Re: (another) WGLC started for "RSVP Security Groupkeying" ID
Bob Briscoe <rbriscoe@jungle.bt.co.uk> Fri, 24 September 2010 19:51 UTC
Return-Path: <rbriscoe@jungle.bt.co.uk>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9869B3A69E3 for <tsvwg@core3.amsl.com>; Fri, 24 Sep 2010 12:51:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.415
X-Spam-Level:
X-Spam-Status: No, score=-1.415 tagged_above=-999 required=5 tests=[AWL=0.702, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YKbRv5NkGDYE for <tsvwg@core3.amsl.com>; Fri, 24 Sep 2010 12:50:59 -0700 (PDT)
Received: from smtp4.smtp.bt.com (smtp4.smtp.bt.com [217.32.164.151]) by core3.amsl.com (Postfix) with ESMTP id 049373A694D for <tsvwg@ietf.org>; Fri, 24 Sep 2010 12:50:58 -0700 (PDT)
Received: from i2kc06-ukbr.domain1.systemhost.net ([193.113.197.70]) by smtp4.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 24 Sep 2010 20:51:30 +0100
Received: from cbibipnt05.iuser.iroot.adidom.com ([147.149.196.177]) by i2kc06-ukbr.domain1.systemhost.net with Microsoft SMTPSVC(6.0.3790.4675); Fri, 24 Sep 2010 20:51:30 +0100
Received: From bagheera.jungle.bt.co.uk ([132.146.168.158]) by cbibipnt05.iuser.iroot.adidom.com (WebShield SMTP v4.5 MR1a P0803.399); id 1285357888555; Fri, 24 Sep 2010 20:51:28 +0100
Received: from MUT.jungle.bt.co.uk ([10.215.131.97]) by bagheera.jungle.bt.co.uk (8.13.5/8.12.8) with ESMTP id o8OJpSXb004564; Fri, 24 Sep 2010 20:51:28 +0100
Message-Id: <201009241951.o8OJpSXb004564@bagheera.jungle.bt.co.uk>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 24 Sep 2010 20:51:30 +0100
To: "Michael H. Behringer" <mbehring@cisco.com>
From: Bob Briscoe <rbriscoe@jungle.bt.co.uk>
Subject: Re: (another) WGLC started for "RSVP Security Groupkeying" ID
In-Reply-To: <7.1.0.9.2.20100924202731.05523250@jungle.bt.co.uk>
References: <201007271642.o6RGgX3U004751@bagheera.jungle.bt.co.uk> <C8C0E5AE.228BE%mbehring@cisco.com> <7.1.0.9.2.20100924202731.05523250@jungle.bt.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.56 on 132.146.168.158
X-OriginalArrivalTime: 24 Sep 2010 19:51:30.0092 (UTC) FILETIME=[E1B9D6C0:01CB5C21]
Cc: "James Polk (jmpolk)" <jmpolk@cisco.com>, tsvwg IETF list <tsvwg@ietf.org>, ccamp@ietf.org
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 19:51:06 -0000
Michael, Looked at diffs, and I'm happy with the new text that reinstates the route diversion attack and points to RFC5374 address preservation as a protection against it. Nits are all cleared too. Cheers Bob At 20:43 24/09/2010, Bob Briscoe wrote: >To: "Michael H. Behringer" <mbehring@cisco.com> >From: Bob Briscoe <rbriscoe@jungle.bt.co.uk> >Subject: Re: (another) WGLC started for "RSVP Security Groupkeying" ID >Cc: "James Polk (jmpolk)" <jmpolk@cisco.com>, Francois Le Faucheur ><flefauch@cisco.com>, tsvwg IETF list <tsvwg@ietf.org>, <ccamp@ietf.org> >In-Reply-To: <C8C0E5AE.228BE%mbehring@cisco.com> >References: <201007271642.o6RGgX3U004751@bagheera.jungle.bt.co.uk> ><C8C0E5AE.228BE%mbehring@cisco.com> > >Michael, > > >At 10:08 23/09/2010, Michael H. Behringer wrote: >>WGs, >> >>Thanks to the reviewers for their feedback on this draft. >> >>The only suggestions we got from the WGLC came from Bob, and below you can >>see how we addressed them in the just submitted version 7. >> >>We believe to have now addressed all comments following the WGLC, and would >>like the chairs to move this document forward. >> >>Thanks, >>Michael, Francois, Brian >> >> >>On 27/07/2010 18:42, "Bob Briscoe" <rbriscoe@jungle.bt.co.uk> wrote: >> >> > James, Michael, Francois, >> > >> > Here's my review, >> > [snip] >> > S.6.1 >> > "A router implementing GDOI and the AH and/or ESP protocols is >> > therefore able to implement this policy." >> > >> > The 'and/or' implies the ESP protocol alone could be enough. This >> > needs to refer forward to the limitations of ESP discussed in >> > Security Considerations. (except they aren't there any more - >> see next point) >> > >> > S.6.3. >> > "In the case of ESP the new, outer IP header however is not >> > cryptographically secured in this process. This has consequences >> > when group keying is used; see the Security Considerations section >> > for details." >> > >> > There is nothing about ESP in the Security Considerations section. >> > And the re-routing attack previously described in Section "6.2. Using >> > IPsec ESP" that I think this refers to has been deleted. Has this >> > attack been proven to not exist, or was losing this text a mistake? >> >>We provided new text to clarify this. > >I'll look at the diffs shortly, but must dash now. > >Cheers > > > >Bob > > >> > S.6.5. >> > " Tunnel mode with address preservation, in conjunction with group >> > keying, allows the use of AH or ESP for protection of RSVP even in >> > cases where non-RSVP nodes have to be traversed. This is because it >> > allows routing of the IPsec protected packet through the non-RSVP >> > nodes in the same way as if it was not IPsec protected. >> > " >> > If we still intend to talk about the reservation re-routing attack >> > (see previous point), we also need to refer to it here (once we have >> > reinstated the text that talks about it). Because a reservation can >> > be redirected by a non-RSVP hop in the address-preserving case as in >> > other cases using ESP. >> >>We provided new text to clarify this. >> >> > S.10.1 >> > Another "Subverted Nodes" attack occurs to me that uses the weakness >> > of ESP vs AH. Using a group key, a subverted node could turn round a >> > PATH message back to the previous node that the subverted node >> > received it from, thus pretending the PATH had traversed the rest of >> > the path when in fact the subverted node has just been holding on to >> > it for a while. Thus the sending half of the nodes think the >> > reservation has been set-up, while the receiving half never saw it. >> > >> > >> > The point of mentioning these attacks is that, with group keying, a >> > subverted node can change which direction it sends messages >> > (sideways, backwards), not just subvert the messages it forwards. >> >>Also addressed in the new text. >> >> > Nits >> > ==== >> > S.2 >> > "If a group key is used, the authentication granularity becomes group >> > membership, not (individual) peer authentication." >> > You might want to make it clear that you are talking about a group of >> > nodes not humans ('group membership' is ambiguous). But I'm not >> > insisting - it's unlikely to be misunderstood. >> >>Changed the sentence to "... the authentication granularity becomes group >>membership of devices, not (individual) peer authentication between >>devices." >> >> > s/...whether authentication or encryption (or both) are used. >> > /...whether authentication or encryption (or both) is used./ >> > Change it back to the correct English: the verb shouldn't match the >> > phrase in the parenthesis. >> >>Changed. >> >> > S.2. Penultimate para: >> > s/We note that if this handshake is taking place, >> > /We note that if this handshake has taken place,/ >> >>Not changed. (I believe the present tense is more readable here) >> >> > S.3.1 >> > s/INTEGITY >> > /INTEGRITY/ >> >>Changed. >> >> > S.6.3. >> > "This has consequences when group keying is used; see the Security >> > Considerations section for details." >> > >> > s/consequences/negative consequences/ >> >>Changed. >> >> > S.6.5. >> > "it is not possible to use tunnel-endpoint destination address" >> > s/tunnel-endpoint >> > /a tunnel-endpoint/ >> >>Changed. >> >> > Bob >> > >> > >> > At 10:27 25/07/2010, Bob Briscoe wrote: >> >> James, >> >> >> >> I can try to have a look by the deadline. >> >> >> >> >> >> Bob >> >> >> >> At 17:48 14/07/2010, James M. Polk wrote: >> >>> TSVWG >> >>> >> >>> This is to let everyone know we've initiated a new WGLC for the >> >>> "RSVP Security Groupkeying" ID here. >> >>> >> >>> >> http://tools.ietf.org/wg/tsvwg/draft-ietf-tsvwg-rsvp-security-groupkeying/ >> >>> >> >>> This ID has had some significant modifications based on the SecDir >> >>> review by Stephen Kent. Please reread this ID to verify these >> >>> changes are appropriate, and do not introduce new issues or concerns. >> >>> >> >>> Once you have reviewed this version, please send a note to the list >> >>> with an indication whether or not this doc should proceed to the >> >>> IESG for RFC consideration. We chairs need to gauge WG interest >> >>> before this (or any) document progresses towards publication. >> >>> >> >>> Because of the IETF meeting so close, this is an extended WGLC, >> >>> lasting 4 weeks - ending August 11th, 2010. >> >>> >> >>> Please do review this document and let us/the list know what you think. >> >>> >> >>> James & Gorry >> >>> TSVWG chairs >> >> >> >> ________________________________________________________________ >> >> Bob Briscoe, BT Innovate & Design >> > >> > ________________________________________________________________ >> > Bob Briscoe, BT Innovate & Design >> > > >________________________________________________________________ >Bob Briscoe, BT Innovate & Design ________________________________________________________________ Bob Briscoe, BT Innovate & Design
- (another) WGLC started for "RSVP Security Groupke… James M. Polk
- Re: (another) WGLC started for "RSVP Security Gro… Bob Briscoe
- Re: (another) WGLC started for "RSVP Security Gro… James M. Polk
- Re: (another) WGLC started for "RSVP Security Gro… Michael H. Behringer
- Re: (another) WGLC started for "RSVP Security Gro… Bob Briscoe
- Re: (another) WGLC started for "RSVP Security Gro… Bob Briscoe