> secdir@ietf.org <mailto:secdir@ietf.org> > >>>> https://www.ietf.org/mailman/listinfo/secdir > >>>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview > >> >
- [secdir] Secdir last call review of draft-ietf-de… Watson Ladd via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Stewart Bryant
- Re: [secdir] Secdir last call review of draft-iet… Watson Ladd
- Re: [secdir] Secdir last call review of draft-iet… Stewart Bryant
- Re: [secdir] Secdir last call review of draft-iet… Watson Ladd
- Re: [secdir] Secdir last call review of draft-iet… Stewart Bryant
- Re: [secdir] [Detnet] Secdir last call review of … Lou Berger
- Re: [secdir] [Detnet] Secdir last call review of … Watson Ladd
- Re: [secdir] [Detnet] Secdir last call review of … Stewart Bryant
- Re: [secdir] [Detnet] Secdir last call review of … Uri Blumenthal
- Re: [secdir] [Detnet] Secdir last call review of … Lou Berger
- Re: [secdir] [Detnet] Secdir last call review of … Watson Ladd
- Re: [secdir] [Detnet] Secdir last call review of … Lou Berger
- Re: [secdir] [Detnet] Secdir last call review of … Uri Blumenthal
- Re: [secdir] [Detnet] Secdir last call review of … Stewart Bryant
- Re: [secdir] [Detnet] Secdir last call review of … Lou Berger
- Re: [secdir] [Detnet] Secdir last call review of … Uri Blumenthal
- Re: [secdir] [Detnet] Secdir last call review of … Stewart Bryant
- Re: [secdir] [Detnet] Secdir last call review of … Watson Ladd
- Re: [secdir] [Detnet] Secdir last call review of … Lou Berger
- Re: [secdir] [Detnet] Secdir last call review of … Stewart Bryant
- Re: [secdir] [Detnet] Secdir last call review of … Uri Blumenthal
- Re: [secdir] [Detnet] Secdir last call review of … Lou Berger
- Re: [secdir] [Detnet] Secdir last call review of … Uri Blumenthal
- Re: [secdir] [Detnet] Secdir last call review of … Lou Berger
- Re: [secdir] [Detnet] Secdir last call review of … Black, David
- Re: [secdir] [Detnet] Secdir last call review of … Uri Blumenthal