RE: secdir review of draft-ietf-dime-priority-avps-04
Stephen Hanna <shanna@juniper.net> Tue, 26 July 2011 15:38 UTC
Return-Path: <shanna@juniper.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC22311E8119; Tue, 26 Jul 2011 08:38:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HQI0Aw571ayk; Tue, 26 Jul 2011 08:38:10 -0700 (PDT)
Received: from exprod7og117.obsmtp.com (exprod7og117.obsmtp.com [64.18.2.6]) by ietfa.amsl.com (Postfix) with ESMTP id 91D0D11E80C1; Tue, 26 Jul 2011 08:38:06 -0700 (PDT)
Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob117.postini.com ([64.18.6.12]) with SMTP ID DSNKTi7fWAplrDKZcwv+XK39HNvdC/SXbGVU@postini.com; Tue, 26 Jul 2011 08:38:10 PDT
Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.2.254.0; Tue, 26 Jul 2011 08:34:29 -0700
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Tue, 26 Jul 2011 11:34:28 -0400
From: Stephen Hanna <shanna@juniper.net>
To: "carlberg@g11.org.uk" <carlberg@g11.org.uk>
Date: Tue, 26 Jul 2011 11:34:27 -0400
Subject: RE: secdir review of draft-ietf-dime-priority-avps-04
Thread-Topic: secdir review of draft-ietf-dime-priority-avps-04
Thread-Index: AcxLhoMMZuNcnDQsSYq5r0pigpKbWQAApa0w
Message-ID: <AC6674AB7BC78549BB231821ABF7A9AEB674517339@EMBX01-WF.jnpr.net>
References: <20110726104135.13472eudbij0eaqs@portland.eukhosting.net> <AC6674AB7BC78549BB231821ABF7A9AEB674516F2B@EMBX01-WF.jnpr.net> <20110726112346.35893ibie0kwerqc@portland.eukhosting.net>
In-Reply-To: <20110726112346.35893ibie0kwerqc@portland.eukhosting.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "lionel.morand@orange-ftgroup.com" <lionel.morand@orange-ftgroup.com>, "draft-ietf-dime-priority-avps.all@tools.ietf.org" <draft-ietf-dime-priority-avps.all@tools.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 15:38:11 -0000
Every RFC author has an obligation to explain in the Security Considerations section what security issues are likely to arise when this specification is used and how those issues may be addressed. You can refer to other RFCs if you like but you cannot ignore the issues or just give a hand wave. Let me give a specific example. If a user is able to ensure that their phone calls always get the highest SIP-Resource-Priority, their calls will always go through, even during a disaster. This will benefit the user so they have an incentive to do it. However, it may damage the collective if calls from emergency responders are overridden. For this reason, protection against active MITM attacks SHOULD be employed when using Priority AVPs. If you can find an extant RFC that covers the relevant Security Considerations for your document, you can point to it and say that readers should review it because the security considerations for this draft are contained there. But you must perform a serious security analysis for your document if you want it to be accepted as an RFC. If the answer is that there are no security considerations, that's fine. You can say that. But in this case, that's clearly not the case. You raised the concern that documents may need to highlight security issues with underlying protocols upon which they depend. That is true. If you're depending on a protocol that has a serious security problem that's relevant to your document, you should explain that problem or point to a document that does so. If the problem is not relevant to your document, no problem. One need not consider every possible security issue, just the ones that are most relevant to your document. In your case, there are real security issues particular to conveying priority AVPs over Diameter. You should explain what those considerations are or point to documents that do so. As for MIBs, take a look at some recent ones and you will see that they do contain good Security Considerations sections. For example, see RFC 5834 and RFC 6240. If you'd like to learn more about how to write a good Security Considerations section, read RFC 3552. Or ask a security expert to help you. If you can't be bothered to think about security, you might as well withdraw your draft from consideration. Thanks, Steve > -----Original Message----- > From: carlberg@g11.org.uk [mailto:carlberg@g11.org.uk] > Sent: Tuesday, July 26, 2011 7:24 AM > To: Stephen Hanna > Cc: ietf@ietf.org; secdir@ietf.org; draft-ietf-dime-priority- > avps.all@tools.ietf.org; lionel.morand@orange-ftgroup.com > Subject: RE: secdir review of draft-ietf-dime-priority-avps-04 > > Steve, > > > Quoting Stephen Hanna <shanna@juniper.net>: > > > Thanks for your response, Ken. > > > > Removing the last sentence that you quoted would make things worse. > > Readers of this draft should definitely familiarize themselves with > > the security considerations related to priority. We should make that > > easier, not harder. The fact that those considerations also apply to > > other RFCs does not remove the fact that they apply to this one also. > > but those considerations do not directly apply to DIAMETER. > > > You cannot publish a document whose security considerations section > > says (as this one effectively does today), "There are lots of > security > > considerations related to this document. To understand them, please > > dig through all the referenced documents and figure it out yourself." > > Doing that digging and analysis is the job of the document editors. > > agreed, speaking in the general sense. But again, the security > considerations of these other protocols do not apply to the operation > of Diameter. > > > In order to ease the burden on you, I think a reasonable compromise > > would be for YOU to review the documents referenced and decide which > > have the most relevant security considerations. Then you could list > > those explicitly in the last paragraph of the Security > Considerations. > > I'm concerned about the implications of your recommendation. If we > extend this position to other work in the IETF, then efforts like > defining MIBs would mean that each MIB draft would need to perform a > security considerations analysis of each protocol that an objects > refers to in the context of SNMP. And one can extend the argument > that each protocol operating on top of TCP (and/or UDP) and IP would > need to perform an analysis on how TCP/UDP and IP may affect the upper > layer protocol. We don't do that today. > > cheers, > > -ken >
- re: secdir review of draft-ietf-dime-priority-avp… carlberg
- RE: secdir review of draft-ietf-dime-priority-avp… Stephen Hanna
- RE: secdir review of draft-ietf-dime-priority-avp… carlberg
- RE: secdir review of draft-ietf-dime-priority-avp… lionel.morand
- RE: secdir review of draft-ietf-dime-priority-avp… Stephen Hanna
- RE: secdir review of draft-ietf-dime-priority-avp… lionel.morand
- RE: [secdir] secdir review of draft-ietf-dime-pri… David Harrington