IETF Logo Mail Archive

Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-05

Lou Berger <lberger@labn.net> Mon, 16 March 2020 14:22 UTC

Return-Path: <lberger@labn.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49D0C3A090A for <secdir@ietfa.amsl.com>; Mon, 16 Mar 2020 07:22:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.361
X-Spam-Level:
X-Spam-Status: No, score=-3.361 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-1.463, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rnQ2PLheCmuk for <secdir@ietfa.amsl.com>; Mon, 16 Mar 2020 07:22:54 -0700 (PDT)
Received: from gproxy7-pub.mail.unifiedlayer.com (gproxy7-pub.mail.unifiedlayer.com [70.40.196.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C54E63A092D for <secdir@ietf.org>; Mon, 16 Mar 2020 07:22:54 -0700 (PDT)
Received: from cmgw11.unifiedlayer.com (unknown [10.9.0.11]) by gproxy7.mail.unifiedlayer.com (Postfix) with ESMTP id DF43E215DC0 for <secdir@ietf.org>; Mon, 16 Mar 2020 08:22:49 -0600 (MDT)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id DqdljsSfOVKjoDqdljQrGR; Mon, 16 Mar 2020 08:22:49 -0600
X-Authority-Reason: nr=8
X-Authority-Analysis: v=2.3 cv=dJyIZtRb c=1 sm=1 tr=0 a=h1BC+oY+fLhyFmnTBx92Jg==:117 a=h1BC+oY+fLhyFmnTBx92Jg==:17 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=xqWC_Br6kY4A:10:nop_ipv6 a=SS2py6AdgQ4A:10:nop_rcvd_month_year a=Vy_oeq2dmq0A:10:endurance_base64_authed_username_1 a=r77TgQKjGQsHNAKrUKIA:9 a=48vgC7mUAAAA:8 a=pGLkceISAAAA:8 a=wU2YTnxGAAAA:8 a=2oqSnHMV4Z3bUipraykA:9 a=J3Vv16-NA7Rc4M9S:21 a=HPhST2ZdynFQX3NX:21 a=QEXdDO2ut3YA:10:nop_charset_2 a=HOegm7vpLclc9V2hf2IA:9 a=YLQGlklLBOgM2PVj:21 a=FivuYDexwT57tvfO:21 a=NAb3cl6HliiaYlxJ:21 a=_W_S_7VecoQA:10:nop_html a=w1C3t2QeGrPiZgrLijVG:22 a=Yz9wTY_ffGCQnEDHKrcv:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From: References:Cc:To:Subject:Sender:Reply-To:Content-Transfer-Encoding:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=Sdi75d79EOVhit0V5q5ueIh1g7FIsqtlx3yAqUlVfVE=; b=2IlGwVzy++vTE/QrouUsUapy1Z y8yJQOM1HcYa9hLRGvTxf07w3GV6TBqqBMw7yDrSSfL3zB3sEznCZSmqCYZumf4dhz9k0/9pfFOch +qyREAbHncNF1JvN7ziuMT4oW;
Received: from [127.0.0.1] (port=35461 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <lberger@labn.net>) id 1jDqdl-003oLI-DK; Mon, 16 Mar 2020 08:22:49 -0600
To: Watson Ladd <watsonbladd@gmail.com>, Stewart Bryant <stewart.bryant@gmail.com>
Cc: Uri Blumenthal <uri@mit.edu>, draft-ietf-detnet-mpls.all@ietf.org, DetNet WG <detnet@ietf.org>, secdir <secdir@ietf.org>, rtg-ads@ietf.org, "<sec-ads@ietf.org>" <sec-ads@ietf.org>
References: <7A5A9066-7877-402A-9704-AD83AF4FD3D0@gmail.com> <E0A8CA63-8C58-4AFA-B213-76A7FD261833@mit.edu> <96BB26AA-3314-4E0A-98F3-4F2E93F1D9FF@gmail.com> <CACsn0cnCAo082hB4MK=dRTxbha1niGsSQ4-dW4_UvQ8bZ0TBLw@mail.gmail.com>
From: Lou Berger <lberger@labn.net>
Message-ID: <a8dfd766-7770-0baa-7ec7-bd844f769716@labn.net>
Date: Mon, 16 Mar 2020 10:22:48 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1
MIME-Version: 1.0
In-Reply-To: <CACsn0cnCAo082hB4MK=dRTxbha1niGsSQ4-dW4_UvQ8bZ0TBLw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------E8BAD5B8E6EDDB0992398FA9"
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 127.0.0.1
X-Source-L: Yes
X-Exim-ID: 1jDqdl-003oLI-DK
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([IPv6:::1]) [127.0.0.1]:35461
X-Source-Auth: lberger@labn.net
X-Email-Count: 10
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/tH_y4dbxihr8pzlG7S8EkwXiS-U>
Subject: Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2020 14:22:58 -0000

Watson, Uri,

would a reference to 
https://tools.ietf.org/html/draft-ietf-detnet-security-08#section-7 
help? note that Detnet operates/extends the IP and MPLS layers. It is 
not a service that rides on general IP or separate from the MPLS layers.

Lou

On 3/16/2020 10:18 AM, Watson Ladd wrote:
>
>
> On Mon, Mar 16, 2020, 7:01 AM Stewart Bryant <stewart.bryant@gmail.com 
> <mailto:stewart.bryant@gmail.com>> wrote:
>
>     The requirement is NOT for a draft to provide the security
>     analysis of all of all of the technologies that it calls up. It
>     is, I believe, to describe the deltas that apply to the new idea.
>     Anything else and the text would be a security analysis with a
>     short technology preamble.
>
>     We are describing a technology that is overlaid on MPLS. We should
>     not need to describe the security model of MPLS,  but instead
>     confine our remarks to issues that specifically apply to the
>     additional technology we are describing.
>
>
> RFC 3552 requires that in a case such as this you explicitly describe 
> what the lower layer is providing to the top layer. RFC 3552 section 5 
> also demands that attacks be enumerated and those out of scope be 
> called out.
>
> E.g "use TLS" isn't good enough and imho neither is "use MPLS".
>
> Again, the sentences in the security considerations as it stands are 
> about MPLS and Detnet, and they don't seem to come together. Are there 
> really no security considerations when putting the two together? Every 
> MPLS network will just work with Detnet on top, no matter how rushed 
> the deploy is?
>
>
>     Early in the document we call up RFC3031 and RFC3032, the
>     fundamental MPLS RFCs. They are in section 3.1 the first part of
>     the serious technical discussion. In my view these establish a
>     baseline of understand that the reader is expected to have.
>
>     It is important to realise, as I have said before, that without
>     understanding that baseline the rest of the document is meaningless.
>
>     Regards
>
>     Stewart
>
>     BTW
>
>     It might be as well if you refrained from illustrating the lack of
>     professionalism that the security area applies to its reviews by
>     continuing with the flippancy. There is a serious point that needs
>     to be debated here about what assumptions are a given and what
>     assumptions need to be spelled out when modifying or layering a
>     technology.
>
>
>     > On 16 Mar 2020, at 12:22, Uri Blumenthal <uri@mit.edu
>     <mailto:uri@mit.edu>> wrote:
>     >
>     > IETF position (add fat as I remember) regarding RFCs has been
>     that RFCs should provide with everything information for a
>     reasonable developer to implement correctly and securely the
>     standard they define, and provide enough information for the
>     person who will deploy a compliant implementation to do that
>     correctly and securely.
>     >
>     > One purpose of Security Review is to ensure that a person
>     doesn't have to be an expert in the field to deal with the
>     proposed document.
>     >
>     > In a flippant way, if using your stuff is requires special
>     classes - perhaps it belongs to a book rather than an RFC.
>     >
>     > In a non-flippant way - what's the problem in mentioning the
>     issues and providing the appropriate references? A "normal" RFC
>     cannot be self-contained, but it's unreasonable to epect a reader
>     to just "know" where all the omitted things are described.
>     >
>     >> On Mar 16, 2020, at 06:33, Stewart Bryant
>     <stewart.bryant@gmail.com <mailto:stewart.bryant@gmail.com>> wrote:
>     >>
>     >> Uri,
>     >>
>     >> That is a ridiculous position, and you flippancy demonstrates that.
>     >>
>     >> This technology fundamentally rests on MPLS and it is
>     reasonable that the reader of this RFC will understand MPLS and
>     the security model it uses before they implement or deploy it.
>     Indeed I cannot think of any implementor or operator that would
>     not already have that knowledge before taking on the task of
>     building or running DN over MPLS.
>     >>
>     >> If SecDir reviews are to retain any credibility as expert
>     reviews as opposed to Genart random reader reviews they have to be
>     carried out with shared knowledge of both the security area and
>     the draft’s host area.
>     >>
>     >> I have been thinking for some time that there needs to be a
>     fundamental review of the security review process.
>     >>
>     >> Stewart
>     >>
>     >>> On 15 Mar 2020, at 22:44, Uri Blumenthal <uri@mit.edu
>     <mailto:uri@mit.edu>> wrote:
>     >>>
>     >>> I say yes - unless you expect a person who wants just one RFC
>     to have to read every cr^h^h stuff that came out of the routing area.
>     >>>
>     >>> "Just do it"
>     >>>
>     >>>
>     >>>>> On Mar 15, 2020, at 17:39, Lou Berger <lberger@labn.net
>     <mailto:lberger@labn.net>> wrote:
>     >>>>
>     >>>> 
>     >>>>> On 3/15/2020 5:22 PM, Watson Ladd wrote:
>     >>>>>> On Sun, Mar 15, 2020 at 2:14 PM Lou Berger
>     <lberger@labn.net <mailto:lberger@labn.net>> wrote:
>     >>>>>> Hi Watson,
>     >>>>>>
>     >>>>>>   I think Stewart's response really covers the main points.
>     DetNet is
>     >>>>>> really just MPLS (and IP) with some specific forwarding
>     behaviors and
>     >>>>>> queuing.  The only thing I'd add, is I see DetNet in
>     general as a
>     >>>>>> specific form of policy based routing. (The general form of
>     which is
>     >>>>>> pretty much as old as IP).
>     >>>>> Then Stewart can put those points in the security considerations
>     >>>>> section. What's the disadvantage of doing so?
>     >>>>
>     >>>> At one level, it would be easiest for the authors to just put
>     these in.  On the other hand, this would mean that every RFC
>     produced in the routing area will acquire similar notes, e.g.,
>     routing protocols are currently built with a chain of trust
>     model.  Is this what the sec-dir really is asking the routing area
>     to do?
>     >>>>
>     >>>> ADs,
>     >>>>
>     >>>>  any opinion on this?     (for context, Stewart's response
>     can be found at:
>     https://mailarchive.ietf.org/arch/msg/detnet/-epL5Fb6bFIUltMrjH53C2316ZA/)
>     >>>>
>     >>>> Thanks,
>     >>>>
>     >>>> Lou
>     >>>>
>     >>>>>> Lou
>     >>>>>>
>     >>>>>> On 3/12/2020 9:35 PM, Watson Ladd wrote:
>     >>>>>>> On Thu, Mar 12, 2020 at 4:07 AM Lou Berger
>     <lberger@labn.net <mailto:lberger@labn.net>> wrote:
>     >>>>>>>> Watson,
>     >>>>>>>>
>     >>>>>>>> Can you provide context here? Can you be explicit on what
>     you see needs to
>     >>>>>>>> be addressed (beyond what is in this document as well as
>     related rfcs)?
>     >>>>>>> You have to talk about how the layers interact, and can't
>     just say the
>     >>>>>>> lower level handles anything without any guide as to what
>     needs to be
>     >>>>>>> provided by that lower layer.
>     >>>>>>>
>     >>>>>>> I think my concerns about the assumptions this could be
>     fixed by
>     >>>>>>> saying. "All nodes are trusted and any of them can
>     misbehave in ways
>     >>>>>>> that affect the network.  If the MPLS layer cannot provide
>     sufficient
>     >>>>>>> determinism, then the DetNet mechanisms won't work".  I
>     agree we
>     >>>>>>> shoudn't require an entire massive security framework to
>     be quoted
>     >>>>>>> again here, but there must be some details of this
>     embedding that are
>     >>>>>>> worth noting, and yet I don't see them called out in the
>     security
>     >>>>>>> considerations section.
>     >>>>>>>
>     >>>>>>> Are there really no specific concerns about the
>     interaction between
>     >>>>>>> DetNet and MPLS?
>     >>>>>>>
>     >>>>>>>> Thank you,
>     >>>>>>>> Lou
>     >>>>>>>>
>     >>>>>>>>
>     >>>>>>>> ----------
>     >>>>>>>> On March 11, 2020 10:30:27 PM Watson Ladd
>     <watsonbladd@gmail.com <mailto:watsonbladd@gmail.com>> wrote:
>     >>>>>>>>
>     >>>>>>>>> I don't see any reason why RFC 3552's guidelines
>     shoudn't apply to this draft.
>     >>>>>>>>>
>     >>>>>>>>> If there is a MPLS exception I'd like to see the rules
>     that should be applied.
>     >>>>>>>>>
>     >>>>>>>>> As is I don't see any reason why the assumptions can't
>     be explicitly
>     >>>>>>>>> spelled out, either in the Security Considerations or
>     elsewhere.
>     >>>>>>>>>
>     >>>>>>>>> _______________________________________________
>     >>>>>>>>> detnet mailing list
>     >>>>>>>>> detnet@ietf.org <mailto:detnet@ietf.org>
>     >>>>>>>>> https://www.ietf.org/mailman/listinfo/detnet
>     >>>>>>>>>
>     >>>>>
>     >>>>>
>     >>>>
>     >>>> _______________________________________________
>     >>>> secdir mailing list
>     >>>> secdir@ietf.org <mailto:secdir@ietf.org>
>     >>>> https://www.ietf.org/mailman/listinfo/secdir
>     >>>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>     >>
>

v2.23.0 | Report a Bug | By Email