IETF Logo Mail Archive

Re: [Tsv-art] [manet] Tsvart early review of draft-ietf-manet-dlep-credit-flow-control-09

Henning Rogge <hrogge@gmail.com> Thu, 02 December 2021 06:39 UTC

Return-Path: <hrogge@gmail.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DCE33A0B4C; Wed, 1 Dec 2021 22:39:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oJy9XXy6LzFr; Wed, 1 Dec 2021 22:39:30 -0800 (PST)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E261D3A0B45; Wed, 1 Dec 2021 22:39:29 -0800 (PST)
Received: by mail-lj1-x22c.google.com with SMTP id 13so52781581ljj.11; Wed, 01 Dec 2021 22:39:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=iaylJZapBZhJEyy+gw7uyWFAu27JE+xGH5MCAoSB6/U=; b=aEws5oSMdTSwp1ttjSKB8y/9kmBePYyQ1n/Sd1R6x+e26sWA+ku/P9rjNAoB++6+yI QPQ/fF42c8iuzUN/1sWKOngGgUcrJ3R9uzOCCsmaPWngRIafzrXuUq3KAu+KseYSaGCq +14sudpbW027iaSJGqUaaO1chbGClYbaZshUunG9MybSqtX1rcpzodD+SQcDKIlbgh4D dYFZodRCbmydnAl7VnUHi7gUFnuqnh+5HiwLdSpC6UhuP8RRq1wfh7JdWWhtZeqXwKIC xSjRK0liq76NPaKEt1jPHWmMviibA78QFhw5byObQBKj+HYQmFjd8AzCNwR5JpBcy4U1 svCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=iaylJZapBZhJEyy+gw7uyWFAu27JE+xGH5MCAoSB6/U=; b=Fd9gwRMVFMop/ABQ4ySwnss7TEcrY9jsIlPvxuINA529qg7TlbBSk0gs94u98EEVUw eEzQc3ZveZH1H4POF0g3mXEOjPyAoAn35HBqX66gPwtQd7B9UwynW1xPkQzj+B3S2pAA fbzi1jUom4aorSMQUiEuY6H2W+pL8gkybCSgzq/Lzoj3odPgOjHu7mh8fD1Ud1tlbGdE 2FvWadhbsfMzJUETx+MSp5SSUgvSBu8KQ1rKfT8ue5xf/7WUcsdtbhGW6BfNA0r3Vtch HctwuTXkcE5pdun6MbWw2jaG/e8Lj75/XBPmHvrCTlZjQgcu5HJIV2v3JYM/OlbPeVel 0/kA==
X-Gm-Message-State: AOAM530A2ApY12Yc2KjRU33T6DPlRsJbfflpFL+cWY2GKsFD9MGKFZ/y 8A+1ZjxzAUb9pVJWbJB8sq7bBIBTSuGjHnN72hc=
X-Google-Smtp-Source: ABdhPJx6tND15EC8EPiVySwscmy/ro8RBAifFsGktiUiUkkBwohHe2yHX9jWHK7gX4UdngMGY5CPE7AMFpIuYCidyR0=
X-Received: by 2002:a2e:a58d:: with SMTP id m13mr10405605ljp.281.1638427162896; Wed, 01 Dec 2021 22:39:22 -0800 (PST)
MIME-Version: 1.0
References: <163734132077.29324.1689596626565034298@ietfa.amsl.com> <CAGnRvurUJhLY30kB_TaF6pwb8bkg=EjXQpjqhUC3FoDmWoGqkQ@mail.gmail.com> <MN2PR19MB4045AB8150BD7F7911DB9C6483699@MN2PR19MB4045.namprd19.prod.outlook.com>
In-Reply-To: <MN2PR19MB4045AB8150BD7F7911DB9C6483699@MN2PR19MB4045.namprd19.prod.outlook.com>
From: Henning Rogge <hrogge@gmail.com>
Date: Thu, 02 Dec 2021 07:38:57 +0100
Message-ID: <CAGnRvuqhqp_GVdJNKa9k8T7sf7qjSPFoD021Y3mfDDA37TLdJw@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: "tsv-art@ietf.org" <tsv-art@ietf.org>, "draft-ietf-manet-dlep-credit-flow-control.all@ietf.org" <draft-ietf-manet-dlep-credit-flow-control.all@ietf.org>, MANET IETF <manet@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/M1LkWuv5h48GOu_xNwXkCDldkvk>
Subject: Re: [Tsv-art] [manet] Tsvart early review of draft-ietf-manet-dlep-credit-flow-control-09
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2021 06:39:36 -0000

On Thu, Dec 2, 2021 at 4:55 AM Black, David <David.Black@dell.com> wrote:
>
> Henning,
>
> > I disagree with the security concerns...
>
> To be more precise, I think the disagreement is not with the concerns, but is rather with how to address them, as your note suggests countermeasures.
>
> These drafts create a resource (credits) which can be attacked (e.g., via message injection) where successful attacks can cause harm (e.g., reduction or denial of service).  That is a security concern that needs to be addressed.

We already have these kinds of problems (exhaustion of resources) for
Attached Subnets and Announced Destinations.

But in all of these cases the attack is only possible if you CAN
inject messages.

> Your discussion of what to do to prevent these attacks, e.g., " if the physical link between router and radio is not secure (e.g. a single ethernet cable), the DLEP connection should be secured," would be fine Security Considerations text to add in order to address this concern.  In contrast, the current Security Considerations text asserts the non-existence and impossibility of these attacks (even in the absence of countermeasures such as securing the DLEP connection) - that is not correct, so that text needs attention.

I think we already have a discussion about this in RFC 8175 Section
7.1 and 14. In fact this WG had a lengthy discussion among each other
and the Security Area Director about security.

I would like to know what kind of attacker you imagine that has not either
a) full control about the router end of DLEP
or
b) exploits a DLEP connection that is not following the security
advice of RFC 8175 (either using TLS or securing the layer 2 link).

The RFC 8175 already strongly recommends the use of TLS for DLEP,
unless the installation can guarantee a secure link (e.g. a direct
ethernet cable without a switch).

In my opinion discussions about how to secure the DLEP link doesn't
belong in a specific extension document, but maybe an informal "DLEP
security best practice" one. This could discuss the pros and cons
about "direct link", TLS, 802.1x, MACSEC or VPN to connect DLEP radio
and router. All these things are common to all applications of DLEP.

Henning Rogge

v2.23.0 | Report a Bug | By Email