Re: [Dime] Murray Kucherawy's No Objection on draft-ietf-dime-group-signaling-13: (with COMMENT)

Marco Liebsch <Marco.Liebsch@neclab.eu> Wed, 24 February 2021 15:16 UTC

Return-Path: <Marco.Liebsch@neclab.eu>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E810A3A16EA; Wed, 24 Feb 2021 07:16:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fzql-mmspWhV; Wed, 24 Feb 2021 07:16:05 -0800 (PST)
Received: from mailer1.neclab.eu (mailer1.neclab.eu [195.37.70.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 243B43A16EB; Wed, 24 Feb 2021 07:16:03 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailer1.neclab.eu (Postfix) with ESMTP id 2A214103941; Wed, 24 Feb 2021 16:16:00 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas-a.office.hd)
Received: from mailer1.neclab.eu ([127.0.0.1]) by localhost (atlas-a.office.hd [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dfIm0iu9I148; Wed, 24 Feb 2021 16:16:00 +0100 (CET)
X-ENC: Last-Hop-TLS-encrypted
X-ENC: Last-Hop-TLS-encrypted
Received: from titania.office.hd (titania.office.hd [192.168.24.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailer1.neclab.eu (Postfix) with ESMTPS id F07E3FFE0E; Wed, 24 Feb 2021 16:15:59 +0100 (CET)
Received: from puck.office.hd (192.168.24.91) by titania.office.hd (192.168.24.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 24 Feb 2021 16:15:59 +0100
Received: from puck.office.hd ([192.168.126.12]) by puck.office.hd ([192.168.126.12]) with mapi id 15.01.2106.008; Wed, 24 Feb 2021 16:15:59 +0100
From: Marco Liebsch <Marco.Liebsch@neclab.eu>
To: Murray Kucherawy <superuser@gmail.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-dime-group-signaling@ietf.org" <draft-ietf-dime-group-signaling@ietf.org>, "dime-chairs@ietf.org" <dime-chairs@ietf.org>, "dime@ietf.org" <dime@ietf.org>, "jounikor@gmail.com" <jounikor@gmail.com>
Thread-Topic: Murray Kucherawy's No Objection on draft-ietf-dime-group-signaling-13: (with COMMENT)
Thread-Index: AQHW+QSJ6ZpPT3Fzc0mK8tRhKMP8+qpniYig
Date: Wed, 24 Feb 2021 15:15:59 +0000
Message-ID: <d1db4fde7ab74f83be2956046884b254@neclab.eu>
References: <161223008679.3966.11781007881267691335@ietfa.amsl.com>
In-Reply-To: <161223008679.3966.11781007881267691335@ietfa.amsl.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.24.96]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0059_01D70AC8.560A94F0"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/P0UAkFvME11NHzfiJECleRmm7eA>
Subject: Re: [Dime] Murray Kucherawy's No Objection on draft-ietf-dime-group-signaling-13: (with COMMENT)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2021 15:16:11 -0000

Thanks a lot for your review and comments, Murray. Please see inline [ml] for our feedback.


-----Original Message-----
From: Murray Kucherawy via Datatracker <noreply@ietf.org> 
Sent: Dienstag, 2. Februar 2021 02:41
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dime-group-signaling@ietf.org; dime-chairs@ietf.org; dime@ietf.org; jounikor@gmail.com
Subject: Murray Kucherawy's No Objection on draft-ietf-dime-group-signaling-13: (with COMMENT)

Murray Kucherawy has entered the following ballot position for
draft-ietf-dime-group-signaling-13: No Objection


When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dime-group-signaling/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I agree with Barry's editorial suggestions.

What does the "*)" in the table in Section 3.3 mean?

[ml] Thanks for spotting this. It's actually a leftover from a removed remark (editor's note) that we had in past revisions. We'll remove the tag from the table in revision 14.   


>From Section 10:

   [...]  if the Diameter client or server is
   compromised, an attacker could launch DoS attacks by terminating a
   large number of sessions with a limited set of commands using the
   session group management concept.

Is it worth mentioning that an attacker could also mess with the set of sessions associated with a group, possibly causing disruptions other than bulk session terminations?

[ml] yes, it's a valid scenario during an attack, too. We propose the following extension to the existing text to cover your proposal:

“..if the Diameter client or server is compromised, an attacker could launch DoS attacks by terminating or applying change operations 
to a large number of sessions with a limited set of commands using the session group management concept.” 

marco