1 / 13

Rserpool Security

Rserpool Security. Maureen Stillman November 10, 2003 maureen.stillman@nokia.com. Design Team objectives. Last call on i-d draft-ietf-rserpool-threats-01.txt Received some comments and updated document Add directives from Transport Area Directors

garan
Download Presentation

Rserpool Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Rserpool Security Maureen Stillman November 10, 2003 maureen.stillman@nokia.com

  2. Design Team objectives • Last call on i-d draft-ietf-rserpool-threats-01.txt • Received some comments and updated document • Add directives from Transport Area Directors • Document said use either TLS or IPsec for ENRP-PE communications • AD directive to choose between TLS and IPsec • Generate security considerations sections for ASAP and ENRP

  3. PE - ENRP and ENRP-ENRP security • Asked at IETF #57 and on list: IPsec or TLS? • Consensus is for TLS • Drafts altered for TLS as mandatory to implement for: • PE-ENRP communications • ENRP-ENRP communications • Using TLS • MUST support TLS with SCTP as described in RFC 3436 or TLS over TCP as described in RFC 2246

  4. PU Authenticates ENRP server • Consensus reached • TLS would be used by the PU to authenticate the ENRP server (mandatory to implement) • Other methods of authentication are optional • TLS was deemed mandatory to implement for reasons of interoperability

  5. Rserpool Security Architecture using TLS PU PU authentication, integrity authentication, integrity Mutual authentication, integrity ENRP Server ENRP Server PE Mutual authentication, integrity Mutual authentication, integrity PE

  6. ENRP mixed security database PE A pool “foo” ENRP PE B pool “foo” PE C pool “foo” PE D pool “foo” ENRP foo Database PE A,C – secure PE B, D – not secure

  7. Mixed data base issues • Need to mark PE registrations – some have used security to register others not • When a PU requests a list, does it get the mixed list or one or the other? • Makes implementation more complex • Consensus reached – mixed database not allowed; either all secure or all not secured

  8. TLS ports – 1 port or 2 ports?2 port solution IANA assigns two ports for ENRP PE ENRP PE Register with ENRP using TLS

  9. TLS ports – 1 port or 2 ports?1 port solution IANA assigns one port only PE ENRP PE First send unsecured message with upgrade to TLS request; MITM can refuse upgrade; Fix: Protocol change to ASAP to request upgrade; can’t be rejected by ENRP

  10. Ports received - success • We received advice from Jon Peterson and Eric Rescorla • Both endorse the 2 port and one port solutions • We have asked IANA and received the following ports: • TCP 3863, 3864 • UDP 3863, 3864 • SCTP ????

  11. Securing the control channel • Two options • Data channel only • Control and data -- We have decided to multiplex the data and control channel • When the data channel is secured, the control channel is as well due to the multiplex • If data is not secured, neither is the control • Consensus reached that this is adequate for secruing the control channel

  12. Issue: TLS cipher suite • TLS has dozens of ciphersuites specified • Client and server perform a handshake to determine cipher suite • If they have no overlap; then communication is not possible • Usually specify a mandatory to implement ciphersuite to get around this problem • Suggestion is TLS_RSA_WITH_AES_128_CBC_SHA mandatory; TLS_RSA_WITH_3DES_EDE_CBC_SHA recommended • What about the option to not encrypt? • Some questions about this on the mailing list

  13. Next steps – declare victory! • Need to update text to include all issues • security considerations section or elsewhere in ASAP/ENRP • Please review the security considerations section of ASAP and ENRP • Thanks for being a part of the security design team!

More Related