IETF 85 KARP WG 11/5/12 I Preliminaries - Stewart Bryant: IPR is terribly bad when stated late - Stewart Bryant has a question on Sam Hartman's draft (draft-ietf-karp-ospf-analysis-06), will get answer shortly II Presentations - karp operations model -- Sam Hartman * good discussions and feedback, useful updates made * recovering from failure is a challenge because we need to put keys on the new router and sometimes update everyone else's hash of the (new) public key. Key recovery can be done many ways but some have harder operational challenges than others. SIDR has some ideas on this. Russ Housley Q: working with SIDR, have to be able to load keys from central site, have to consider time to recovery. Concerned about your comment about storing USB keys nearby A: from Randy Bush's draft, that's not what his draft says. Q: I disagree, now you have to worry about key storage device failing. A: we need to have that fight between us and you and SIDR Wes Hardaker Q: SIDR has been careful to make concerns meet requirements (?), if you are concerned about sending keys across your network then address those concerns A: there's text that talks about higher security options, things are different though, could be a PKI or a PSK Russ Housley Q: Uhm no. Abstractly, true, but... there's generating a keypair, getting pubkey to ca, ca signing the key, getting the cert into some repository, etc A: but cert can be sent inline with KMP Q: but we're following the SIDR model A: The last 2 parts aren't true, so the certificates can be sent as part of the KMP. Following the SIDR, all I'm talking about is whether or not you can stick them on a USB stick. Q: we also need to consider multicast and we can't shove the cert in all those packets. A: all multicast proposals support what I'm saying Q: worry we're gonna exceed ethernet packet size A: that's OK. Need to have that discussion in the specific KMP protocol discussion Q: just not happy with blanket statement "we have it solved" A: of course * following the SIDR work is good. Have a best practices Uma Chunduri Q: I've gone through the SIDR draft, and you're saying that we'll make both options available, right? A: not quite but it falls out from what I'm saying * some BGP deployments group configs together, makes it easier to deploy. Can cause problems when transitioning to TCP-AO. * Desire to maintain tcp-md5 and tcp-ao at the same time for operational reasons. Brian Weis Q: choice of using -md5 or -ao is a higher level decision. You're really talking about changing security of the deployed protocol, right? A: political discussion about who Acee Lindem Q: why is equipment failure tied to changing credentials? These should be 2 independent events. Possible to change equipment without changing credential. A: are you bringing us back to the original discussion? Q: well... that discussion implies that you need to change your keys. A: you may want to replace the same psk Russ Housley Q: not really A: There's the issue of equipment failure, and the issue of BGP failing. Acee Lindem Q: assumed that failure makes you loose all state A: if you didn't lose your state and the state wasn't compromised then move on Uma Chunduri Q: in the case of -md5 to -ao change that implies a software upgrade, right? A: using -ao means new software but it's assumed that it'll be there when people want to use it Q: this is a 2 step process then, upgrade and transition A: yes Russ Housley Q: 3 steps, and add key for -ao A: yes Sam Hartman asks for show of hands to see whether this is something we need to look into: 5 yes, 0 no, Russ Housley says "lots of ambivalence" Sam Harman asks whether people who've read it think it's reasonably close? No response - KARP IS-IS security gap analysis - Uma Chunduri * quick recap, presented in taipei and paris * current state of key usage, threat analysis, all routers in the same area need the same key (???), analyzed spoofing attacks, ..., how to transition is important * addressed issues in -01 and -02 and -03 versions * requests WG adoption of draft - Analysis of BFD Security - Mahesh Jethanandani * Why BFD? It's used today and if it can be attacked it can bring down the routing protocol * BFD is vulnerable to a few attacks.... * 5 auth mechanisms for securing BFD control, each has some weaknesses * issues with inter-session replay attack * new auth requirements have impacts * makes recommendations * requests WG adoption of draft - TCP Auth Option w/IKEv2 - Dacheng Zhang * want to integrate IKEv2 with TCP-AO, not generate a kmp for pairwise routing protocols, extends SA payload * new protocol-- TCP-AO-- in transform sub-payload, 2 new MAC algs for new protocol, new type of transform to say whether options are protected too * -ao keyid is sent in spi field of proposal * use new protocol id in notify and delete payloads Uma Chunduri Q: you included work of my draft but there are changes, and my draft specifies 2 things, ..., we're discussing how IKEv2 places the keys, want to make sure we're on the same page A (Brian Weis): that's a discussion we need to have Brian Weis asks: does this seem reasonable. Yes. - Simplified Peer Authentication - Uma Chunduri * wants to minimize usage of password-based auth and to move from manual keys to a kmp * possible auth methods-- symmetric key, asymmetric key, EAP * use of raw keys would be advantageous Tero Kivinen Q: draft doesn't specify the fingerprint, it's how you send the whole key in the CERT payload A: I named your draft because you specify how to use it and that's useful * generating fingerprints Tero Kivinen Q: hard to parse this in a certificate request. You should use raw public key format, not X.509. No need to encode it as X.509 ever, just use it as raw public key. We can use subjectPublickeyInfo in the raw key itself to identify A: that's what I'm doing * how to publish fingerprints * how to revoke a fingerprint-- problematic Dan Harkins Q: you asked if there's something between symmetric psk and asymmetric. You also mention EAP. Don't do EAP. But there's also 3 diff protocols to do secure psk authentication that are resistant to dictionary attack. Might consider using one of those. A: goal is to avoid shared keys Tero Kivinen Q: the problem is that shared keys are never changed. A: yes thank you Brian Weis asks Sam Hartman if this draft works with his and Dacheng Zhang's draft. Sam says yes. Cert fingerprints or key fingerprints doesn't matter, just need to pick one.