IETF Logo Mail Archive

Re: [trill] Kathleen Moriarty's Discuss on draft-ietf-trill-transport-over-mpls-07: (with DISCUSS)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Sun, 18 March 2018 13:49 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6E6512711A; Sun, 18 Mar 2018 06:49:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i5fjVC24Z1W4; Sun, 18 Mar 2018 06:49:22 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF0BC12D7E4; Sun, 18 Mar 2018 06:49:21 -0700 (PDT)
Received: by mail-io0-x234.google.com with SMTP id h23so17666074iob.11; Sun, 18 Mar 2018 06:49:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=e1ul8yETnHuLyjgmaZJXL7h5pk8ARfJ00zOlBWImqzI=; b=tEhx4Jby92b902s8rHypKr07a7BehlD5G0NQixndDRuMoxK1aQgFrGVzfwpGYiM/Zz NAzpTPIGL47FaUq3vsP/rUU8Y3pXLDZl4j4FIQyXQcgCbylBwhyIZaKnKOMZnrItyOG5 57lDiwQoyxZSfBOf3XxcrFEpZMQPBDqqYydnXTO9pwx8DnDczQV8gY+e0RSZKMBpfgRW s7kQwop5WRa4z3b4ROwHwt0U9NsIsrth/646dVlG/V7rBm8444CC3J2MD2tC68IGo9IT unC2w7QKF8LlOhpsg3fSFXKVWDUk7Ac/yeKQp57MO9342tPVs/rbHG5x6o94tZDTNXwp 4QnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=e1ul8yETnHuLyjgmaZJXL7h5pk8ARfJ00zOlBWImqzI=; b=T8Nr2ff4N3U5EBerzEen9QpjQ72OWmW5t+KVkLjFNkW5pWEtx7LZGzIplyChlEpeYK XT2SMXcPuv2UgDg4deMP1pm1dyXuIsIkSYBip59hkCEIpPDrJulJFCmcwjhIMbqJk4BA BDZf5M4MPXIMvwjpgZcmvSOY2qDjaCnFycIMR2PD3+PHrgRhEWpJwjYP02zf/XOk+Lq3 2wmfrU9Wp8/PhWPEQfdS//dja6dgnzcgsZmDDkfAQqc92BmFO9BT4s7Rk7t8h7flGzyN EK6+W3TcQQATul4o+hdjeWf+MWs3M7a83xqrRkYXJB8YY65DGTOltXPsELDeUbjtD7Fk bB9g==
X-Gm-Message-State: AElRT7GAcI+af6BSTwrjCly+YcRbAo1r26J02JqHAUB/Hq3ei/0R7XgC zs8KdZsMW30NDAYM7Q+Klv8QuZdrE7/KVpyvNRU=
X-Google-Smtp-Source: AG47ELtVkN7Z3YHdmZtT/BH1UHn42aitPpgttDW3Mt9IyiI6XTUbZVt1nUJo1n0hwQTMYqnH9OP6l6AzbvYWxnSD9pM=
X-Received: by 10.107.18.162 with SMTP id 34mr8392625ios.168.1521380961204; Sun, 18 Mar 2018 06:49:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.192.156.137 with HTTP; Sun, 18 Mar 2018 06:48:40 -0700 (PDT)
In-Reply-To: <CAF4+nEHOa0mDs8WO1am682h+udX=opOo2LXuwb-LrHqRAvqWug@mail.gmail.com>
References: <152046007311.21264.6753387370948470401.idtracker@ietfa.amsl.com> <CAA=duU1oeLWddg=ewEvB=uG+kD45Hg4HvAVkLsHA1xhTRi2-VA@mail.gmail.com> <CAF4+nEGo7hYUBbh4FzaOtt2=ufnNKXA7ybARP7yp4H3_AaXTrw@mail.gmail.com> <CAHbuEH6Ces1aGJMb=_TGfAs8gLYpaPq6AoyeLwo-CumrrYCLZA@mail.gmail.com> <CAF4+nEHOa0mDs8WO1am682h+udX=opOo2LXuwb-LrHqRAvqWug@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Sun, 18 Mar 2018 09:48:40 -0400
Message-ID: <CAHbuEH5=gjekgzAVrp57adG88jOqN=u+ezRLUpEJx1psRodboA@mail.gmail.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-trill-transport-over-mpls@ietf.org, trill-chairs@ietf.org, Susan Hares <shares@ndzh.com>, trill IETF mailing list <trill@ietf.org>, "Andrew G. Malis" <agmalis@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/trill/AIgbr2AsjaWAIltILMho4bNjkeg>
Subject: Re: [trill] Kathleen Moriarty's Discuss on draft-ietf-trill-transport-over-mpls-07: (with DISCUSS)
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 13:49:32 -0000

Hi Donald,

Thanks for your response, inline.

On Wed, Mar 14, 2018 at 4:52 PM, Donald Eastlake <d3e3e3@gmail.com> wrote:
> Hi Kathleen,
>
> On Wed, Mar 14, 2018 at 2:28 PM, Kathleen Moriarty
> <kathleen.moriarty.ietf@gmail.com> wrote:
>> Hi Donald,
>>
>> Thanks for the proposed text.  Please see inline.
>>
>> On Mon, Mar 12, 2018 at 10:01 PM, Donald Eastlake <d3e3e3@gmail.com>
>> wrote:
>>> Hi Kathleen,
>>>
>>> Would the following replacement Security Considerations section for
>>> draft-ietf-trill-transport-over-mpls be adequate?
>>>
>>>
>>>    This document specifies methods using existing standards and
>>>    facilities in ways that do not create new security problems.
>>>
>>>    For general VPLS security considerations, including discussion of
>>>    isolating customers from each other, see [RFC4761] and [RFC4762].
>>>
>>>    For transport of TRILL by Pseudowires security consideration, see
>>>    [RFC7173]. In particular, since pseudowires are support by MPLS or IP
>>>    which are in turn supported by a link layer, that document recommends
>>>    using IP security or the lower link layer security.
>>>
>>>    For added security against the compromise of data end-to-end
>>>    encryption and authentication should be considered; that is,
>>>    encryption and authentication from source end station to destination
>>>    end station.
>>
>> Would this be accomplished through IPsec?
>
> For end-to-end security, it could be. Or DTLS. Whatever is convenient for
> the information you want to protect. Since end stations are connected to
> edge TRILL switches via Ethernet, if you wanted to protect all of the data
> between two end stations, you could use IEEE Std 802.1AE. Do you want a list
> added?

Yes, I think that would be helpful.  Thank you.
>
>> If encryption and authentication are not employed, what are the risks
>> to tenant isolation since this draft joins TRILL campuses?
>
> I wouldn't say that the draft "joins TRILL campuses". If a TRILL campus is
> actually structured so that the connectivity being provided is connecting
> two islands, then you could say it is making those TRILL switches parts of
> the same campus. The term "campus" in TRILL is not intended to have any
> geographic (or academic) implication but rather, to be for TRILL switches
> the same as the term "bridged LAN" is for IEEE 802.1 bridges.
>
> Whenever a link extends outside local physical control, there is increased
> risk. Assuming a link between two TRILL switch ports in a TRILL campus is
> Ethernet, it could be anything from a little copper on a backplane inside a
> cabinet to Ethernet connectivity purchased from a carrier and extending
> hundreds of miles.
>
> If you are talking about the risk of a TRILL campus merging with a malicious
> TRILL switch, that can be avoided by IS-IS PDU authentication. Until
> adjacency is establish (RFC 7177), which requires successful exchange of
> IS-IS Hellos PDUs, no data will flow.
>
>> I think
>> there should be text that explains this risk in addition to the text
>> already proposed.
>
> How about adding text like the following:
>
>
> Transmission outside the customer environment through the provider
> environment, as described in this document, increases risk of compromise or
> injection of false data through failure of tenant isolation or by the
> provider. In the VPLS model (Section 3), the use of link encryption and
> authentication between the CEs of a tenant that is being connected through
> provider facilities should be a good defense. In the VPTS model (Section 4),
> it is assumed that the CEs will peer with virtual TRILL switches of the
> provider network and thus link security between TRILL switch ports is
> inadequate as it will terminate at the edge PE. Thus, end station to end
> station encryption and authentication is more appropriate for the VPTS
> model.


That's helpful, thanks for the proposed text.

Best regards,
Kathleen

>
>
> Thanks,
> Donald
> ===============================
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  155 Beaver Street, Milford, MA 01757 USA
>  d3e3e3@gmail.com
>
>> Thanks,
>> Kathleen
>>
>>>
>>>    For general TRILL security considerations, see [RFC6325].
>>>
>>>
>>> Thanks,
>>> Donald
>>> ===============================
>>>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>>>  155 Beaver Street, Milford, MA 01757 USA
>>>  d3e3e3@gmail.com
>>>
>>> On Wed, Mar 7, 2018 at 5:35 PM, Andrew G. Malis <agmalis@gmail.com>
>>> wrote:
>>>>
>>>> Kathleen,
>>>>
>>>> I don’t want to speak for the authors. However, I did contribute to this
>>>> draft (although not this specific section). So that said, here’s my two
>>>> cents ….
>>>>
>>>> I agree that first sentence could have been worded better, but the
>>>> bottom
>>>> line is that depending on the model used, the security considerations
>>>> for
>>>> RFC 7173, 4761, or 4762 applies, including the discussions in those RFCs
>>>> on
>>>> issues such as isolation and end-to-end security. Those RFCs are
>>>> referenced
>>>> in the security section. So the substance is already there, perhaps the
>>>> draft just needs better pointers to it.
>>>>
>>>> Cheers,
>>>> Andy
>>>>
>>>>
>>>> On Wed, Mar 7, 2018 at 5:01 PM, Kathleen Moriarty
>>>> <Kathleen.Moriarty.ietf@gmail.com> wrote:
>>>>>
>>>>> Kathleen Moriarty has entered the following ballot position for
>>>>> draft-ietf-trill-transport-over-mpls-07: Discuss
>>>>>
>>>>> When responding, please keep the subject line intact and reply to all
>>>>> email addresses included in the To and CC lines. (Feel free to cut this
>>>>> introductory paragraph, however.)
>>>>>
>>>>>
>>>>> Please refer to
>>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html
>>>>> for more information about IESG DISCUSS and COMMENT positions.
>>>>>
>>>>>
>>>>> The document, along with other ballot positions, can be found here:
>>>>> https://datatracker.ietf.org/doc/draft-ietf-trill-transport-over-mpls/
>>>>>
>>>>>
>>>>>
>>>>> ----------------------------------------------------------------------
>>>>> DISCUSS:
>>>>> ----------------------------------------------------------------------
>>>>>
>>>>> I was very surprised to see the following in the security
>>>>> considerations
>>>>> section and would like to work with you on improvements.
>>>>>    As an informational document specifying methods that use only
>>>>>    existing standards and facilities, this document has no effect on
>>>>>    security.
>>>>>
>>>>> Having watched many TRILL documents go by in the last 4 years, we
>>>>> didn't
>>>>> push
>>>>> too hard on security in some cases as a result of the restriction to a
>>>>> campus
>>>>> network.  This particular document extends into multi-tenancy where
>>>>> there
>>>>> are
>>>>> certainly security considerations introduced to be able to provide
>>>>> isolation
>>>>> properties.  MPLS offers no security and it is being used to join TRILL
>>>>> campuses as described int his draft.  This is done without any
>>>>> requirement of
>>>>> an overlay protocol to provide security - why is that the case?
>>>>> Minimally, the
>>>>> considerations need to be explained.  Ideally, a solution should be
>>>>> offered to
>>>>> protect tenants when TRILL campuses are joined.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> trill mailing list
>>>>> trill@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/trill
>>>>
>>>>
>>>
>>
>>
>>
>> --
>>
>> Best regards,
>> Kathleen



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email