Re: SECDIR review of draft-ietf-forces-model-14
"Joel M. Halpern" <jmh@joelhalpern.com> Thu, 18 September 2008 20:42 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B6A43A6B17; Thu, 18 Sep 2008 13:42:49 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CAE3E3A69EF; Thu, 18 Sep 2008 13:42:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.832
X-Spam-Level:
X-Spam-Status: No, score=-2.832 tagged_above=-999 required=5 tests=[AWL=0.767, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EmuV2kAM1sPy; Thu, 18 Sep 2008 13:42:41 -0700 (PDT)
Received: from hermes.mail.tigertech.net (hermes.mail.tigertech.net [64.62.209.72]) by core3.amsl.com (Postfix) with ESMTP id C75C73A6A3E; Thu, 18 Sep 2008 13:42:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 089611C40F5F; Thu, 18 Sep 2008 13:42:52 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at hermes.tigertech.net
Received: from [10.10.10.100] (pool-71-161-51-162.clppva.btas.verizon.net [71.161.51.162]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by hermes.tigertech.net (Postfix) with ESMTP id F305C1C40F59; Thu, 18 Sep 2008 13:42:50 -0700 (PDT)
Message-ID: <48D2BD3F.6030001@joelhalpern.com>
Date: Thu, 18 Sep 2008 16:42:39 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Richard Barnes <rbarnes@bbn.com>
Subject: Re: SECDIR review of draft-ietf-forces-model-14
References: <48D2AF62.3090605@bbn.com>
In-Reply-To: <48D2AF62.3090605@bbn.com>
Cc: SECDIR <secdir@mit.edu>, IETF Discussion <ietf@ietf.org>, IESG <iesg@ietf.org>, draft-ietf-forces-model@tools.ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Thanks Richard. It is heartening that someone from another aspect of the community can read and understand the document. I will await instructions from the ADs as to whether some text on the degree of control a lying FE can exercise while misleading the CE (almost unlimited) is a helpful thing to add to the security considerations section. Again, thank you fro the effort and the comment, Joel Richard Barnes wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > This document describes an information model for describing forwarding > elements within the ForCES framework. In this model, forwarding > elements are constructed as a network of Logical Functional Blocks with > a well-defined interconnection topology. The document seems > functionally complete and consistent. > > The document defines an XML syntax for describing FE capabilities and > states. This structure (in some semanticaly equivalent encoding) will > be the basis for such descriptions within the ForCES protocol. Section > 7 makes clear that FE descriptions constructed according to this model > will be used to communicate FE topology information for several purposes. > > Given that attacks on this information while en route between ForCES > entities are dealt with in RFC 3746, what seems to me to be missing here > is a discussion of what risks an entity can introduce by > mis-constructing a model, i.e., by communicating false information > within the protocol. For example, could an FE prevent a CE from > controlling certain LFBs by omitting them from the topology it reports? > Some discussion of these risks would be helpful. > > Overall, however, I think this document adequately addresses relevant > security concerns. > > --Richard > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- SECDIR review of draft-ietf-forces-model-14 Richard Barnes
- Re: SECDIR review of draft-ietf-forces-model-14 Joel M. Halpern