Re: [Softwires] Alissa Cooper's Discuss on draft-ietf-softwire-yang-14: (with DISCUSS and COMMENT)
<mohamed.boucadair@orange.com> Fri, 11 January 2019 08:05 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D57FF128D09; Fri, 11 Jan 2019 00:05:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P4fkG3XwxP3l; Fri, 11 Jan 2019 00:05:23 -0800 (PST)
Received: from orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BC0612872C; Fri, 11 Jan 2019 00:05:23 -0800 (PST)
Received: from opfednr00.francetelecom.fr (unknown [xx.xx.xx.64]) by opfednr26.francetelecom.fr (ESMTP service) with ESMTP id 43bb5F4rn2z11Bq; Fri, 11 Jan 2019 09:05:21 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.60]) by opfednr00.francetelecom.fr (ESMTP service) with ESMTP id 43bb5F39W6zDq7k; Fri, 11 Jan 2019 09:05:21 +0100 (CET)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM7F.corporate.adroot.infra.ftgroup ([fe80::c1d7:e278:e357:11ad%19]) with mapi id 14.03.0415.000; Fri, 11 Jan 2019 09:05:21 +0100
From: mohamed.boucadair@orange.com
To: Alissa Cooper <alissa@cooperw.in>
CC: "draft-ietf-softwire-yang@ietf.org" <draft-ietf-softwire-yang@ietf.org>, Sheng Jiang <jiangsheng@huawei.com>, "softwire-chairs@ietf.org" <softwire-chairs@ietf.org>, "jiangsheng@huawei.com" <jiangsheng@huawei.com>, "softwires@ietf.org" <softwires@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: Alissa Cooper's Discuss on draft-ietf-softwire-yang-14: (with DISCUSS and COMMENT)
Thread-Index: AQHUp531nyQbZoe6gEijOUpzA5LYPKWptaPg
Date: Fri, 11 Jan 2019 08:05:20 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302E0648A6@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <154698499284.25490.17076347273662505510.idtracker@ietfa.amsl.com>
In-Reply-To: <154698499284.25490.17076347273662505510.idtracker@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.2]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/softwires/fdJ51VKQkSm8zXeZNvGhvUhobkY>
Subject: Re: [Softwires] Alissa Cooper's Discuss on draft-ietf-softwire-yang-14: (with DISCUSS and COMMENT)
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jan 2019 08:05:26 -0000
Hi Alissa, Please see inline. Cheers, Med > -----Message d'origine----- > De : Alissa Cooper [mailto:alissa@cooperw.in] > Envoyé : mardi 8 janvier 2019 23:03 > À : The IESG > Cc : draft-ietf-softwire-yang@ietf.org; Sheng Jiang; softwire- > chairs@ietf.org; jiangsheng@huawei.com; softwires@ietf.org > Objet : Alissa Cooper's Discuss on draft-ietf-softwire-yang-14: (with DISCUSS > and COMMENT) > > Alissa Cooper has entered the following ballot position for > draft-ietf-softwire-yang-14: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-softwire-yang/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > The security considerations do not seem to follow the YANG security > guidelines > <https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines>. They do not > list the specific writeable and readable subtrees/nodes and why they are > sensitive. The fact that all the writeable nodes could "negatively affect > network operations" seems trivially true for most writeable YANG module > nodes. > In the case of these modules, there seem to be multiple different threats > relevant to different nodes, including exposure of data about individual > users/customers, potential for disruption of the operations of the BR or CE, > etc. > [Med] This is fair. We can elaborate as follows: All data nodes defined in the YANG modules which can be created, modified, and deleted (i.e., config true, which is the default) are considered sensitive. Write operations (e.g., edit-config) applied to these data nodes without proper protection can negatively affect network operations. An attacker who is able to access the BR can undertake various attacks, such as: o Setting the value of 'br-ipv6-addr' on the CE to point to an illegitimate BR so that it can intercept all the traffic sent by a CE. Illegitimately intercepting users' traffic is an attack with severe implications on privacy. o Setting the MTU to a low value, which may increase the number of fragments ('softwire-payload-mtu'). o Disabling hairpinning (i.e., setting 'enable-hairpinning' to 'false') to prevent communications between CEs. o Setting 'softwire-num-max' to an arbitrary high value, which may be exploited by a misbehaving user to perform a DoS on the binding BR by mounting a massive number of softwires. o Setting 'icmpv4-rate' or 'icmpv6-rate' to a low value, which may lead to the deactivation of ICMP messages handling. o Accessing to privacy data maintained by the BR (e.g., the binding table or the algorithm configuration). Such data can be misused to track the activity of a host. o Instructing the BR to install entries which in turn will induce a DDoS attack by means of the notifications generated by the BR. This DDoS can be softened by defining a notification interval, but given that this interval parameter can be disabled or set to a low value by the misbehaving entity, the same problem will be observed. > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I think "external party" would make more sense than "abuse party." > [Med] This information is not revealed to every "external" party but only under some regulatory restrictions when an abuse is reported (check Section 13.1 of RFC6269). I changed the text to "a party victim of an abuse". Hope this is better.
- [Softwires] Alissa Cooper's Discuss on draft-ietf… Alissa Cooper
- Re: [Softwires] Alissa Cooper's Discuss on draft-… mohamed.boucadair