[Tsvwg] Re: IETF LC comments on draft-ietf-tsvwg-rsvp-ipsec
Francois Le Faucheur IMAP <flefauch@cisco.com> Thu, 16 November 2006 15:29 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GkjBJ-0003OZ-Mh; Thu, 16 Nov 2006 10:29:37 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GkjBI-0003Nt-RB for tsvwg@ietf.org; Thu, 16 Nov 2006 10:29:36 -0500
Received: from ams-iport-1.cisco.com ([144.254.224.140]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gkj6P-0001wc-O8 for tsvwg@ietf.org; Thu, 16 Nov 2006 10:24:36 -0500
Received: from ams-dkim-2.cisco.com ([144.254.224.139]) by ams-iport-1.cisco.com with ESMTP; 16 Nov 2006 16:24:30 +0100
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id kAGFOSWF017687; Thu, 16 Nov 2006 16:24:28 +0100
Received: from xbh-ams-331.emea.cisco.com (xbh-ams-331.cisco.com [144.254.231.71]) by ams-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id kAGFOSCK020640; Thu, 16 Nov 2006 16:24:28 +0100 (MET)
Received: from xfe-ams-332.cisco.com ([144.254.231.73]) by xbh-ams-331.emea.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 16:24:28 +0100
Received: from [10.0.0.5] ([10.61.80.247]) by xfe-ams-332.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 07:24:27 -0800
In-Reply-To: <452F627D.9040202@ericsson.com>
References: <452F627D.9040202@ericsson.com>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <2A92368F-729B-4111-8770-0783B4B62B05@cisco.com>
Content-Transfer-Encoding: 7bit
From: Francois Le Faucheur IMAP <flefauch@cisco.com>
Date: Thu, 16 Nov 2006 16:23:10 +0100
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
X-Mailer: Apple Mail (2.752.3)
X-OriginalArrivalTime: 16 Nov 2006 15:24:27.0570 (UTC) FILETIME=[4DEF0120:01C70993]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=5207; t=1163690668; x=1164554668; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=flefauch@cisco.com; z=From:=20Francois=20Le=20Faucheur=20IMAP=20<flefauch@cisco.com> |Subject:=20Re=3A=20IETF=20LC=20comments=20on=20draft-ietf-tsvwg-rsvp-ips ec |Sender:=20; bh=9HlThhthbDJD9zNJI+azIjpDzOIxRKNoXlhHaBPApYk=; b=NOLYdRfak7M6ZmFsp6uzxRWQln4wOf+EjroVC5f7RrI3NDAP6KDP5dotPH9jHnaVoXs8Z8xu E7lLTfc06qBa3oWtUmBXIuIe0WFBt3Yfdo5a/xj3XnH6vHb1VUckC9mG;
Authentication-Results: ams-dkim-2; header.From=flefauch@cisco.com; dkim=pass ( sig from cisco.com/amsdkim2001 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3a4bc66230659131057bb68ed51598f8
Cc: tsvwg <tsvwg@ietf.org>, Christou Chris <christou_chris@bah.com>
Subject: [Tsvwg] Re: IETF LC comments on draft-ietf-tsvwg-rsvp-ipsec
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
Errors-To: tsvwg-bounces@ietf.org
Magnus and all, As a follow up from our discussion in San Diego, here is a proposal/ request-for-guidance to address the comments below: On 13 Oct 2006, at 11:55, Magnus Westerlund wrote: > Hi, the IESG received the below comment during the ongoing IETF LC. > I would appreciate some response to it. > > "I think that the "Security Considerations" section of this > document is significantly thin. There are significant security risks > associated with this sort of aggregation that I don't see discussed > in much detail. "RSVP Aggregation over Generic Aggregate RSVP reservations" as per this document is of course very very similar to "RSVP Aggregation over Aggregate RSVP reservation" as per RFC3175. The issues associated with "this sort of aggregation" were discussed in RFC3175, so we elected to refer to the security considerations in RFC3175. The current text says: " When generic aggregate reservations are used for aggregation of E2E reservations, the security considerations discussed in [RSVP-AGG] apply. " We could either keep it this way or replicate the relevant text. I would personally prefer keeping it that way because some of the security discussions relates to aggregation mechanisms (such as RSVP- E2E-IGNORE) which are specified in details in RFC3175 and only brought into our document by reference to RFC3175. But I can bring in the relevant text if you recommend we do so. > There should also be at least some mention of traffic > analysis issues and the potential DDOS attacks on the network > operator arising from this usage. Regarding traffic analysis, I am not quite sure what is there to say. It seems that if an entity uses RSVP to signal its reservation requirement from point A to point B, someone snooping RSVP signaling would be able to know ... what are the reservation requirement from point A to point B. That seems like a fundamental aspect of signaling. Or is the point that using aggregation makes traffic analysis easier because you get the full aggregate requirement by snooping one message? Is this worth mentioning this? Is there something smarter/more useful that should be said about traffic analysis that is specific to this document? > > Unlike RIPv2 Authentication, RSVP Authentication has never had > any measurably large deployment, as near as I can tell. Actually, I believe there is significant use of RSVP Authentication in MPLS Traffic Engineering deployments. > A practical > to deploy key management strategy is not apparent to me right now > for RSVP Authentication. RSVP Auth keys need to be placed in all > of the devices along a dynamic and *changing* flow path, so it is > much harder to pre-position manual keys along the whole path. > By contrast, OSPF and RIP have a well-defined and static set of > legitimate participating routers, so one can pre-position manual keys > in all of those OSPF/RIP routers (and that has been commonly done > in numerous enterprise networks using OSPFv2 Auth or RIPv2 Auth). Well, in environments where RSVP is deployed on all routers of a convex cloud, using pre-positioned keys for RSVP seems very similar to using pre-positioned keys for OSPF/RIP. I think pre-positioning keys with RSVP only gets more tricky in environments where you have non-RSVP routers in between RSVP routers. But in any case, most of this discussion about general applicability of RSVP Authentication seems beyond the scope of this particular document. The one point I can see which is specific to this document, is that the aggregation mechanisms used here rely on the Aggregator to send an E2E Path message into the Aggregation region without knowing ahead of time which Deaggregator will be used. This aspect is already discussed in the document, which also mentions that one possible solution then is to use the same key across all Aggregators/ Deaggregators. BTW, Pratik Bose, Fred Baker and I, plan to submit a document proposing a method for IPsec protection of RSVP which could be used in many RSVP environments, including the ones of generic aggregate RSVP. This may offer an alternative approach to the security concern discussed in previous paragraph. But this is future work, and need not be referenced from that document. > > If this gets published without addressing the above issues, > I think EXPERIMENTAL would be more appropriate than STANDARDS-TRACK. > That would let the community of interest have a stable spec > to reference, as they sort through the poortly addressed issues > that are outlined above." We certainly wish to publish this document as STANDARDS-TRACK. Hopefully we can do so once we've agreed on resolution of these comments. Thanks Francois > > > Best Regards > > Magnus Westerlund > > Multimedia Technologies, Ericsson Research EAB/TVA/A > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 8 4048287 > Torshamsgatan 23 | Fax +46 8 7575550 > S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
- [Tsvwg] IETF LC comments on draft-ietf-tsvwg-rsvp… Magnus Westerlund
- [Tsvwg] Re: IETF LC comments on draft-ietf-tsvwg-… Francois Le Faucheur IMAP
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Magnus Westerlund
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Magnus Westerlund
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Francois Le Faucheur IMAP
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Francois Le Faucheur IMAP
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Francois Le Faucheur IMAP
- Fwd: [Tsvwg] Re: IETF LC comments on draft-ietf-t… Francois Le Faucheur
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… RJ Atkinson