secdir review of draft-ietf-tsvwg-ecn-mpls-02.txt
Tom Yu <tlyu@MIT.EDU> Fri, 19 October 2007 02:45 UTC
Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IihrG-0004yp-VQ; Thu, 18 Oct 2007 22:45:06 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IihrF-0004ui-6O for ietf@ietf.org; Thu, 18 Oct 2007 22:45:05 -0400
Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IihrA-0002N6-OK for ietf@ietf.org; Thu, 18 Oct 2007 22:45:01 -0400
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l9J2im1L012323; Thu, 18 Oct 2007 22:44:49 -0400 (EDT)
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l9J2ij3F028963 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 18 Oct 2007 22:44:46 -0400 (EDT)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l9J2ijkv013416; Thu, 18 Oct 2007 22:44:45 -0400 (EDT)
To: secdir@mit.edu, ietf@ietf.org, bsd@cisco.com, bob.briscoe@bt.com, tsvwg-chairs@tools.ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Thu, 18 Oct 2007 22:44:45 -0400
Message-ID: <ldvmyufhlgi.fsf@cathode-dark-space.mit.edu>
Lines: 40
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Scanned-By: MIMEDefang 2.42
X-Spam-Flag: NO
X-Spam-Score: 0.00
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Cc:
Subject: secdir review of draft-ietf-tsvwg-ecn-mpls-02.txt
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
This is a review of draft-ietf-tsvwg-ecn-mpls-02.txt. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I am not very familiar with MPLS or Diffserv, but I did read some of the cited MPLS and ECN references in order to understand this document. I mostly agree with the claim in the Security Considerations that this proposal introduces no additional vulnerabilities. However, although this document indicates that using a RFC3540 ECN nonce to detect misbehaving receivers continues to work under this proposal, a RFC3540 nonce can also be used to detect disruption of the end-to-end continuity of ECN signaling. This proposal can compromise the detection of disruptions of end-to-end ECN signaling continuity which occur within a given MPLS domain. I lack the context to determine whether this is a serious problem. The procedure described in RFC3540 relies on the existence of two distinct ECT indications to convey a single bit's worth of nonce data to the receiving transport endpoint. This proposal functionally uses only a single bit to indicate a CM state. If a malicious or malfunctioning element within the MPLS domain clears a CM state set by some LSR, the egress LSR will not set the CE state in the unencapsulated IP packet. Consequently, the receiving transport endpoint acts as if the packet did not have a CE state marked at all, and the sending transport endpoint receives no indication that a problem exists with end-to-end ECN signaling. In effect, the MPLS domain behaves as a single black box router from the perspective of RFC3540, masking any ECN signaling anomalies internal to the MPLS domain. This may be an acceptable consequence of this proposal, but it would be useful to know whether this consequence has been considered. ---Tom _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf