Rserpool Security

1
Rserpool Security

• Maureen Stillman
• November 10, 2003
• maureen.stillman_at_nokia.com

2
Design Team objectives

• Last call on i-d draft-ietf-rserpool-threats-01.tx
  t
• Received some comments and updated document
• Add directives from Transport Area Directors
• Document said use either TLS or IPsec for ENRP-PE
  communications
• AD directive to choose between TLS and IPsec
• Generate security considerations sections for
  ASAP and ENRP

3
PE - ENRP and ENRP-ENRP security

• Asked at IETF 57 and on list IPsec or TLS?
• Consensus is for TLS
• Drafts altered for TLS as mandatory to implement
  for
• PE-ENRP communications
• ENRP-ENRP communications
• Using TLS
• MUST support TLS with SCTP as described in RFC
  3436 or TLS over TCP as described in RFC 2246

4
PU Authenticates ENRP server

• Consensus reached
• TLS would be used by the PU to authenticate the
  ENRP server (mandatory to implement)
• Other methods of authentication are optional
• TLS was deemed mandatory to implement for reasons
  of interoperability

5
Rserpool Security Architecture using TLS
PU
PU
authentication, integrity
authentication, integrity
Mutual authentication, integrity
ENRP Server
PE
ENRP Server
Mutual authentication, integrity
Mutual authentication, integrity
PE
6
ENRP mixed security database
PE A pool foo
ENRP
PE B pool foo
PE C pool foo
PE D pool foo
ENRP foo Database PE A,C secure PE B, D not
secure
7
Mixed data base issues

• Need to mark PE registrations some have used
  security to register others not
• When a PU requests a list, does it get the mixed
  list or one or the other?
• Makes implementation more complex
• Consensus reached mixed database not allowed
  either all secure or all not secured

8
TLS ports 1 port or 2 ports?2 port solution
IANA assigns two ports for ENRP
PE
ENRP
PE
Register with ENRP using TLS
9
TLS ports 1 port or 2 ports?1 port solution
IANA assigns one port only
PE
ENRP
PE
First send unsecured message with upgrade to TLS
request MITM can refuse upgrade Fix Protocol
change to ASAP to request upgrade cant be
rejected by ENRP
10
Ports received - success

• We received advice from Jon Peterson and Eric
  Rescorla
• Both endorse the 2 port and one port solutions
• We have asked IANA and received the following
  ports
• TCP 3863, 3864
• UDP 3863, 3864
• SCTP ????

11
Securing the control channel

• Two options
• Data channel only
• Control and data -- We have decided to multiplex
  the data and control channel
• When the data channel is secured, the control
  channel is as well due to the multiplex
• If data is not secured, neither is the control
• Consensus reached that this is adequate for
  secruing the control channel

12
Issue TLS cipher suite

• TLS has dozens of ciphersuites specified
• Client and server perform a handshake to
  determine cipher suite
• If they have no overlap then communication is
  not possible
• Usually specify a mandatory to implement
  ciphersuite to get around this problem
• Suggestion is TLS_RSA_WITH_AES_128_CBC_SHA
  mandatory TLS_RSA_WITH_3DES_EDE_CBC_SHA
  recommended
• What about the option to not encrypt?
• Some questions about this on the mailing list

13
Next steps declare victory!

• Need to update text to include all issues
• security considerations section or elsewhere in
  ASAP/ENRP
• Please review the security considerations section
  of ASAP and ENRP
• Thanks for being a part of the security design
  team!