Authentication and Confidentiality in Protocol Independent Multicast Sparse Mode (PIM-SM) Link-Local Messages
draft-ietf-pim-sm-linklocal-10

[Ballot discuss]
Given the known limitations of manual keying, and the limitations of current automated keying
methods for routing protocols, I am comfortable with manual keying being the mandatory to
implement method.  However, we are about to form a wg with the goal of developing practical
automated key management for routing protocols.

I think it would be prudent to specify the "unique Security Association for each peer" method
(method one in Section 8, as described in Figure 2 and paragraph 2 of section 8) as
SHOULD implement.  Implementations that support this method will be more amenable to
migrating from manual keying to automated keying.

[Ballot discuss]
The document says:

o  PIM-SM packets that fail the confidentiality checks MUST be
  silently discarded, although an implementation is RECOMMENDED to
  maintain a counter of such packets.  Note: this is an auditable
  event as described in RFC 4302 [RFC4302] and RFC 4303 [RFC4303].

What is the "confidentiality check"? Is this a copy-paste-error from
the authentication text few lines above, or do you have some specific
requirement on what kind of an ESP SA needs to be used? But the SPD
and SAD already define the requirements on those, so its not clear
to me why you have to say anything additional.

[Ballot discuss]
The document says:

o  PIM-SM packets that fail the confidentiality checks MUST be
  silently discarded, although an implementation is RECOMMENDED to
  maintain a counter of such packets.  Note: this is an auditable
  event as described in RFC 4302 [RFC4302] and RFC 4303 [RFC4303].

What is the "confidentiality check"? Is this a copy-paste-error from
the authentication few lines above, or do you have some specific
requirement on what kind of an ESP SA needs to be used? But the SPD
and SAD already define the requirements on those, so its not clear
to me why you have to say anything additional.

[Ballot comment]
4.  Authentication

  Implementations conforming to this specification MUST support
  authentication for PIM-SM link-local messages.  Implementations
  conforming to this specification MUST support HMAC-SHA1.

A reference to the document that defines authentication using HMAC-SHA1
would be very helpful here.
And BTW, did you mean HMAC-SHA1-96 mentioned in RFC 4835?

5.  Confidentiality

  Implementations conforming to this specification SHOULD support
  confidentiality for PIM-SM.  Implementations supporting
  confidentiality MUST support AES-CBC with a 128-bit key.

As above.

Here is the write-up.

> (1.a) Who is the Document Shepherd for this document? Has the
> Document Shepherd personally reviewed this version of the
> document and, in particular, does he or she believe this
> version is ready for forwarding to the IESG for publication?

Stig Venaas, yes.

> (1.b) Has the document had adequate review both from key WG members
> and from key non-WG members? Does the Document Shepherd have
> any concerns about the depth or breadth of the reviews that
> have been performed?

The document has been reviewed by several WG members and by SecDir.

> (1.c) Does the Document Shepherd have concerns that the document
> needs more review from a particular or broader perspective,
> e.g., security, operational complexity, someone familiar with
> AAA, internationalization or XML?

No

> (1.d) Does the Document Shepherd have any specific concerns or
> issues with this document that the Responsible Area Director
> and/or the IESG should be aware of? For example, perhaps he
> or she is uncomfortable with certain parts of the document, or
> has concerns whether there really is a need for it. In any
> event, if the WG has discussed those issues and has indicated
> that it still wishes to advance the document, detail those
> concerns here. Has an IPR disclosure related to this document
> been filed? If so, please include a reference to the
> disclosure and summarize the WG discussion and conclusion on
> this issue.

No

> (1.e) How solid is the WG consensus behind this document? Does it
> represent the strong concurrence of a few individuals, with
> others being silent, or does the WG as a whole understand and
> agree with it?

Unfortunately we got no responses on the WG mailing list to the last
call of the document. The chairs believe this is because the draft
really is about IPsec and there seems to be limited expertise on that
in the WG. At the WG meeting in San Francisco (shortly after the WGLC
ended), we asked the room whether people thought it should be sent to
the IESG. We had 4 in favor, none against.

> (1.f) Has anyone threatened an appeal or otherwise indicated extreme
> discontent? If so, please summarise the areas of conflict in
> separate email messages to the Responsible Area Director. (It
> should be in a separate email because this questionnaire is
> entered into the ID Tracker.)

No

> (1.g) Has the Document Shepherd personally verified that the
> document satisfies all ID nits? (See
> http://www.ietf.org/ID-Checklist.html and
> http://tools.ietf.org/tools/idnits/). Boilerplate checks are
> not enough; this check needs to be thorough. Has the document
> met all formal review criteria it needs to, such as the MIB
> Doctor, media type and URI type reviews?

Yes. The idnits tool has a couple of warnings on pre-rfc5378 and an
obsolete reference, but this is intentional.

> (1.h) Has the document split its references into normative and
> informative? Are there normative references to documents that
> are not ready for advancement or are otherwise in an unclear
> state? If such normative references exist, what is the
> strategy for their completion? Are there normative references
> that are downward references, as described in [RFC3967]? If
> so, list these downward references to support the Area
> Director in the Last Call procedure for them [RFC3967].

Split: Yes
Downref: No

> (1.i) Has the Document Shepherd verified that the document IANA
> consideration section exists and is consistent with the body
> of the document? If the document specifies protocol
> extensions, are reservations requested in appropriate IANA
> registries? Are the IANA registries clearly identified? If
> the document creates a new registry, does it define the
> proposed initial contents of the registry and an allocation
> procedure for future registrations? Does it suggest a
> reasonable name for the new registry? See [RFC5226]. If the
> document describes an Expert Review process has Shepherd
> conferred with the Responsible Area Director so that the IESG
> can appoint the needed Expert during the IESG Evaluation?

No IANA actions.

> (1.j) Has the Document Shepherd verified that sections of the
> document that are written in a formal language, such as XML
> code, BNF rules, MIB definitions, etc., validate correctly in
> an automated checker?

Yes, no formal language

> (1.k) The IESG approval announcement includes a Document
> Announcement Write-Up. Please provide such a Document
> Announcement Write-Up? Recent examples can be found in the
> "Action" announcements for approved documents. The approval
> announcement contains the following sections:
>
> Technical Summary

RFC 4601 mandates the use of IPsec to ensure authentication of the
link-local messages in the Protocol Independent Multicast - Sparse
Mode (PIM-SM) routing protocol. This document specifies mechanisms
to authenticate the PIM-SM link-local messages using the IP security
(IPsec) Encapsulating Security Payload (ESP) or (optionally) the
Authentication Header (AH). It specifies optional mechanisms to
provide confidentiality using the ESP. Manual keying is specified as
the mandatory and default group key management solution. To deal
with issues of scalability and security that exist with manual
keying, an optional support for automated group key management
mechanism is provided. However, the procedures for implementing
automated group key management are left to other documents. This
document updates RFC 4601.

> Working Group Summary

Due to limited IPsec expertise in the PIM wg, there was limited
input from the wg on this document.

> Document Quality

We are not aware of any implementations, although one is planned
for the summer 2009. The document had substantial improvements from
a SecDir review by Brian Weis.