re: secdir review of draft-ietf-dime-priority-avps-04
carlberg@g11.org.uk Tue, 26 July 2011 10:41 UTC
Return-Path: <carlberg@g11.org.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC2CD21F875E; Tue, 26 Jul 2011 03:41:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QlhIR3z7fwro; Tue, 26 Jul 2011 03:41:45 -0700 (PDT)
Received: from portland.eukhosting.net (portland.eukhosting.net [92.48.97.5]) by ietfa.amsl.com (Postfix) with ESMTP id 0B0A221F874A; Tue, 26 Jul 2011 03:41:45 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=g11.org.uk; h=Message-ID:Date:From:To:Cc:Subject:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent:X-Source:X-Source-Args:X-Source-Dir; b=M7WYrH+4la6mylmpqk131Wwp8hkzO1RBhy6oHNKkVc7sTkUqsZwMBU3BiCnqnhokwyF+5L9OTxAy6fwixh6iT1a6vBDxPedyQqFZHOeBmw4fuuW2NuHbYrIQpK/r7zrd;
Received: from localhost ([127.0.0.1]:38387) by portland.eukhosting.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <carlberg@g11.org.uk>) id 1Qlf4x-0003sR-Cj; Tue, 26 Jul 2011 10:41:35 +0000
Received: from 130.129.67.210 ([130.129.67.210]) by portland.eukhosting.net (Horde Framework) with HTTP; Tue, 26 Jul 2011 10:41:35 +0000
Message-ID: <20110726104135.13472eudbij0eaqs@portland.eukhosting.net>
Date: Tue, 26 Jul 2011 10:41:35 +0000
From: carlberg@g11.org.uk
To: shanna@juniper.net
Subject: re: secdir review of draft-ietf-dime-priority-avps-04
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; DelSp="Yes"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - portland.eukhosting.net
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - g11.org.uk
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: lionel.morand@orange-ftgroup.com, draft-ietf-dime-priority-avps.all@tools.ietf.org, ietf@ietf.org, secdir@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 10:41:45 -0000
Hi Steve,
Thanks for the review.
<snip>
> This standards track document defines Diameter AVPs that can be
> used to convey a variety of priority parameters. While the Security
> Considerations section of this document properly requires that
> implementers review the Security Considerations section in the
> Diameter protocol specification and consider the issues described
> there, it does not include any analysis of the specific security
> issues related to priority systems. The authors should review other
> Security Considerations sections relating to priority systems
> (e.g. the one in RFC 4412) and add text that describes the
> special security issues that arise with priority systems and
> the countermeasures that may be employed.
You raise an interesting issue and we actually had a discussion about
this on the DIME list
<http://www.ietf.org/mail-archive/web/dime/current/msg04773.html>
And just for the sake of completeness, here is the security
considerations text of the dime-priority-avps draft in question:
This document describes the extension of Diameter for conveying Quality
of Service information. The security considerations of the Diameter
protocol itself have been discussed in [I-D.ietf-dime-rfc3588bis]. Use
of the AVPs defined in this document MUST take into consideration the
security issues and requirements of the Diameter base protocol.
The authors also recommend that readers should familiarize themselves
with the security considerations of the various protocols listed in
the Normative References listed below.
In a nutshell, the authors and the chair disagreed with the need for
extending the security considerations to include an analysis with
other protocols (eg, rfc-4412) because these protocols operate outside
of the DIAMETER protocol. The dime-priority-avps draft is an
extension of I-D.ietf-dime-rfc3588bis, and thus is subject to the same
security considerations to the bis draft. And its also important to
keep in mind that the dime-priority-avps draft does not inject
prioritization into the exchange of DIAMETER messages. It simply
defines AVPs that correlate to some priority fields of other protocols.
If it was the last sentence (above) in the dime-priority-avps security
considerations that has triggered your comment about further analysis,
then I'd prefer just removing that text.
cheers,
-ken
- re: secdir review of draft-ietf-dime-priority-avp… carlberg
- RE: secdir review of draft-ietf-dime-priority-avp… Stephen Hanna
- RE: secdir review of draft-ietf-dime-priority-avp… carlberg
- RE: secdir review of draft-ietf-dime-priority-avp… lionel.morand
- RE: secdir review of draft-ietf-dime-priority-avp… Stephen Hanna
- RE: secdir review of draft-ietf-dime-priority-avp… lionel.morand
- RE: [secdir] secdir review of draft-ietf-dime-pri… David Harrington