IETF Logo Mail Archive

Re: [Tsv-art] [manet] Tsvart early review of draft-ietf-manet-dlep-credit-flow-control-09

"Black, David" <David.Black@dell.com> Thu, 02 December 2021 16:43 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C97473A11FE; Thu, 2 Dec 2021 08:43:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.801
X-Spam-Level:
X-Spam-Status: No, score=-2.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FWBvDOZ881VF; Thu, 2 Dec 2021 08:43:30 -0800 (PST)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 509103A1200; Thu, 2 Dec 2021 08:43:30 -0800 (PST)
Received: from pps.filterd (m0170392.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1B2Co75L028102; Thu, 2 Dec 2021 11:43:28 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=TQF5XcFF8tPUVaVB6cHzaOuK3EtqtQbS51cFfVl35CY=; b=MF7PYsCWgLe1GWBi4DqdHdE1mCEnnXXo/ELRjKSv/VdnTGa0FCvtCpRESxcEE40rKHam lZh5NfHggFWbDHGDA/kY8rxmy6Sti5h/rH498baq1dkF74dke9J3Ay7HlO4P7054IQev 8BgGhDejZ7KYcYjRy4n2trbQAJbN9395Vg38QZ/0luHQZtLsgKWmqqSObja4QfM5Z8TI lchTJGFYzaNVPEY2WY0hf2yJNCuOukpE70R/mzKsDylgEpHiVKaQEkgVykg+J37/PcB9 8qx0m7mlOM2Or8ONK/LGa13IO/lDDPPPEF3j+YxDIYue/JDW0st+Vf4Nike/0ah5Thle Uw==
Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0a-00154904.pphosted.com with ESMTP id 3cppvq2w49-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Dec 2021 11:43:28 -0500
Received: from pps.filterd (m0134318.ppops.net [127.0.0.1]) by mx0a-00154901.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 1B2GVOiA123931; Thu, 2 Dec 2021 11:43:27 -0500
Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam07lp2047.outbound.protection.outlook.com [104.47.56.47]) by mx0a-00154901.pphosted.com with ESMTP id 3cm34rnecj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 02 Dec 2021 11:43:27 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SRsIMYdeY4YYccRmH9oNfbVRlrYdWINzWPvEtXFehBcfmSkcVcsrRMRVHyBWYLplrw9yViHfPqfAUHE28GFlEuO/VjxcP+/9avxvLL2VIr+TGIeKKWgB44c+dFpFvz++3B1/yEnH/mQn0wW56n0e0jP7Rm/iczLnV4/yAyAbQipnd8GavNs8kiCw4Zbq5iNiCT0iOMiydfwIUAemMqQHvsTG1+XoLvQZI4xOAeRxEW3DBEWFdf6Wby5lGHhODPdRa8GcBZ+/fjuxaPrL3ZMzYkH+DzZkiMbNr6kix//OF59hF86h4dL3H3u8MLwzPii67ejUwOOPgHYIyK1EVS4VqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TQF5XcFF8tPUVaVB6cHzaOuK3EtqtQbS51cFfVl35CY=; b=Gov9A8ZmcCzbdsOvN1IHlFGzimY3symHLc+xJJLNIGVDaMGcgETIJj+ThDKrDxnX5UVQELhH0MNWq9Ke1/hZ9rlUen9ya0JxlgCZwD7arYjlqvlUTSpLMzI/AfqnBvzRlySDYc+eYxVMNQTIPFb8VmosO1fBvI7wSTTZUaaZY+DIVPJh8Orbp5GtHsNNLHbiBdbPw/lKmYq2ubd9T4YJIH0unaKn3dcK+ORW04xulxve3L605sm2Lia/zatIW682AXi7duUJb1vLLIo8O/aFiFUqKT1C6jbeYvV0wRxNAIb9g7eyzvYapR8zDY8P6tFba/Ers5JYyaIqWWEPgSL8dw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN2PR19MB3821.namprd19.prod.outlook.com (2603:10b6:208:1ed::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.11; Thu, 2 Dec 2021 16:43:25 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::56c:683f:dc0a:b26a]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::56c:683f:dc0a:b26a%3]) with mapi id 15.20.4734.024; Thu, 2 Dec 2021 16:43:25 +0000
From: "Black, David" <David.Black@dell.com>
To: Henning Rogge <hrogge@gmail.com>
CC: "tsv-art@ietf.org" <tsv-art@ietf.org>, "draft-ietf-manet-dlep-credit-flow-control.all@ietf.org" <draft-ietf-manet-dlep-credit-flow-control.all@ietf.org>, MANET IETF <manet@ietf.org>, "Black, David" <David.Black@dell.com>
Thread-Topic: [manet] Tsvart early review of draft-ietf-manet-dlep-credit-flow-control-09
Thread-Index: AQHX3WctQIFllbH3sUW2uBkffLVO36wT31KAgArCZVCAADIKgIAApCZw
Date: Thu, 02 Dec 2021 16:43:25 +0000
Message-ID: <MN2PR19MB40457328C2FDF60EE5A6A0DE83699@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <163734132077.29324.1689596626565034298@ietfa.amsl.com> <CAGnRvurUJhLY30kB_TaF6pwb8bkg=EjXQpjqhUC3FoDmWoGqkQ@mail.gmail.com> <MN2PR19MB4045AB8150BD7F7911DB9C6483699@MN2PR19MB4045.namprd19.prod.outlook.com> <CAGnRvuqhqp_GVdJNKa9k8T7sf7qjSPFoD021Y3mfDDA37TLdJw@mail.gmail.com>
In-Reply-To: <CAGnRvuqhqp_GVdJNKa9k8T7sf7qjSPFoD021Y3mfDDA37TLdJw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_Enabled=true; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_SetDate=2021-12-02T16:38:26Z; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_Method=Privileged; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_Name=Public; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_ActionId=f35926e5-0f80-40d8-9f3e-c3620a55a2bb; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_ContentBits=0
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 04ec2718-94b9-4c7b-133f-08d9b5b2dc4f
x-ms-traffictypediagnostic: MN2PR19MB3821:
x-microsoft-antispam-prvs: <MN2PR19MB3821E96397D7661CBCFD5D5083699@MN2PR19MB3821.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9s4W+o6yyRewJUBsG5fRjjbupBZeMEgeyg4N+MbWMETPwxvuvuYgs6lF5akhTVXgjT14tcDZkdgNCH+h6pkRt8iNUCQC9j4R1Slo6ejLtWL+JJRDVtLZV5DiTMeD2o1fV++tRdfQDbY2EhAcqFOlZk+F6Dp+dcJyWWHBLbgC8q3/TCBHWGv8IHOuzxSGNkYjsZOmZTTFiFtvtbaTsP/s5N9F1XPNIxnrCP9ZUbJEENZxQaKyuqGGW5fbTSo42VeB1fbnwtSJBsrJKfwK4whaaOG0P/Q8Vs+tOZtIu8T/PbW26QY4H1zYrGvARvHeVHdDX/aVe1pyiuXrWv+L8tOaodKa9MbpLoqbqIJABymaOVGcQrCJQiguwSG41M9sOWdHKcWECnOg9GbAtYBFq4KzWmXotjy/KdfflTX93pQzCdH2+qzADgsC2SOxNvnhib/vaUUZcLve9oj/Q13PARKhAJ/9v2zdPJUlQblpG8qsouP4OHq92y8z9MBKT+L/bQXHTr+Ed5LKomBwTOwR+CiGaojPoaGrYrmfD2+a2n5K/B83c5LopDiZB9g6T2XoKU7hTKr4BnBjLpNIwrkRNyk0qg5LqrTRO3mOubOT2Q/a2EbRZBjtVTOr67hL/71ADpgfMN03auSNtapqwxor6JQNsiOc3mrZ1203eznj4xUW0lnL0eaIhrQ2rKibvrAM7ZxHwh4zwhDgm+jgpVGbTsvwBA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR19MB4045.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(4326008)(71200400001)(66556008)(52536014)(66446008)(64756008)(186003)(86362001)(66574015)(55016003)(38070700005)(33656002)(66476007)(66946007)(53546011)(76116006)(9686003)(38100700002)(107886003)(6506007)(8936002)(8676002)(2906002)(6916009)(122000001)(316002)(786003)(82960400001)(508600001)(83380400001)(5660300002)(54906003)(26005)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: X4DpAZdW3UwKlAUAyFhvCh3jl98HBkh33GpCSjfOqmZcyu6za9pd19RoK4eKRKQ2T77PNfvcs2lHvf+iKXKzodHWzVo8D7d8O7iaXV8yFVOibLNLgOe97QEDt5zHjIq11vIe7Zz+XeQ0OWeIxg39kZpyX/ZhXmX4qmZERAfKcMk3s+1E17V/PFoBjJ9S0SBZ4tFbjIHkfzDJxhdKDgKnPfSNIjhqeqt/ri0dPBWAX/T0mUHO+U33fPGjhqPVPkQcqHOjHs6cU2vdt8lS+VRldBmS+ly/qkRmXnL83Vd2hb79Yv4R6qp5t92G8VJPWyzuJdX3VGCgLXGRaR7ZwpK4/SX6hBFI4nh3XuH0Pl7zhJyd1TqhCZJl2BcO/5LNK8krAthWRd/6VrwKptDL/TaRrKDEpIL6H45EYPx/jzVlIMIYYkQEUQ318W4xQMLtAnoiz34MivjD7P6H98gQ7pOrd2qOkmSZlTXwHLMiB4d3hXZB8n6XMhnU0HdGlvmALM7rD0X+TPl6ZXiPBIDgG3w6PEbHeBnWZjiU6fVmd6PpQXgtasELVok6oSd0szCDLVzK7Skcm/L39zPdVi4Bj5OMtfksr+sP+nLKTXGSNim9mxZFcqPrtrogA2qyjJLySZJFdWf6eFTLZqm/avrSBiZ6rcTWmEGp+RBFSTJA9I0s5ec/yFZkJPRzp8M7WtEgWw1Yfzlf7Ka6syBCeOMHC1NFnnvM3E7Rsg2JhnNcszqoqXE5FH1CqY28frKlJTcJTEsqsAWNz4XLZzGZ6RUWO1e7n1rw2QNILQHbY+84QtRK9513nM9dvxyYnc6JH/5s5nPK1/IVkXkfSUwUtXfBQSP6LphxdN7Kbb1UBdVWRwvCWohMllbPCdX0kIfQlxBPCzLH1nmqD2J3MM859yF5YmJO+QgamfQNGd7BfpUHNWDJL6zaMdbjyex29mCFx6BuenPewbW47RkiPKRO89/i5//J0GXfsw0CzSq+/hd33d3Jn0IpCjLbqmD48otYu/8k4OcTGzw8VOZIEaHnLkBLlCa5cF7W81k2tgBiRDljDtGyoB76FRMfldYCcN3VrpaWxrLvFjrILzjNP1Xi3BhbNQMZWbxm6SaKuacQF+frJPLpu8kQeOpHUsHoR6vFDCsUY9xwO2UNSLC+VTtkL6uHlTAdlRpffeEJX+k8W8YtNZlwSNd2MA0cQuGwYbli0uozBEqpNlEiK4omdpICtL4JNthwjE8k8ZVEgg7T3gwVt2ILW4MOb9M2qkNe2Yobpop+DXPaUHJsiOMRs5DO75en1PBPZvo+qKUWOKnCbZDulsOXVqvGX7KXhpr0s1l7SATtrJVx2chmwFSnuEeSjtB6Oq9rcLC8PhsytFabslm3cKVnUm7ZgG4uB6csKEcWKJWAK6SFe/qQ7aa3cXeediFDGlxq5xIhaxACO8LochKHDACIn2wM0FAjGEu+q0Rlx9dyCT1r7J3FGcuK4wwBLE2c3pkfqT0FZZDkzF+C25A3kUgdxWkj0y/Owhp1Vh6SkR48QLQDKtcsUX6AyfgzQIpFG2ELQ/Uopi05Y7ogktulQAh+8noWyujJjb6GPReT0PPi85DEr/qeh9HuE6z30VTO8qULMA==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR19MB4045.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 04ec2718-94b9-4c7b-133f-08d9b5b2dc4f
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2021 16:43:25.3227 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: g9e2BLg+6pWkUOFE7Jmy9RIV2FnCCAMzLo1Sx7USBHcTDZwCNubc4aXupvJvkema11O06g4eLeqwQhW14qzIhw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB3821
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-12-02_10:2021-12-02, 2021-12-02 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxscore=0 priorityscore=1501 bulkscore=0 suspectscore=0 mlxlogscore=907 adultscore=0 clxscore=1015 impostorscore=0 spamscore=0 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112020109
X-Proofpoint-ORIG-GUID: vrCofUUJJ8HykaTVUrMGOrscxYQ0j0UX
X-Proofpoint-GUID: vrCofUUJJ8HykaTVUrMGOrscxYQ0j0UX
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 bulkscore=0 mlxscore=0 spamscore=0 phishscore=0 suspectscore=0 malwarescore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112020109
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/MyTLKR0IXpeTkS2QOgNhlGRzCqo>
Subject: Re: [Tsv-art] [manet] Tsvart early review of draft-ietf-manet-dlep-credit-flow-control-09
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2021 16:43:35 -0000

> I think we already have a discussion about this in RFC 8175 Section
> 7.1 and 14. In fact this WG had a lengthy discussion among each other
> and the Security Area Director about security.

That's fine - adding Security Considerations text that refers to those techniques and indicates that they suffice to protect the credit resource ought to suffice.  I'm not looking for new functionality - I'm objecting to wording that ignores the security implications of credits.

> I would like to know what kind of attacker you imagine

This is not about a new kind of attacker - it's about text in the draft that asserts that credits cannot possibly be attacked, even if nothing is done about securing DLEP:

   These mechanisms do not inherently introduce any additional
   vulnerabilities above those documented in [RFC8175].

That sentence is incorrect because I've already described a vulnerability introduced by credits, but RFC 8175 does not discuss credits, and hence RFC 8175 has not "documented" that vulnerability.

Rewriting that sentence and related text to indicate that the security functionality and considerations in RFC 8175 apply to the new mechanisms is likely to suffice.  

Thanks, --David

-----Original Message-----
From: Henning Rogge <hrogge@gmail.com> 
Sent: Thursday, December 2, 2021 1:39 AM
To: Black, David
Cc: tsv-art@ietf.org; draft-ietf-manet-dlep-credit-flow-control.all@ietf.org; MANET IETF
Subject: Re: [manet] Tsvart early review of draft-ietf-manet-dlep-credit-flow-control-09


[EXTERNAL EMAIL] 

On Thu, Dec 2, 2021 at 4:55 AM Black, David <David.Black@dell.com> wrote:
>
> Henning,
>
> > I disagree with the security concerns...
>
> To be more precise, I think the disagreement is not with the concerns, but is rather with how to address them, as your note suggests countermeasures.
>
> These drafts create a resource (credits) which can be attacked (e.g., via message injection) where successful attacks can cause harm (e.g., reduction or denial of service).  That is a security concern that needs to be addressed.

We already have these kinds of problems (exhaustion of resources) for
Attached Subnets and Announced Destinations.

But in all of these cases the attack is only possible if you CAN
inject messages.

> Your discussion of what to do to prevent these attacks, e.g., " if the physical link between router and radio is not secure (e.g. a single ethernet cable), the DLEP connection should be secured," would be fine Security Considerations text to add in order to address this concern.  In contrast, the current Security Considerations text asserts the non-existence and impossibility of these attacks (even in the absence of countermeasures such as securing the DLEP connection) - that is not correct, so that text needs attention.

I think we already have a discussion about this in RFC 8175 Section
7.1 and 14. In fact this WG had a lengthy discussion among each other
and the Security Area Director about security.

I would like to know what kind of attacker you imagine that has not either
a) full control about the router end of DLEP
or
b) exploits a DLEP connection that is not following the security
advice of RFC 8175 (either using TLS or securing the layer 2 link).

The RFC 8175 already strongly recommends the use of TLS for DLEP,
unless the installation can guarantee a secure link (e.g. a direct
ethernet cable without a switch).

In my opinion discussions about how to secure the DLEP link doesn't
belong in a specific extension document, but maybe an informal "DLEP
security best practice" one. This could discuss the pros and cons
about "direct link", TLS, 802.1x, MACSEC or VPN to connect DLEP radio
and router. All these things are common to all applications of DLEP.

Henning Rogge

v2.23.0 | Report a Bug | By Email