Transport Layer Security Transport Layer Security (TLS) in TWAMP ? (TLS) in TWAMP ?

New Mode for Control ProtocolNew Mode for Control Protocol

Al MortonAl Morton

November 9, 2008November 9, 2008

22

BackgroundBackground

Security measures were controversial for Security measures were controversial for OWAMP and (quickly revisited for) TWAMPOWAMP and (quickly revisited for) TWAMP

A compromise was reached (AES in CBC and A compromise was reached (AES in CBC and ECB modes with HMAC for integrity protection).ECB modes with HMAC for integrity protection).

Key aspect of the “ *WAMPs”Key aspect of the “ *WAMPs” packet loss possible in Test protocol, no retransmit packet loss possible in Test protocol, no retransmit

OWAMP Security Considerations discuss why OWAMP Security Considerations discuss why TLS is unsuitable in TLS is unsuitable in TESTTEST protocol protocol

RFC 4656 OWAMP requires TEST protocol RFC 4656 OWAMP requires TEST protocol mode to mode to inheritinherit the CONTROL protocol mode. the CONTROL protocol mode.

33

Enter TWAMPEnter TWAMP

Desire to add Mixed-Security ModeDesire to add Mixed-Security ModeEncrypted Control, Unauthenticated TestEncrypted Control, Unauthenticated TestUses current methods AES-CBC & HMACUses current methods AES-CBC & HMACdraft-ietf-ippm-more-twamp-00 @ WGLC?draft-ietf-ippm-more-twamp-00 @ WGLC?

Running TWAMP Test in clear frees Running TWAMP Test in clear frees resources, Encrypted Control still valuableresources, Encrypted Control still valuable

Question:Question:Do implementers see value in adopting TLS Do implementers see value in adopting TLS

for the TWAMP-Control protocol?for the TWAMP-Control protocol?(With TWAMP-Test in the clear)(With TWAMP-Test in the clear)

44

TLS Mode InvestigationTLS Mode Investigation

The NETCONF wg has reached The NETCONF wg has reached consensus on a similar effortconsensus on a similar effortNETCONF over TLS NETCONF over TLS draft-draft-ietf-netconf-tlsietf-netconf-tls Requests a new TCP Requests a new TCP well-known portwell-known portNETCONF Manager acts as TLS clientNETCONF Manager acts as TLS clientNETCONF Agent listens as TLS serverNETCONF Agent listens as TLS serverTLS Handshake (HS) begins with TLS Handshake (HS) begins with

Manager/client sending TLS ClientHelloManager/client sending TLS ClientHelloAfter TLS HS, exchange NETCONF dataAfter TLS HS, exchange NETCONF data

55

Modes Allowed with TLSModes Allowed with TLS

-------------------------------------------------------------------------------------------------------- Protocol | Permissible Mode CombinationsProtocol | Permissible Mode Combinations -------------------------------------------------------------------------------------------------------- Control | Unauth. | Encrypted | Control | Unauth. | Encrypted | TLSTLS -------------------------------------------------------------------------------------------------------- | Unauth. | | Unauth. | UnauthUnauth. | . | UnauthUnauth.. -------------------------------------------------------------------------------------- Test | | Auth. |Test | | Auth. | -------------------------------------------------------------------------------------- | | Encrypted || | Encrypted | --------------------------------------------------------------------------------------------------------

66

TLS Mode Feature (w-k port)TLS Mode Feature (w-k port)

C-C ServerC-C Server

|---------->| TCP SYN (862)|---------->| TCP SYN (862)|<----------| SYN-ACK|<----------| SYN-ACK|---------->| ACK|---------->| ACK|<----------| Server Greeting|<----------| Server Greeting TLS-Mode Feature, bit ? setTLS-Mode Feature, bit ? set|---------->| Set-Up-Response (mod)|---------->| Set-Up-Response (mod)|<--------->| TLS Handshake|<--------->| TLS Handshake|<----------| Server Start (mod)|<----------| Server Start (mod)

77

Modes Field Assignment for TLSModes Field Assignment for TLS

Value Description Reference/ExplanationValue Description Reference/Explanation 0 Reserved0 Reserved 1 Unauthenticated RFC4656, Section 3.11 Unauthenticated RFC4656, Section 3.1 2 Authenticated RFC4656, Section 3.12 Authenticated RFC4656, Section 3.1 4 Encrypted RFC4656, Section 3.14 Encrypted RFC4656, Section 3.1 8 Unauth. TEST protocol, more-twamp memo (3)8 Unauth. TEST protocol, more-twamp memo (3) Encrypted CONTROLEncrypted CONTROL-------------------------------------------------------------------------------------------------------------- ?? TLS CONTROL protocol, new bit position (?) TLS CONTROL protocol, new bit position (?) Unauth. TEST protocolUnauth. TEST protocol

88

TLS Mode Feature (new port)TLS Mode Feature (new port)

C-C ServerC-C Server

|---------->| TCP SYN (86x)|---------->| TCP SYN (86x)|<----------| SYN-ACK (TLS Mode)|<----------| SYN-ACK (TLS Mode)|---------->| ACK|---------->| ACK|---------->| TLS ClientHello|---------->| TLS ClientHello|<--------->| TLS Handshake|<--------->| TLS Handshake|<----------| Server Greeting|<----------| Server Greeting Only New Features, bits Y,Z setOnly New Features, bits Y,Z set|---------->| Set-Up-Response (mod)|---------->| Set-Up-Response (mod)|<----------| Server Start (mod)|<----------| Server Start (mod)

99

SummarySummary

A way to use TLS on TWAMP-Control protocol is A way to use TLS on TWAMP-Control protocol is “out there”“out there” can probably count on SEC community to helpcan probably count on SEC community to help

But do we start on this n-year mission?But do we start on this n-year mission? Many issues raised in section 6.6 of OWAMPMany issues raised in section 6.6 of OWAMP

Will implementers/users see this as a valuable Will implementers/users see this as a valuable alternative to what we have now?alternative to what we have now? Is this anybody’s “Ideal TWAMP” ?Is this anybody’s “Ideal TWAMP” ?

Are there other questions we should ask?Are there other questions we should ask? Let’s talk about it, now and on the list…Let’s talk about it, now and on the list…

BackupBackup

1111

Security Modes MUST MatchSecurity Modes MUST Match

RFC4656 OWAMP requires TEST to RFC4656 OWAMP requires TEST to match the CONTROL protocol.match the CONTROL protocol.

““All OWAMP-Test sessions that are All OWAMP-Test sessions that are spawned by an OWAMP-Control session spawned by an OWAMP-Control session inherit its mode.”inherit its mode.”

Maybe clarify with a MUST in Errata…Maybe clarify with a MUST in Errata…