Quick and Dirty Secure Autonomic Control Plane for GRASP
draft-carpenter-anima-quads-grasp-03

Document Type Active Internet-Draft (individual)
Last updated 2020-06-28
Stream (None)
Intended RFC status (None)
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                    B. E. Carpenter
Internet-Draft                                         Univ. of Auckland
Intended status: Informational                              29 June 2020
Expires: 31 December 2020

        Quick and Dirty Secure Autonomic Control Plane for GRASP
                  draft-carpenter-anima-quads-grasp-03

Abstract

   A secure substrate known as the Autonomic Control Plane (ACP) is
   required by the Generic Autonomic Signaling Protocol (GRASP) used by
   Autonomic Service Agents.  This document describes QUADS, a QUick And
   Dirty Secure ACP using symmetric cryptography and preconfigured keys
   or passwords.  It also describes a simplistic QUADS Key
   Infrastructure based on asymmetric cryptography used over insecure
   instances of GRASP to create a QUADS ACP.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 31 December 2020.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Carpenter               Expires 31 December 2020                [Page 1]
Internet-Draft             QUADS ACP for GRASP                 June 2020

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  QUick And Dirty Security ACP Method . . . . . . . . . . . . .   3
   3.  QUick And Dirty Security Key Infrastructure . . . . . . . . .   3
   4.  Implementation Status [RFC Editor: please remove] . . . . . .   6
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   8
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   8
   Appendix A.  Change log [RFC Editor: Please remove] . . . . . . .   9
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   As defined in [I-D.ietf-anima-reference-model], the Autonomic Service
   Agent (ASA) is the atomic entity of an autonomic function, and it is
   instantiated on autonomic nodes.  When ASAs communicate with each
   other, they should use the Generic Autonomic Signaling Protocol
   (GRASP) [I-D.ietf-anima-grasp].  It is essential that such
   communication is strongly secured to avoid malicious interference
   with the Autonomic Network Infrastructure (ANI).

   For this reason, GRASP must run over a secure substrate that is
   isolated from regular data plane traffic.  This substrate is known as
   the Autonomic Control Plane (ACP).  A method for constructing an ACP
   at the network layer is described in
   [I-D.ietf-anima-autonomic-control-plane].  Scenarios for link layer
   ACPs are discussed in [I-D.carpenter-anima-l2acp-scenarios].  The
   present document describes a simple method of forming an ACP
   immediately above the transport layer, known as QUADS (QUick And
   Dirty Security) ACP for GRASP.

   It also describes a simplistic key infrastructure known as QUADSKI,
   using asymmetric cryptography embedded in GRASP objectives used over
   insecure instances of GRASP.

Carpenter               Expires 31 December 2020                [Page 2]
Internet-Draft             QUADS ACP for GRASP                 June 2020

2.  QUick And Dirty Security ACP Method

   Every GRASP message, whether unicast or multicast, is encrypted
   immediately before transmission, and decrypted immediately after
   reception, using the same symmetric encryption algorithm and domain-
   wide shared keys.  This applies to all unicast and multicast messages
Show full document text