[Dime] Secdir last call review of draft-ietf-dime-group-signaling-13

Catherine Meadows via Datatracker <noreply@ietf.org> Tue, 26 January 2021 16:56 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: dime@ietf.org
Delivered-To: dime@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BEE753A0ADA; Tue, 26 Jan 2021 08:56:18 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Catherine Meadows via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: dime@ietf.org, draft-ietf-dime-group-signaling.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.24.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <161168017872.21141.3982625411769831365@ietfa.amsl.com>
Reply-To: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Date: Tue, 26 Jan 2021 08:56:18 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/F20fZhxCzHK33yyWiCB5ZPQ2BBo>
Subject: [Dime] Secdir last call review of draft-ietf-dime-group-signaling-13
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2021 16:56:19 -0000

Reviewer: Catherine Meadows
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat these
comments just like any other  last call comments.

This draft presents the commands a Diameter node could use to communicate with
multiple sessions of the Diameter simultaneously.  The Security Considerations
section mentions two issues.  One is that the use of bulk commands introduces
increases the ease of implementing certain types of DoS attacks  because a
single command, e.g. to terminate a session, could affect multiple sessions
instead of just one.  The other is that current  security mechanisms employed 
by Diameter do not enforce end-to-end security, and so make it difficult to
trust information received from non-adjacent nodes.  Work is ongoing on
end-to-end security for Diameter, so it is premature to address end-to-end
security in this document, which instead relies on available security

I think this is a reasonable summary of the security considerations.  Since
end-to-end security for Diameter is a work in progress, it would be premature
to attempt to address it in this document.  I consider this document Ready.