Re: (another) WGLC started for "RSVP Security Groupkeying" ID
Bob Briscoe <rbriscoe@jungle.bt.co.uk> Fri, 24 September 2010 19:43 UTC
Return-Path: <rbriscoe@jungle.bt.co.uk>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A25DA3A69D9 for <tsvwg@core3.amsl.com>; Fri, 24 Sep 2010 12:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[AWL=0.728, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b-7204nJNZ97 for <tsvwg@core3.amsl.com>; Fri, 24 Sep 2010 12:43:30 -0700 (PDT)
Received: from smtp2.smtp.bt.com (smtp2.smtp.bt.com [217.32.164.150]) by core3.amsl.com (Postfix) with ESMTP id 1A7463A6B30 for <tsvwg@ietf.org>; Fri, 24 Sep 2010 12:43:28 -0700 (PDT)
Received: from i2kc06-ukbr.domain1.systemhost.net ([193.113.197.70]) by smtp2.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 24 Sep 2010 20:43:24 +0100
Received: from cbibipnt05.iuser.iroot.adidom.com ([147.149.196.177]) by i2kc06-ukbr.domain1.systemhost.net with Microsoft SMTPSVC(6.0.3790.4675); Fri, 24 Sep 2010 20:43:24 +0100
Received: From bagheera.jungle.bt.co.uk ([132.146.168.158]) by cbibipnt05.iuser.iroot.adidom.com (WebShield SMTP v4.5 MR1a P0803.399); id 1285357403193; Fri, 24 Sep 2010 20:43:23 +0100
Received: from MUT.jungle.bt.co.uk ([10.215.131.97]) by bagheera.jungle.bt.co.uk (8.13.5/8.12.8) with ESMTP id o8OJhMUf004506; Fri, 24 Sep 2010 20:43:22 +0100
Message-Id: <201009241943.o8OJhMUf004506@bagheera.jungle.bt.co.uk>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 24 Sep 2010 20:43:24 +0100
To: "Michael H. Behringer" <mbehring@cisco.com>
From: Bob Briscoe <rbriscoe@jungle.bt.co.uk>
Subject: Re: (another) WGLC started for "RSVP Security Groupkeying" ID
In-Reply-To: <C8C0E5AE.228BE%mbehring@cisco.com>
References: <201007271642.o6RGgX3U004751@bagheera.jungle.bt.co.uk> <C8C0E5AE.228BE%mbehring@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.56 on 132.146.168.158
X-OriginalArrivalTime: 24 Sep 2010 19:43:24.0491 (UTC) FILETIME=[C04901B0:01CB5C20]
Cc: "James Polk (jmpolk)" <jmpolk@cisco.com>, tsvwg IETF list <tsvwg@ietf.org>, ccamp@ietf.org
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 19:43:38 -0000
Michael, At 10:08 23/09/2010, Michael H. Behringer wrote: >WGs, > >Thanks to the reviewers for their feedback on this draft. > >The only suggestions we got from the WGLC came from Bob, and below you can >see how we addressed them in the just submitted version 7. > >We believe to have now addressed all comments following the WGLC, and would >like the chairs to move this document forward. > >Thanks, >Michael, Francois, Brian > > >On 27/07/2010 18:42, "Bob Briscoe" <rbriscoe@jungle.bt.co.uk> wrote: > > > James, Michael, Francois, > > > > Here's my review, > > > > I've only looked at the diffs from -05, which I already reviewed. So > > this review doesn't imply I've re-checked overall readability. > > > > S.4.1 > > "Static keys are preconfigured, either manually, or through a network > > management system, and not negotiated via a protocol." > > Delete: ", and not negotiated via a protocol" (the NMS uses a > > protocol and implying it somehow does not creates complacency - see > > next point). > >Deleted the sub-phrase. Good > > > "The provisioning of static keys requires either manual operator > > intervention on each node, or a network management system performing > > the same task." > > > > Would it be worth pointing out (or is it obvious?) that, if an NMS is > > giving nodes static keys, it needs to regularly change the keys it > > uses to verify that it is talking with the nodes it thinks it is > > talking with? This recursion has to stop somewhere! > >I'd argue that would end in a longer discussion on this topic, which is >really not helping the subject of the document significantly. So we made no >change here. Understood & OK. > > S.4.2.1 > > It's interesting that the following has been deleted. "However, > > existing key negotiation protocols such as IKEv1 [RFC2409] or IKEv2 > > [RFC4306] may not be appropriate in all environments because of the > > relative complexity of the protocols and related operations." > > > > Operational complexity is why Jonny can't encrypt, but we're not > > allowed to say why Jonny can't encrypt?! > > > > I would argue that something ought to remain of this sentiment, > > rather than deletion. Perhaps "Although it is recognised that > > existing key neg protocols RFC[...] are operationally complex to > > deploy, the security they provide compared to ad hoc manual > > alternatives is worth the effort invested." > >The question that was raised was "what does 'complex' mean?", which would >lead to a significantly longer discussion, which is not really the focus of >the document. So we suggest to not change this section. Well, you did originally change the section - you deleted any mention that IKEv* is complex. The original sentence was a good justification for group keying, so I think you should push harder to keep it, even tho it would make your life easier to just avoid criticism of other approaches. If you still believe your original sentence, I would support you keeping it, even if you cannot define what complexity means. Otherwise we could demand that all the text is removed from security area RFCs because no-one can define security either. This could be perceived as the security area censoring operational criticism of their protocols. I don't think removing the criticism is justified just because you can't strictly define complexity. But it's your call. > > S.6.1 > > "A router implementing GDOI and the AH and/or ESP protocols is > > therefore able to implement this policy." > > > > The 'and/or' implies the ESP protocol alone could be enough. This > > needs to refer forward to the limitations of ESP discussed in > > Security Considerations. (except they aren't there any more - see > next point) > > > > S.6.3. > > "In the case of ESP the new, outer IP header however is not > > cryptographically secured in this process. This has consequences > > when group keying is used; see the Security Considerations section > > for details." > > > > There is nothing about ESP in the Security Considerations section. > > And the re-routing attack previously described in Section "6.2. Using > > IPsec ESP" that I think this refers to has been deleted. Has this > > attack been proven to not exist, or was losing this text a mistake? > >We provided new text to clarify this. I'll look at the diffs shortly, but must dash now. Cheers Bob > > S.6.5. > > " Tunnel mode with address preservation, in conjunction with group > > keying, allows the use of AH or ESP for protection of RSVP even in > > cases where non-RSVP nodes have to be traversed. This is because it > > allows routing of the IPsec protected packet through the non-RSVP > > nodes in the same way as if it was not IPsec protected. > > " > > If we still intend to talk about the reservation re-routing attack > > (see previous point), we also need to refer to it here (once we have > > reinstated the text that talks about it). Because a reservation can > > be redirected by a non-RSVP hop in the address-preserving case as in > > other cases using ESP. > >We provided new text to clarify this. > > > S.10.1 > > Another "Subverted Nodes" attack occurs to me that uses the weakness > > of ESP vs AH. Using a group key, a subverted node could turn round a > > PATH message back to the previous node that the subverted node > > received it from, thus pretending the PATH had traversed the rest of > > the path when in fact the subverted node has just been holding on to > > it for a while. Thus the sending half of the nodes think the > > reservation has been set-up, while the receiving half never saw it. > > > > > > The point of mentioning these attacks is that, with group keying, a > > subverted node can change which direction it sends messages > > (sideways, backwards), not just subvert the messages it forwards. > >Also addressed in the new text. > > > Nits > > ==== > > S.2 > > "If a group key is used, the authentication granularity becomes group > > membership, not (individual) peer authentication." > > You might want to make it clear that you are talking about a group of > > nodes not humans ('group membership' is ambiguous). But I'm not > > insisting - it's unlikely to be misunderstood. > >Changed the sentence to "... the authentication granularity becomes group >membership of devices, not (individual) peer authentication between >devices." > > > s/...whether authentication or encryption (or both) are used. > > /...whether authentication or encryption (or both) is used./ > > Change it back to the correct English: the verb shouldn't match the > > phrase in the parenthesis. > >Changed. > > > S.2. Penultimate para: > > s/We note that if this handshake is taking place, > > /We note that if this handshake has taken place,/ > >Not changed. (I believe the present tense is more readable here) > > > S.3.1 > > s/INTEGITY > > /INTEGRITY/ > >Changed. > > > S.6.3. > > "This has consequences when group keying is used; see the Security > > Considerations section for details." > > > > s/consequences/negative consequences/ > >Changed. > > > S.6.5. > > "it is not possible to use tunnel-endpoint destination address" > > s/tunnel-endpoint > > /a tunnel-endpoint/ > >Changed. > > > Bob > > > > > > At 10:27 25/07/2010, Bob Briscoe wrote: > >> James, > >> > >> I can try to have a look by the deadline. > >> > >> > >> Bob > >> > >> At 17:48 14/07/2010, James M. Polk wrote: > >>> TSVWG > >>> > >>> This is to let everyone know we've initiated a new WGLC for the > >>> "RSVP Security Groupkeying" ID here. > >>> > >>> > http://tools.ietf.org/wg/tsvwg/draft-ietf-tsvwg-rsvp-security-groupkeying/ > >>> > >>> This ID has had some significant modifications based on the SecDir > >>> review by Stephen Kent. Please reread this ID to verify these > >>> changes are appropriate, and do not introduce new issues or concerns. > >>> > >>> Once you have reviewed this version, please send a note to the list > >>> with an indication whether or not this doc should proceed to the > >>> IESG for RFC consideration. We chairs need to gauge WG interest > >>> before this (or any) document progresses towards publication. > >>> > >>> Because of the IETF meeting so close, this is an extended WGLC, > >>> lasting 4 weeks - ending August 11th, 2010. > >>> > >>> Please do review this document and let us/the list know what you think. > >>> > >>> James & Gorry > >>> TSVWG chairs > >> > >> ________________________________________________________________ > >> Bob Briscoe, BT Innovate & Design > > > > ________________________________________________________________ > > Bob Briscoe, BT Innovate & Design > > ________________________________________________________________ Bob Briscoe, BT Innovate & Design
- (another) WGLC started for "RSVP Security Groupke… James M. Polk
- Re: (another) WGLC started for "RSVP Security Gro… Bob Briscoe
- Re: (another) WGLC started for "RSVP Security Gro… James M. Polk
- Re: (another) WGLC started for "RSVP Security Gro… Michael H. Behringer
- Re: (another) WGLC started for "RSVP Security Gro… Bob Briscoe
- Re: (another) WGLC started for "RSVP Security Gro… Bob Briscoe