Re: [tsvwg] TSVWG Working Group Last Call (WGLC) on draft-ietf-tsvwg-ieee-802-11 - David Black's comments
"Black, David" <David.Black@dell.com> Wed, 23 August 2017 14:01 UTC
Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA7C1132C26 for <tsvwg@ietfa.amsl.com>; Wed, 23 Aug 2017 07:01:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=YCL3BXzH; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=Wcwk57KL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gARCsewT-zcq for <tsvwg@ietfa.amsl.com>; Wed, 23 Aug 2017 07:01:57 -0700 (PDT)
Received: from esa4.dell-outbound.iphmx.com (esa4.dell-outbound.iphmx.com [68.232.149.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00011132C25 for <tsvwg@ietf.org>; Wed, 23 Aug 2017 07:01:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1503496916; x=1535032916; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=SJ2Cjaac19oNyb/zMRO2Kdc8WeLV9S0hQbG7Wjshluc=; b=YCL3BXzHti5q+PMUzILW1+f6u9sb+dZulpVp5mzZmDIQsWtPnXK1vPDA APQf7G6kk1+/U2g6oQe8Ol7qYU9Vfx5CtwJL5g+Co9EjwhMvYcls2wMFp u+YxsIs9SQ3LbGV4RXRXCtj8uNtmOfYIyUGmjgWbW9eF5TgQyiYg6J2+T c=;
Received: from esa3.dell-outbound2.iphmx.com ([68.232.154.63]) by esa4.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Aug 2017 09:01:56 -0500
From: "Black, David" <David.Black@dell.com>
Cc: "Jerome Henry (jerhenry)" <jerhenry@cisco.com>, Fred Baker <fredbakersba@gmail.com>, "Black, David" <David.Black@dell.com>
Received: from mailuogwdur.emc.com ([128.221.224.79]) by esa3.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Aug 2017 19:52:06 +0600
Received: from maildlpprd51.lss.emc.com (maildlpprd51.lss.emc.com [10.106.48.155]) by mailuogwprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v7NE1n28016060 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 23 Aug 2017 10:01:53 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com v7NE1n28016060
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1503496914; bh=mIefFO9QoiUlliV6YM0gxNcq6Qs=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=Wcwk57KLr7iohj2Ei+gpyR5iCjsLODCF+V+KnaFKZx6vHPTzgZ5MKeYWQLThi7tyh WDIgAEoTV35GRQ0aNmA9eumz/elv2AKOcA4FUZyZobrNMd33LaxI88jKagFCCxHvVY /0LtWid5AkbW0rntVav7hZ+mkIOWfb9q4l0m9530=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com v7NE1n28016060
Received: from mailusrhubprd54.lss.emc.com (mailusrhubprd54.lss.emc.com [10.106.48.19]) by maildlpprd51.lss.emc.com (RSA Interceptor); Wed, 23 Aug 2017 10:01:01 -0400
Received: from MXHUB310.corp.emc.com (MXHUB310.corp.emc.com [10.146.3.36]) by mailusrhubprd54.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v7NE1Pm4007659 (version=TLSv1.2 cipher=AES128-SHA256 bits=128 verify=FAIL); Wed, 23 Aug 2017 10:01:25 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB310.corp.emc.com ([10.146.3.36]) with mapi id 14.03.0352.000; Wed, 23 Aug 2017 10:01:24 -0400
To: "Tim Szigeti (szigeti)" <szigeti@cisco.com>, G Fairhurst <gorry@erg.abdn.ac.uk>, tsvwg WG <tsvwg@ietf.org>
Thread-Topic: TSVWG Working Group Last Call (WGLC) on draft-ietf-tsvwg-ieee-802-11 - David Black's comments
Thread-Index: AdL9iKwSAOxDD+ndQlSPMOl+i2FRxAJn8UbwAi2HR9ABt1YHQAE2cG+w
Date: Wed, 23 Aug 2017 14:01:24 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362FC1680E@MX307CL04.corp.emc.com>
References: <CE03DB3D7B45C245BCA0D243277949362FB757AF@MX307CL04.corp.emc.com> <9603e1facabb48ec865439a997392120@XCH-RCD-010.cisco.com> <CE03DB3D7B45C245BCA0D243277949362FBC358D@MX307CL04.corp.emc.com> <9907583a83dd46ffa05409471a256e5e@XCH-RCD-010.cisco.com>
In-Reply-To: <9907583a83dd46ffa05409471a256e5e@XCH-RCD-010.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.105.8.135]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd54.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/7ed5SEUuSVFrVQXkh8Lk-mNZA0E>
Subject: Re: [tsvwg] TSVWG Working Group Last Call (WGLC) on draft-ietf-tsvwg-ieee-802-11 - David Black's comments
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2017 14:02:00 -0000
Tim and authors, This does suffice, as indicated by the change in WG draft state to WG Consensus: Waiting for Write-Up that I just made. The next step is for me to produce a shepherd write-up for this draft, which should happen next week, as I'm traveling this week. Thanks, --David > -----Original Message----- > From: Tim Szigeti (szigeti) [mailto:szigeti@cisco.com] > Sent: Wednesday, August 16, 2017 2:17 PM > To: Black, David <david.black@emc.com>; G Fairhurst > <gorry@erg.abdn.ac.uk>; tsvwg WG <tsvwg@ietf.org> > Cc: Jerome Henry (jerhenry) <jerhenry@cisco.com>; Fred Baker > <fredbakersba@gmail.com> > Subject: RE: TSVWG Working Group Last Call (WGLC) on draft-ietf-tsvwg-ieee- > 802-11 - David Black's comments > > Thank you David for catching even these subtle points. > > I've made the changes exactly as you've recommended below and have > uploaded a new draft. > > Please confirm if this allows us to proceed to the next step. > > TIA. > > -tim > > > -----Original Message----- > > From: Black, David [mailto:David.Black@dell.com] > > Sent: Monday, August 07, 2017 6:24 PM > > To: Tim Szigeti (szigeti); G Fairhurst; tsvwg WG > > Cc: Jerome Henry (jerhenry); Fred Baker > > Subject: RE: TSVWG Working Group Last Call (WGLC) on draft-ietf-tsvwg- > > ieee-802-11 - David Black's comments > > > > Hi Tim, > > > > Many thanks for your continued efforts on this draft, and sorry for the > > delayed response. The changes generally look good - there were two areas > > where I wanted to re-check the revised text: > > > > A) On Section 5.3, I wrote: > > > > > > I don't understand what a "trust function" is, so this looks like a > > > > circular statement. Once "trust function" is clarified, change > > > > "RECOMMENDED to trust DSCP" to "RECOMMENDED to pass through > > DSCP" > > > > ... but the details of this clarification are crucial as this text > > > > is a potentially serious security hole > as currently written. > > > > The revised text removes the use of the term "trust function" and is much > > clearer as a result. > > > > B) > > > > > > Finally, Gorry noted: > > > > > > > > (4) I suspect the security section may benefit from a better definition > > > > of the case where the 802.11 network forms the edge of a DS domain. I > > > > suspect other people will suggest text on this. > > > > > > > > I suspect that some of the changes suggested in this review towards > > > > less use of the word "trust" will help with this concern, so I suggest that > > Gorry and I > > > > both take a look at the resulting text to see whether it suffices. That > > said, it > > > > would help to add a reference from the security considerations text > > > > on CS6 and CS7 back to section 5.4, which discusses this "edge of a DS > > domain" case. > > > > > > > > Beyond removal of most uses of the word "trust," the security > > considerations text on CS6 and CS7 was expanded, which obviates the need > > for a backpointer, however .... this text in Section 5.4 is now subtly > > inconsistent with at least the security considerations text: > > > > When business requirements and/or technical constraints and/or > > administrative policies require QoS markings to be passed through at > > the wireless edge, then it is RECOMMENDED to pass through Layer 3 > > DSCP markings (over Layer 2 [IEEE.802.11-2016] UP markings) in the > > upstream direction, for the following reasons: > > > > CS6 and CS7 are exceptions to this "RECOMMENDED" requirement for the > > security reasons discussed in section 8, and because they should not be > > generated by hosts for the reasons discussed in section 5.1. I have a couple > > of suggested changes. > > > > 1) Insert "with the exception of CS6 and CS7" after "in the upstream > > direction" in the above text. > > > > 2) Add a paragraph after the itemized list to explain (mostly by citing the two > > relevant sections): > > > > CS6 and CS7 are exceptions to this pass through recommendation because > > wireless hosts SHOULD NOT use them (see Section 5.1) and traffic with > > those two markings poses a threat to operation of the wired network (see > > Section 8.2). CS6 and CS7 SHOULD NOT be passed through to the wired > > network in the upstream direction unless the access point has been > > specifically configured to do that by a network administrator or operator. > > > > Does that sound reasonable? > > > > Thanks, --David > > > > > -----Original Message----- > > > From: Tim Szigeti (szigeti) [mailto:szigeti@cisco.com] > > > Sent: Thursday, July 27, 2017 6:35 PM > > > To: Black, David <david.black@emc.com>; G Fairhurst > > > <gorry@erg.abdn.ac.uk>; tsvwg WG <tsvwg@ietf.org> > > > Cc: Jerome Henry (jerhenry) <jerhenry@cisco.com>; Fred Baker > > > <fredbakersba@gmail.com> > > > Subject: RE: TSVWG Working Group Last Call (WGLC) on > > > draft-ietf-tsvwg-ieee- > > > 802-11 - David Black's comments > > > > > > Hi David, > > > > > > Thank you again for taking the time to do another round of review. > > > > > > All changes you've suggested below have been made to the latest > > > version of the draft. > > > > > > Thank you again for helping us find the right balance on security vs. > > > functionality. > > > > > > -tim > > > > > > > -----Original Message----- > > > > From: tsvwg [mailto:tsvwg-bounces@ietf.org] On Behalf Of Black, > > > > David > > > > Sent: Saturday, July 15, 2017 9:40 AM > > > > To: G Fairhurst; tsvwg WG > > > > Subject: [tsvwg] TSVWG Working Group Last Call (WGLC) on > > > > draft-ietf-tsvwg- > > > > ieee-802-11 - David Black's comments > > > > > > > > In general, the -04 draft is much improved from the -01 draft. All > > > > of my remaining major concerns involve uses of the word "trust" that > > > > > > > > -- Major > > > > > > > > Section 3: > > > > > > > > This document assumes and RECOMMENDS that all wireless access > > points > > > > (as the bridges between wired-and-wireless networks) support the > > > > ability to: > > > > > > > > [... snip ...] > > > > > > > > o trust DSCP markings set by wireless endpoint devices > > > > > > > > This instance of "trust" appears to have been overlooked. I suggest > > > > changing "trust" to "process." > > > > > > > > Section 5: > > > > > > > > o DSCP-Trust at the wireless access point (effectively a 1:1 DSCP- > > > > to-DSCP mapping) > > > > > > > > Aha, the dreaded T-word again. Suggest: DSCP-Trust -> DSCP- > > Passthrough, > > > > as that not only removes the T-word, but is also more descriptive. This > > also > > > > affects Section 5.3 ... > > > > > > > > Section 5.3: > > > > > > > > Change DSCP-Trust -> DSCP-Passthrough in section title. > > > > > > > > It is generally NOT RECOMMENDED to trust DSCP markings from > > > > unauthenticated and unauthorized devices, as these are typically > > > > considered untrusted sources. > > > > > > > > to trust DSCP markings -> to pass through DSCP markings > > > > > > > > When business requirements and/or technical constraints and/or > > > > administrative policies require a trust function at the wireless > > > > edge, then it is RECOMMENDED to trust DSCP (over [IEEE.802.11-2016] > > > > UP markings) markings in the upstream direction, for the following > > > > reasons: > > > > > > > > I don't understand what a "trust function" is, so this looks like a > > > > circular statement. Once "trust function" is clarified, change > > > > "RECOMMENDED to trust DSCP" to "RECOMMENDED to pass through > > DSCP" > > > > ... but the details of this clarification are crucial as this text > > > > is a potentially serious security hole > > > as > > > > currently written. > > > > > > > > A related minor issue turns up in Section 8.1 - see below. > > > > > > > > Finally, Gorry noted: > > > > > > > > (4) I suspect the security section may benefit from a better definition > > > > of the case where the 802.11 network forms the edge of a DS domain. I > > > > suspect other people will suggest text on this. > > > > > > > > I suspect that some of the changes suggested in this review towards > > > > less use of the word "trust" will help with this concern, so I suggest that > > Gorry and I > > > > both take a look at the resulting text to see whether it suffices. That > > said, it > > > > would help to add a reference from the security considerations text > > > > on CS6 and CS7 back to section 5.4, which discusses this "edge of a DS > > domain" > > > case. > > > > > > > > -- Minor > > > > > > > > Section 2.1: > > > > > > > > Thus the QoS treatment of packets at the access point will depend on > > > > the position of the AP in the network infrastructure and on the WLAN > > > > deployment model. > > > > > > > > Needs specific examples and/or forward references to what changes > > > > with AP position. > > > > > > > > Sections 5.2, 5.3 and 5.4: > > > > > > > > These sections are effectively discussing alternatives for access > > > > point > > > Diffserv > > > > functionality. That structure (do one of these three) is not clear in the > > draft. > > > > > > > > Section 8.1: > > > > > > > > Additionally, Section 5.3 made it clear > > > > that it is generally NOT RECOMMENDED to trust DSCP markings from > > > > unauthorized and/or unauthenticated devices, as these are > > > > typically considered untrusted sources. This is especially > > > > relevant for IoT deployments, where tens-of-billions of devices > > > > are being connected to IP networks, many of which have little or > > > > no security. > > > > > > > > In the first sentence: "trust" -> "pass through" > > > > > > > > In the second sentence as written, "many of which" refers to "IP > > > > networks" - I suspect that was not intended, e.g., "tens-of-billions > > > > of devices that may have little or no security are being connected > > > > to IP networks" may be closer to what was intended. > > > > > > > > Setting a trust boundary reflective of business objectives and > > > > policy, such that traffic from authorized users and/or > > > > applications and/or endpoints will be accepted by the network; > > > > otherwise packet markings will be "bleached" (i.e. remarked to > > > > DSCP DF and/or UP 0). > > > > > > > > I have some idea of what a "trust boundary" is, but suspect that > > > > "traffic conditioning policy" may be clearer and closer to what was > > intended. > > > > > > > > Section 8.2: > > > > > > > > Every paragraph in this section is bidirectional in scope, applying > > > > to both > > > > wired->wireless and wireless-> wired traffic, except for this paragraph: > > > > > > > > If such marking/mapping were not controlled, then, for example, a > > > > malicious user could cause WLAN DoS by flooding traffic marked CS7 > > > > DSCP downstream. This codepoint would map by default to UP 7 and > > > > would be assigned to the Voice Access Category (AC_VO). Such a flood > > > > could cause Denial-of-Service to not only wireless voice > > > > applications, but also to all other traffic classes. > > > > > > > > I suggest making this paragraph bidirectional by providing the > > > > example in both directions and then making it clear that the following > > paragraph: > > > > > > > > Therefore, to mitigate such an attack, it is RECOMMENDED that all > > > > packets marked to Diffserv Codepoints not in use over the wireless > > > > network be mapped to UP 0. > > > > > > > > applies to both access points and wireless device operating systems. > > > > > > > > > > > > -- Editorial > > > > > > > > Section 1.1: > > > > > > > > Note: [RFC4594] is intended to be viewed as a set of "project plans" > > > > for building all the (diffserv) furniture that one might want. Thus, > > > > it describes different types of traffic expected in IP networks and > > > > provides guidance as to what DSCP marking(s) should be associated > > > > with each traffic type. As such, this document draws heavily on > > > > [RFC4594], [RFC5127], and [RFC8100]. > > > > > > > > The first sentence seems a bit too informal, suggest: > > > > > > > > OLD > > > > Note: [RFC4594] is intended to be viewed as a set of "project plans" > > > > for building all the (diffserv) furniture that one might want. > > > > NEW > > > > Note: [RFC4594] is intended to be viewed as a framework and > > guidelines > > > > for supporting Diffserv in any network, including wireless networks. > > > > > > > > Section 2.1: > > > > > > > > It is important to recognize that the wired-to-wireless edge may or > > > > may not equate to the edge of the Diffserv domain. > > > > > > > > equate to the edge of the Diffserv domain -> function as an edge of > > > > a Diffserv domain or a domain boundary. > > > > > > > > Section 8: > > > > > > > > Initial paragraph seems overly defensive, suggest: > > > > > > > > OLD > > > > The recommendations put forward in this document do not present > any > > > > additional security concerns that do not already exist in wired and > > > > wireless devices. In fact, several of the recommendations made in > > > > this document serve to mitigate and protect wired and wireless > > > > networks from potential abuse arising from existing vulnerabilities. > > > > NEW > > > > The recommendations in this document concern existing wired and > > > > wireless > > > > network functionality, and for that reason do not add significant > security > > > > concerns. Some of the recommendations help protect wired and > > wireless > > > > networks from potential abuse, e.g., as discussed further in this > section. > > > > > > > > Section 8.2: > > > > > > > > It should be strongly noted that in the wireless deployment model > > > > > > > > I suggest deleting "It should be strongly noted that" > > > > > > > > Thanks, --David > > > > > > > > > > > > > -----Original Message----- > > > > > From: tsvwg [mailto:tsvwg-bounces@ietf.org] On Behalf Of G > > > > > Fairhurst > > > > > Sent: Thursday, July 6, 2017 3:11 AM > > > > > To: tsvwg WG <tsvwg@ietf.org> > > > > > Subject: [tsvwg] TSVWG Working Group Last Call (WGLC) on > > > > > draft-ietf-tsvwg- > > > > > ieee-802-11-01 to conclude 10th Jul 2017 > > > > > > > > > > This email announces a second TSVWG Working Group Last Call > (WGLC) > > > on: > > > > > > > > > > DiffServ to IEEE 802.11 Mapping > > > > > draft-ietf-tsvwg-ieee-802-11-01 > > > > > https://datatracker.ietf.org/doc/draft-ietf-tsvwg-ieee-802-11-01 > > > > > > > > > > This WGLC will last for about 2 weeks weeks. The purpose of this > > > > > call is to provide further feedback (if required) on changes made > > > > > since the first WGLC concluded. > > > > > > > > > > Comments should be sent to thetsvwg@ietf.org > > > > > <mailto:tsvwg@ietf.org>list, although purely editorial comments > > > > > may be sent directly to the authors. Please cc: the WG chairs > > > > > attsvwg-chairs@ietf.org <mailto:tsvwg-chairs@ietf.org> if you > > > > > would like the chairs to track such editorial comments as part of > > > > > the WGLC process. > > > > > > > > > > No IPR disclosures have been submitted directly on > > > > > draft-ietf-tsvwg-ieee-802-11-01 > > > > > > > > > > Thanks, > > > > > Gorry > > > > > (TSVWG Co-Chair)
- [tsvwg] TSVWG Working Group Last Call (WGLC) on d… Black, David
- Re: [tsvwg] TSVWG Working Group Last Call (WGLC) … Tim Szigeti (szigeti)
- Re: [tsvwg] TSVWG Working Group Last Call (WGLC) … Black, David
- Re: [tsvwg] TSVWG Working Group Last Call (WGLC) … Tim Szigeti (szigeti)
- Re: [tsvwg] TSVWG Working Group Last Call (WGLC) … Black, David