Re: [Tsvwg] Re: IETF LC comments on draft-ietf-tsvwg-rsvp-ipsec
Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 17 November 2006 15:21 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gl5Wd-0007Y7-UQ; Fri, 17 Nov 2006 10:21:07 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gl5Wd-0007Wz-5a for tsvwg@ietf.org; Fri, 17 Nov 2006 10:21:07 -0500
Received: from mailgw3.ericsson.se ([193.180.251.60]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gl5WU-0001Qc-7E for tsvwg@ietf.org; Fri, 17 Nov 2006 10:21:05 -0500
Received: from esealmw128.eemea.ericsson.se (unknown [153.88.254.121]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id 5B53C10A3; Fri, 17 Nov 2006 16:20:55 +0100 (CET)
Received: from esealmw126.eemea.ericsson.se ([153.88.254.170]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 17 Nov 2006 16:20:55 +0100
Received: from [147.214.30.247] ([147.214.30.247]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 17 Nov 2006 16:20:54 +0100
Message-ID: <455DD356.1040007@ericsson.com>
Date: Fri, 17 Nov 2006 16:20:54 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Subject: Re: [Tsvwg] Re: IETF LC comments on draft-ietf-tsvwg-rsvp-ipsec
References: <452F627D.9040202@ericsson.com> <2A92368F-729B-4111-8770-0783B4B62B05@cisco.com> <455DAEFC.3030103@ericsson.com>
In-Reply-To: <455DAEFC.3030103@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 17 Nov 2006 15:20:54.0915 (UTC) FILETIME=[F9982D30:01C70A5B]
X-Brightmail-Tracker: AAAAAA==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7268a2980febc47a9fa732aba2b737ba
Cc: Christou Chris <christou_chris@bah.com>, RJ Atkinson <rja@extremenetworks.com>, tsvwg <tsvwg@ietf.org>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
Errors-To: tsvwg-bounces@ietf.org
Hi, Below is answers from Ran to Francois comments. You will need to keep him on the CC to discuss these issues. ---- Text from Ran Atkinson ---------------- > On 13 Oct 2006, at 11:55, Magnus Westerlund wrote: > >> Hi, the IESG received the below comment during the ongoing IETF LC. I would appreciate some response to it. >> >> "I think that the "Security Considerations" section of this >> document is significantly thin. There are significant security risks >> associated with this sort of aggregation that I don't see discussed >> in much detail. > > "RSVP Aggregation over Generic Aggregate RSVP reservations" as per this document is of course very very similar to "RSVP Aggregation over Aggregate RSVP reservation" as per RFC3175. The issues associated with "this sort of aggregation" were discussed in RFC3175, so we elected to refer to the security considerations in RFC3175. The current text says: > " > When generic aggregate reservations are used for aggregation of E2E > reservations, the security considerations discussed in [RSVP-AGG] > apply. > " > We could either keep it this way or replicate the relevant text. I would personally prefer keeping it that way because some of the security discussions relates to aggregation mechanisms (such as RSVP-E2E-IGNORE) which are specified in details in RFC3175 and only brought into our document by reference to RFC3175. > But I can bring in the relevant text if you recommend we do so. The relevant text ought to be replicated, possibly editing it to reflect whatever differences might exist between this and RFC-3175 and whatever we know/realise now that might not have been clearly documented or understood then. >> There should also be at least some mention of traffic >> analysis issues and the potential DDOS attacks on the network >> operator arising from this usage. > > Regarding traffic analysis, I am not quite sure what is there to say. > It seems that if an entity uses RSVP to signal its reservation requirement from point A to point B, someone snooping RSVP signaling would be able to know ... what are the reservation requirement from point A to point B. That seems like a fundamental aspect of signaling. It is a fundamental aspect of *clear-text* *in-band* signalling. It is not a fundamental aspect of in-band signalling. For example, one could provide confidentiality to the signalling traffic (if one could figure out how to distribute keys properly). It is not a fundamental aspect of signalling. For example, Signalling System 7 (used in the telephony world) is out-of-band, so snooping by ordinary users generally isn't practical. > Or is the point that using aggregation makes traffic analysis easier because you get the full aggregate requirement by snooping one message? > Is this worth mentioning this? This is also worth mentioning, and it is a difference in risk from ordinary RSVP usage. > Is there something smarter/more useful that should be said about traffic analysis that is specific to this document? > >> >> Unlike RIPv2 Authentication, RSVP Authentication has never had >> any measurably large deployment, as near as I can tell. > > Actually, I believe there is significant use of RSVP Authentication in MPLS Traffic Engineering deployments. I know of several ISPs that use RSVP for MPLS Traffic Engineering. I do not know of *one* that has enabled RSVP Authentication for MPLS. Several have said that RSVP Authentication is impractical to enable because of the absence of suitable key management. This has come up in hallway conversations with operators at RIPE and NANOG in the past. More recently, I've heard complaints about this aspect of RSVP informally from certain parts of the US Government. This issue is not unique to RSVP. For example, BGP Authentication (or RIPv2 Authentication) faces similar challenges where we have a suitable authentication mechanism, but the absence of suitable key management is one of several reasons that BGP Authentication has somewhat limited deployment. If one looks at the RIPv2 Authentication document (either the original one or the latest one), then one will see that this key management issue for RIP is carefully described -- along with suggestions for how the IETF might be able to fill that gap in future. If the authors think that suitable key management exists for RSVP in this usage, it would be VERY helpful to document that in the SECURITY CONSIDERATIONS for this draft, so that operators who choose to deploy this mechanism know how to do it. Alternately, and more likely in my view, they should at least clearly document this key management issue/gap with RSVP for this usage in the SECURITY CONSIDERATIONS section. If they think a reasonable algorithm exists, by all means add a citation to REFERENCES and mention that in SECURITY CONSIDERATIONS as a possible future approach. In the case of RIPv2, RIP packets are typically sent via IP multicast to a special IP multicast group. So if/when IETF has a key management protocol for multicast applications (there is, I believe, the MSEC WG on this -- and both RFC-2094 and RFC-2095 give reasonable hope that it is a tractable problem), then RIP can use that approach. OSPF's situation is essentially the same as RIP, since both use IP multicasting to reserved multicast groups. In the case of RSVP, packets are sent along a path, but the actual path members are dynamic. It is unclear to me that a key management strategy even exists for this sort of deployment. Maybe, and one would have to give it a lot more thought, one could use a public-key scheme along with a PKI (holding an incoming RSVP packet for the relatively long time a key management protocol transaction would take likely has adverse consequences for the flow being signalled). If the authors think such a strategy really exists, it would be helpful to mention it and perhaps add a citation or two in the REFERENCES section. >> A practical >> to deploy key management strategy is not apparent to me right now >> for RSVP Authentication. RSVP Auth keys need to be placed in all >> of the devices along a dynamic and *changing* flow path, so it is >> much harder to pre-position manual keys along the whole path. >> By contrast, OSPF and RIP have a well-defined and static set of >> legitimate participating routers, so one can pre-position manual keys >> in all of those OSPF/RIP routers (and that has been commonly done >> in numerous enterprise networks using OSPFv2 Auth or RIPv2 Auth). > > Well, in environments where RSVP is deployed on all routers of a convex cloud, using pre-positioned keys for RSVP seems very similar to using pre-positioned keys for OSPF/RIP. I think pre-positioning keys with RSVP only gets more tricky in environments where you have non-RSVP routers in between RSVP routers. See above. This analysis is flawed in that both RIP and OSPF use special-purpose IP multicast groups, so they can use MSEC's multicast key management. RSVP does not use multicast, so it is not obvious that it can use multicast key management. > But in any case, most of this discussion about general applicability of RSVP Authentication seems beyond the scope of this particular document. Not at all. If we have an issue with a security mechanism and some protocol extension relies on that security mechanism, then the issue remains unresolved for the usage in the extension document and also should be clearly documented in the extension document's SECURITY CONSIDERATIONS. > The one point I can see which is specific to this document, is that the aggregation mechanisms used here rely on the Aggregator to send an E2E Path message into the Aggregation region without knowing ahead of time which Deaggregator will be used. This aspect is already discussed in the document, which also mentions that one possible solution then is to use the same key across all Aggregators/Deaggregators. Since we don't have a way to actually manage keys, it isn't clear that this is any more practical than the general case, though it is good that it is already mentioned. > BTW, Pratik Bose, Fred Baker and I, plan to submit a document proposing a method for IPsec protection of RSVP which could be used in many RSVP environments, including the ones of generic aggregate RSVP. This may offer an alternative approach to the security concern discussed in previous paragraph. But this is future work, and need not be referenced from that document. At least the existence of the current real-world issues that make it hard for a deployment to be secured should be fully documented in the SECURITY CONSIDERATIONS. It might, depending on the IESG's views, be reasonable to add a paragraph to SECURITY CONSIDERATIONS outlining the general concept that the 3 folks names above have in mind for key management and indicate that this is one possible future direction. As Steve Bellovin would be very quick to point out, "just use IPsec" is not always a very credible answer. I am the original author of AH and ESP; I co-chaired the IPsec WG for a while. In this case, the issue is not so much how to use AH/ESP with RSVP, which might be what is meant by the quoted text above, but how would one manage the keys. It is not at all clear that a hybrid Diffie-Hellman scheme, such as ISAKMP/IKE, can be used in an RSVP deployment such as is described here. This is UNLIKE the case with RIP or OSPF, which use multicast for their messages, where there are published techniques for multicast key management (RFC-2093, RFC-2094, and a wider number in the open cryptographic literature) and there has been an IETF MSEC WG actually developing multicast key management for IETF use. It seems that if one looks through the above, at a bare minimum significant new text (on several different topics) is needed in this document's SECURITY CONSIDERATIONS section. Yours, Ran rja@extremenetworks.com -- Magnus Westerlund IETF Transport Area Director & TSVWG Chair ---------------------------------------------------------------------- Multimedia Technologies, Ericsson Research EAB/TVA/A ---------------------------------------------------------------------- Ericsson AB | Phone +46 8 4048287 Torshamsgatan 23 | Fax +46 8 7575550 S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [Tsvwg] IETF LC comments on draft-ietf-tsvwg-rsvp… Magnus Westerlund
- [Tsvwg] Re: IETF LC comments on draft-ietf-tsvwg-… Francois Le Faucheur IMAP
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Magnus Westerlund
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Magnus Westerlund
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Francois Le Faucheur IMAP
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Francois Le Faucheur IMAP
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… Francois Le Faucheur IMAP
- Fwd: [Tsvwg] Re: IETF LC comments on draft-ietf-t… Francois Le Faucheur
- Re: [Tsvwg] Re: IETF LC comments on draft-ietf-ts… RJ Atkinson