1. Transport Layer Security �(TLS) in TWAMP ? �New Mode for Control Protocol Al Morton
November 9, 2008
2. 2 Background Security measures were controversial for OWAMP and (quickly revisited for) TWAMP
A compromise was reached (AES in CBC and ECB modes with HMAC for integrity protection).
Key aspect of the “ *WAMPs”
packet loss possible in Test protocol, no retransmit
OWAMP Security Considerations discuss why TLS is unsuitable in TEST protocol
RFC 4656 OWAMP requires TEST protocol mode to inherit the CONTROL protocol mode.
3. 3 Enter TWAMP Desire to add Mixed-Security Mode
Encrypted Control, Unauthenticated Test
Uses current methods AES-CBC & HMAC
draft-ietf-ippm-more-twamp-00 @ WGLC?
Running TWAMP Test in clear frees resources, Encrypted Control still valuable
Question:
Do implementers see value in adopting a TLS for the TWAMP-Control protocol?
(With TWAMP-Test in the clear)
4. 4 TLS Mode Investigation The NETCONF wg has reached consensus on a similar effort
NETCONF over TLS draft-ietf-netconf-tls
Requests a new TCP well-known port
NETCONF Manager acts as TLS client
NETCONF Agent listens as TLS server
TLS Handshake (HS) begins with Manager/client sending TLS ClientHello
After TLS HS, exchange NETCONF data
5. 5 Modes Allowed with TLS
----------------------------------------------------
Protocol | Permissible Mode Combinations
----------------------------------------------------
Control | Unauth. | Encrypted | TLS
----------------------------------------------------
| Unauth. | Unauth. | Unauth.
-------------------------------------------
Test | | Auth. |
-------------------------------------------
| | Encrypted |
----------------------------------------------------
6. 6 TLS Mode Feature (w-k port) C-C Server
|---------->| TCP SYN (862)
|<----------| SYN-ACK
|---------->| ACK
|<----------| Server Greeting
TLS-Mode Feature, bit ? set
|---------->| Set-Up-Response (mod)
|<--------->| TLS Handshake
|<----------| Server Start (mod)
7. 7 Modes Field Assignment for TLS
Value Description Reference/Explanation
0 Reserved
1 Unauthenticated RFC4656, Section 3.1
2 Authenticated RFC4656, Section 3.1
4 Encrypted RFC4656, Section 3.1
8 Unauth. TEST protocol, more-twamp memo (3)
Encrypted CONTROL
-------------------------------------------------------
? TLS CONTROL protocol, new bit position (?)
Unauth. TEST protocol
8. 8 TLS Mode Feature (new port) C-C Server
|---------->| TCP SYN (86x)
|<----------| SYN-ACK (TLS Mode)
|---------->| ACK
|---------->| TLS ClientHello
|<--------->| TLS Handshake
|<----------| Server Greeting
Only New Features, bits Y,Z set
|---------->| Set-Up-Response (mod)
|<----------| Server Start (mod)
9. 9 Summary A way to use TLS on TWAMP-Control protocol is “out there”
can probably count on SEC community to help
But do we start on this n-year mission?
Many issues raised in section 6.6 of OWAMP
Will implementers/users see this as a valuable alternative to what we have now?
Is this anybody’s “Ideal TWAMP” ?
Are there other questions we should ask?
Let’s talk about it, now and on the list…
10. Backup
11. 11 Security Modes MUST Match RFC4656 OWAMP requires TEST to match the CONTROL protocol.
“All OWAMP-Test sessions that are spawned by an OWAMP-Control session inherit its mode.”
Maybe clarify with a MUST in Errata…
