Re: [Teas] Roman Danyliw's No Objection on draft-ietf-teas-rfc3272bis-26: (with COMMENT)
Adrian Farrel <adrian@olddog.co.uk> Sat, 05 August 2023 15:43 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFB54C151709; Sat, 5 Aug 2023 08:43:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=olddog.co.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YENiaPHlP_CH; Sat, 5 Aug 2023 08:43:35 -0700 (PDT)
Received: from mta6.iomartmail.com (mta6.iomartmail.com [62.128.193.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F2E8C151701; Sat, 5 Aug 2023 08:43:32 -0700 (PDT)
Received: from vs1.iomartmail.com (vs1.iomartmail.com [10.12.10.121]) by mta6.iomartmail.com (8.14.7/8.14.7) with ESMTP id 375FhOnN031081; Sat, 5 Aug 2023 16:43:24 +0100
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 213F94604B; Sat, 5 Aug 2023 16:43:24 +0100 (BST)
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 143A74603D; Sat, 5 Aug 2023 16:43:24 +0100 (BST)
Received: from asmtp1.iomartmail.com (unknown [10.12.10.248]) by vs1.iomartmail.com (Postfix) with ESMTPS; Sat, 5 Aug 2023 16:43:24 +0100 (BST)
Received: from LAPTOPK7AS653V (82-69-109-75.dsl.in-addr.zen.co.uk [82.69.109.75]) (authenticated bits=0) by asmtp1.iomartmail.com (8.14.7/8.14.7) with ESMTP id 375FhNFY025252 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 5 Aug 2023 16:43:23 +0100
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Roman Danyliw' <rdd@cert.org>, 'The IESG' <iesg@ietf.org>
Cc: draft-ietf-teas-rfc3272bis@ietf.org, teas-chairs@ietf.org, teas@ietf.org, vishnupavan@gmail.com
References: <169117478716.3141.3054966488138918502@ietfa.amsl.com>
In-Reply-To: <169117478716.3141.3054966488138918502@ietfa.amsl.com>
Date: Sat, 05 Aug 2023 16:43:23 +0100
Organization: Old Dog Consulting
Message-ID: <089001d9c7b3$9166ff20$b434fd60$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-gb
Thread-Index: AQHEnnsyJXTKvaHp7UWwRzxg3ManUbAGGodQ
X-Originating-IP: 82.69.109.75
X-Thinkmail-Auth: adrian@olddog.co.uk
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=olddog.co.uk; h=reply-to :from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding; s= 20221128; bh=DR3+xTl7nAiJr7XYH18hvwzR/C3NLrrjETYsFcrhpyg=; b=xYt fDxu2uObzWm1z/aDfXNXPN3NmU89wIoAE+Hudh9i28SYFo3q54abqMIRDrbF9jsF WeNir2FQp2TwzRFMrbcWRGx46XVNq7ln+s5XNIPz7/9SP2WvNqNIvEomP4verGnW cug0nljxTt35rHn2EQz3krR8twB4o8HkR1wXzi/rQM6geBWpvEHLjmF6c9G5W+M/ aEL24O+Mgb6RF1X5O5PSGav7e56N/LMrPOiUgJpSf/XB1D5u2ng9VTNRKYNA1n8w b8OD56qp0JtCAgyvuhlkSphZIScQXQ8Es0NVOdG9SDOAChMwUKOyI+bL2Ds8j39d 42s5zDlPfh71VI6+oHg==
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.1.0.2090-9.0.0.1002-27796.000
X-TM-AS-Result: No--30.484-10.0-31-10
X-imss-scan-details: No--30.484-10.0-31-10
X-TMASE-Version: IMSVA-9.1.0.2090-9.0.1002-27796.000
X-TMASE-Result: 10--30.483500-10.000000
X-TMASE-MatchedRID: nI1cAR4k0HbxIbpQ8BhdbI61Z+HJnvsOld00Q5SO0q6qvcIF1TcLYIm1 wlKhvEmZuUxcEq68iwO5eMkBKO2wFSgIRu43KG4Gp03gL9TF2vl2ZYwNBqM6Il33rgHQQnWVLTG DCL0S9R6QnGA/f/I27cvQ7sDW3erhU157OKMuiZaeuwQMMC+SOoReuqEmBUhJoxXCk5AyPYz1Ul Qu7mFfBAx/sJ74sgV2q9DSzQkDfmriATtmJziXs2nmCQLJ/HnwyptxwteXfPuOLE91R5kpxA/gN 7zduuYXgLSfrGCOKzmX5elY1kHwDxSHrTqtvqVQR+GtoiXVeDGc0xEjtkduy1AoBBK61Bhc6vgG XH58YsP96ufhWIk5JYPbw023vELI2BIRRxPqiXrhPQQVFw3HFE0s9CXRACW0EoljK8aaOikX/+k csAMxxoNUSWY8zjzyq3OhtGV1CzyyMnt33Q/3Dob9ftid8kBcCCdq6k3LmHYDAeCCKceBbFfLlZ GunaSj/C9BavBEoUamY6ufFcodCbr7DKkNIEHAgxTiQe5eX8w+wYb6RCy8qGLzzjLJ8mLxWkMak m93hVgYEieWg2RDan41niV9Kymzv1l2Uvx6idpGONWF/6P/CotkBWmEtb9tKrauXd3MZDUD/dHy T/Xh7Q==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/RCXYTmt_w_fhm8xPy2S51Si3GRc>
Subject: Re: [Teas] Roman Danyliw's No Objection on draft-ietf-teas-rfc3272bis-26: (with COMMENT)
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2023 15:43:40 -0000
Hi Roman,
Thanks for these comments.
> ** Section 6.6. With the context that I don’t have a clear sense of what was
> chosen to be included in this document on traffic engineering, it seemed liked
> a few common traffic engineering design patterns related to survivability were
> not included.
I think "survivability" may have a different meaning for the two of us?
Not surviving attacks, but surviving network outages. Hence, 6.6 starts...
Network survivability refers to the capability of a network to
maintain service continuity in the presence of faults.
But...
> I could also see discussion of these in the Security
> Considerations:
After a double-take, I see you mean you could see benefit in including these topics in the Security Considerations section :-)
So...
> -- traffic filtering/scrubbing of any/every kind at the edge to prevent attacks
> from entering the network or leaving (a very primitive form of traffic
> engineering)
A valuable tool. Does it fit into our definition of TE?
Internet traffic engineering is defined as that aspect of Internet
network engineering dealing with the issues of performance evaluation
and performance optimization of operational IP networks.
Weeeeell, a network may be optimized by preventing attacks, but I don't think that is the main thrust of what we're talking about.
> -- choosing optional security features in control plane protocols such as
> authentication to harden the control plane
Sure. We already have:
Thus, it is important to use adequate protection mechanisms on all
protocols used to deliver TE.
We can add "such as authentication" if that helps.
> -- relying on external packet scrubbing services to mitigate DDoS attacks
Is this TE in any way?
It occurs to me that one could say that TE can be used to steer traffic through nodes capable of performing security functions (such as scrubbing and pattern matching), but I think this is SFC (which is certainly path steering, but not really TE). I'm ambivalent about including this, but the second paragraph (you quoted below) already talks about steering onto more secure links, so I can add it there.
> ** Section 9
> In general, TE
> mechanisms are security-neutral: they may use tunnels which can
> slightly help protect traffic from inspection and which, in some
> cases, can be secured using encryption; they put traffic onto
> predictable paths within the network that may make it easier to find
> and attack; they increase the complexity or operation and management
> of the network; and they enable traffic to be steered onto more
> secure links or to more secure parts of the network.
>
> Saying that TE mechanisms are security neutral” seems incongruent to the rest
> of the text. For example, noting that a path “can be secured using encryption”
> doesn’t seem neutral at all and changes the security properties of the traffic
> carries. Poorly configured traffic engineering seems like it could have
> disastrous consequences on security or “survivability” as discussed in Section
> 6.
As previously noted, "survivability" is not "security" in this document.
What you say, however, is true: running encryption on a path is a good thing; screwing up configuration is a bad thing. Those are things you can do in a TE system. But TE, itself, remains security-neutral. And this is an NRA marketing spin [1], it's just an observation.
Perhaps it is the language usage that is unclear. The paragraph can be split so the neutrality is one thing, and the list of things that can happen / be done with TE is a separate thing. This gives me...
OLD
This document does not introduce new security issues.
Network security is, of course, an important issue. In general, TE
mechanisms are security-neutral: they may use tunnels which can
slightly help protect traffic from inspection and which, in some
cases, can be secured using encryption; they put traffic onto
predictable paths within the network that may make it easier to find
and attack; they increase the complexity or operation and management
of the network; and they enable traffic to be steered onto more
secure links or to more secure parts of the network.
NEW
In general, TE mechanisms are security-neutral, and this document
does not introduce new security issues.
Network security is, of course, an important issue, and TE mechanisms
can have benefits and drawbacks.
o TE may use tunnels which can slightly help protect traffic from
inspection and which, in some cases, can be secured using encryption.
o TE puts traffic onto predictable paths within the network that may
make it easier to find and attack.
o TE often increases the complexity of operation and management of
the network which may lead to errors that compromise security.
o TE enables traffic to be steered onto more secure links or to more
secure parts of the network.
o TE can be used to steer traffic through network nodes that are able
to provide additional security functions.
END
Cheers,
Adrian
[1] https://en.wikipedia.org/wiki/Guns_don't_kill_people%2C_people_kill_people
- [Teas] Roman Danyliw's No Objection on draft-ietf… Roman Danyliw via Datatracker
- Re: [Teas] Roman Danyliw's No Objection on draft-… Adrian Farrel