IETF Logo Mail Archive

Re: [tsvwg] TSVWG Working Group Last Call (WGLC) on draft-ietf-tsvwg-ieee-802-11 - David Black's comments

"Tim Szigeti (szigeti)" <szigeti@cisco.com> Thu, 27 July 2017 22:35 UTC

Return-Path: <szigeti@cisco.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECB1A131E82 for <tsvwg@ietfa.amsl.com>; Thu, 27 Jul 2017 15:35:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Xc7Bo_sNG9b for <tsvwg@ietfa.amsl.com>; Thu, 27 Jul 2017 15:35:09 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48A6C1321DD for <tsvwg@ietf.org>; Thu, 27 Jul 2017 15:35:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9386; q=dns/txt; s=iport; t=1501194909; x=1502404509; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=HBcfa0Gi6jE6xbUYC3ykh2RK8FnMhDS/BvyGnBclYC0=; b=aAA/OX6Cf8xULJ7KGUdM43kuKVU4i+KlQBCwgebs/E8OK8qfBDbEtOa4 6uEr7RQS+73I0wcwHit4NrmkbGqb5eLozhL6kvY+QHue+JHGLe0iGtwaG 8LC+d2G242/nSvrvN5WzJA18k2IuPE30W3ogBFBGXron6D8connmvJi8J A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CaAADgaXpZ/5tdJa1dDgsBAQEBAQEBAQEBAQcBAQEBAYNaZG0nB44GkWKWCg6CBCyFGwKDZT8YAQIBAQEBAQEBayiFGAEBAQEDDhkTKxQMBAIBCBEEAQEfCQcyFAkIAQEEAQ0FCIonELErOos/AQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWDJASFLQGDJIQ/AQESAUWFTgWXK4g7AodNgwKJS4IVhVKKXpE0hD0BHzh/C3cVHyqFFhwZgQ8/dodPgSOBDgEBAQ
X-IronPort-AV: E=Sophos;i="5.40,422,1496102400"; d="scan'208";a="273654946"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Jul 2017 22:35:07 +0000
Received: from XCH-RCD-019.cisco.com (xch-rcd-019.cisco.com [173.37.102.29]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v6RMZ75u014292 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 27 Jul 2017 22:35:07 GMT
Received: from xch-rcd-010.cisco.com (173.37.102.20) by XCH-RCD-019.cisco.com (173.37.102.29) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 27 Jul 2017 17:35:07 -0500
Received: from xch-rcd-010.cisco.com ([173.37.102.20]) by XCH-RCD-010.cisco.com ([173.37.102.20]) with mapi id 15.00.1210.000; Thu, 27 Jul 2017 17:35:07 -0500
From: "Tim Szigeti (szigeti)" <szigeti@cisco.com>
To: "Black, David" <David.Black@dell.com>, G Fairhurst <gorry@erg.abdn.ac.uk>, tsvwg WG <tsvwg@ietf.org>
CC: "Jerome Henry (jerhenry)" <jerhenry@cisco.com>, Fred Baker <fredbakersba@gmail.com>
Thread-Topic: TSVWG Working Group Last Call (WGLC) on draft-ietf-tsvwg-ieee-802-11 - David Black's comments
Thread-Index: AdL9iKwSAOxDD+ndQlSPMOl+i2FRxAJn8Ubw
Date: Thu, 27 Jul 2017 22:35:07 +0000
Message-ID: <9603e1facabb48ec865439a997392120@XCH-RCD-010.cisco.com>
References: <CE03DB3D7B45C245BCA0D243277949362FB757AF@MX307CL04.corp.emc.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949362FB757AF@MX307CL04.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.132.12.98]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Nzgmh4a94S8mFKgWQR-Z_E4Rs6o>
Subject: Re: [tsvwg] TSVWG Working Group Last Call (WGLC) on draft-ietf-tsvwg-ieee-802-11 - David Black's comments
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jul 2017 22:35:12 -0000

Hi David,

Thank you again for taking the time to do another round of review.

All changes you've suggested below have been made to the latest version of the draft.

Thank you again for helping us find the right balance on security vs. functionality.

-tim

> -----Original Message-----
> From: tsvwg [mailto:tsvwg-bounces@ietf.org] On Behalf Of Black, David
> Sent: Saturday, July 15, 2017 9:40 AM
> To: G Fairhurst; tsvwg WG
> Subject: [tsvwg] TSVWG Working Group Last Call (WGLC) on draft-ietf-tsvwg-
> ieee-802-11 - David Black's comments
> 
> In general, the -04 draft is much improved from the -01 draft.  All of my
> remaining major concerns involve uses of the word "trust" that
> 
> -- Major
> 
> Section 3:
> 
>    This document assumes and RECOMMENDS that all wireless access points
>    (as the bridges between wired-and-wireless networks) support the
>    ability to:
> 
> [... snip ...]
> 
>    o  trust DSCP markings set by wireless endpoint devices
> 
> This instance of "trust" appears to have been overlooked.   I suggest
> changing "trust" to "process."
> 
> Section 5:
> 
>    o  DSCP-Trust at the wireless access point (effectively a 1:1 DSCP-
>       to-DSCP mapping)
> 
> Aha, the dreaded T-word again.  Suggest: DSCP-Trust -> DSCP-Passthrough,
> as that not only removes the T-word, but is also more descriptive.   This also
> affects Section 5.3 ...
> 
> Section 5.3:
> 
> Change DSCP-Trust -> DSCP-Passthrough in section title.
> 
>    It is generally NOT RECOMMENDED to trust DSCP markings from
>    unauthenticated and unauthorized devices, as these are typically
>    considered untrusted sources.
> 
> to trust DSCP markings -> to pass through DSCP markings
> 
>    When business requirements and/or technical constraints and/or
>    administrative policies require a trust function at the wireless
>    edge, then it is RECOMMENDED to trust DSCP (over [IEEE.802.11-2016]
>    UP markings) markings in the upstream direction, for the following
>    reasons:
> 
> I don't understand what a "trust function" is, so this looks like a circular
> statement.  Once "trust function" is clarified, change "RECOMMENDED to
> trust DSCP" to "RECOMMENDED to pass through DSCP" ... but the details of
> this clarification are crucial as this text is a potentially serious security hole as
> currently written.
> 
> A related minor issue turns up in Section 8.1 - see below.
> 
> Finally, Gorry noted:
> 
>    (4) I suspect the security section may benefit from a better definition
>    of the case where the 802.11 network forms the edge of a DS domain. I
>    suspect other people will suggest text on this.
> 
> I suspect that some of the changes suggested in this review towards less use
> of the word "trust" will help with this concern, so I suggest that Gorry and I
> both take a look at the resulting text to see whether it suffices.   That said, it
> would help to add a reference from the security considerations text on CS6
> and CS7 back to section 5.4, which discusses this "edge of a DS domain" case.
> 
> -- Minor
> 
> Section 2.1:
> 
>    Thus the QoS treatment of packets at the access point will depend on
>    the position of the AP in the network infrastructure and on the WLAN
>    deployment model.
> 
> Needs specific examples and/or forward references to what changes with AP
> position.
> 
> Sections 5.2, 5.3 and 5.4:
> 
> These sections are effectively discussing alternatives for access point Diffserv
> functionality.  That structure (do one of these three) is not clear in the draft.
> 
> Section 8.1:
> 
>       Additionally, Section 5.3 made it clear
>       that it is generally NOT RECOMMENDED to trust DSCP markings from
>       unauthorized and/or unauthenticated devices, as these are
>       typically considered untrusted sources. This is especially
>       relevant for IoT deployments, where tens-of-billions of devices
>       are being connected to IP networks, many of which have little or
>       no security.
> 
> In the first sentence: "trust" -> "pass through"
> 
> In the second sentence as written, "many of which" refers to "IP networks" -
> I suspect that was not intended, e.g., "tens-of-billions of devices that may
> have little or no security are being connected to IP networks" may be closer
> to what was intended.
> 
>       Setting a trust boundary reflective of business objectives and
>       policy, such that traffic from authorized users and/or
>       applications and/or endpoints will be accepted by the network;
>       otherwise packet markings will be "bleached" (i.e. remarked to
>       DSCP DF and/or UP 0).
> 
> I have some idea of what a "trust boundary" is, but suspect that "traffic
> conditioning policy" may be clearer and closer to what was intended.
> 
> Section 8.2:
> 
> Every paragraph in this section is bidirectional in scope, applying to both
> wired->wireless and wireless-> wired traffic, except for this paragraph:
> 
>    If such marking/mapping were not controlled, then, for example, a
>    malicious user could cause WLAN DoS by flooding traffic marked CS7
>    DSCP downstream.  This codepoint would map by default to UP 7 and
>    would be assigned to the Voice Access Category (AC_VO).  Such a flood
>    could cause Denial-of-Service to not only wireless voice
>    applications, but also to all other traffic classes.
> 
> I suggest making this paragraph bidirectional by providing the example in
> both directions and then making it clear that the following paragraph:
> 
>    Therefore, to mitigate such an attack, it is RECOMMENDED that all
>    packets marked to Diffserv Codepoints not in use over the wireless
>    network be mapped to UP 0.
> 
> applies to both access points and wireless device operating systems.
> 
> 
> -- Editorial
> 
> Section 1.1:
> 
>    Note: [RFC4594] is intended to be viewed as a set of "project plans"
>    for building all the (diffserv) furniture that one might want.  Thus,
>    it describes different types of traffic expected in IP networks and
>    provides guidance as to what DSCP marking(s) should be associated
>    with each traffic type.  As such, this document draws heavily on
>    [RFC4594], [RFC5127], and [RFC8100].
> 
> The first sentence seems a bit too informal, suggest:
> 
> OLD
>    Note: [RFC4594] is intended to be viewed as a set of "project plans"
>    for building all the (diffserv) furniture that one might want.
> NEW
>    Note: [RFC4594] is intended to be viewed as a framework and guidelines
>    for supporting Diffserv in any network, including wireless networks.
> 
> Section 2.1:
> 
>    It is important to recognize that the wired-to-wireless edge may or
>    may not equate to the edge of the Diffserv domain.
> 
> equate to the edge of the Diffserv domain -> function as an edge of a
> Diffserv domain or a domain boundary.
> 
> Section 8:
> 
> Initial paragraph seems overly defensive, suggest:
> 
> OLD
>    The recommendations put forward in this document do not present any
>    additional security concerns that do not already exist in wired and
>    wireless devices.  In fact, several of the recommendations made in
>    this document serve to mitigate and protect wired and wireless
>    networks from potential abuse arising from existing vulnerabilities.
> NEW
>    The recommendations in this document concern existing wired and
> wireless
>    network functionality, and for that reason do not add significant security
>    concerns.   Some of the recommendations help protect wired and wireless
>    networks from potential abuse, e.g., as discussed further in this section.
> 
> Section 8.2:
> 
>    It should be strongly noted that in the wireless deployment model
> 
> I suggest deleting "It should be strongly noted that"
> 
> Thanks, --David
> 
> 
> > -----Original Message-----
> > From: tsvwg [mailto:tsvwg-bounces@ietf.org] On Behalf Of G Fairhurst
> > Sent: Thursday, July 6, 2017 3:11 AM
> > To: tsvwg WG <tsvwg@ietf.org>
> > Subject: [tsvwg] TSVWG Working Group Last Call (WGLC) on
> > draft-ietf-tsvwg-
> > ieee-802-11-01 to conclude 10th Jul 2017
> >
> > This email announces a second TSVWG Working Group Last Call (WGLC) on:
> >
> >              DiffServ to IEEE 802.11 Mapping
> >              draft-ietf-tsvwg-ieee-802-11-01
> > https://datatracker.ietf.org/doc/draft-ietf-tsvwg-ieee-802-11-01
> >
> > This WGLC will last for about 2 weeks weeks. The purpose of this call
> > is to provide further feedback (if required) on changes made since the
> > first WGLC concluded.
> >
> > Comments should be sent to thetsvwg@ietf.org
> > <mailto:tsvwg@ietf.org>list, although purely editorial comments may be
> > sent directly to the authors. Please cc: the WG chairs
> > attsvwg-chairs@ietf.org <mailto:tsvwg-chairs@ietf.org>  if you would
> > like the chairs to track such editorial comments as part of the WGLC
> > process.
> >
> > No IPR disclosures have been submitted directly on
> > draft-ietf-tsvwg-ieee-802-11-01
> >
> > Thanks,
> > Gorry
> > (TSVWG Co-Chair)

v2.23.0 | Report a Bug | By Email