Re: [mpls] Secdir telechat review of draft-ietf-mpls-lsp-ping-lag-multipath-06

Linda Dunbar <linda.dunbar@huawei.com> Fri, 08 March 2019 22:45 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A02BF127876; Fri, 8 Mar 2019 14:45:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yos0_6JmSp-q; Fri, 8 Mar 2019 14:45:46 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1D4D1277E7; Fri, 8 Mar 2019 14:45:46 -0800 (PST)
Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 16812D6118D746E1CF55; Fri, 8 Mar 2019 22:45:44 +0000 (GMT)
Received: from SJCEML702-CHM.china.huawei.com (10.208.112.38) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 8 Mar 2019 22:45:43 +0000
Received: from SJCEML521-MBS.china.huawei.com ([169.254.2.29]) by SJCEML702-CHM.china.huawei.com ([169.254.4.10]) with mapi id 14.03.0415.000; Fri, 8 Mar 2019 14:45:41 -0800
From: Linda Dunbar <linda.dunbar@huawei.com>
To: Linda Dunbar via Datatracker <noreply@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
CC: "mpls@ietf.org" <mpls@ietf.org>, "draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org" <draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Thread-Topic: Secdir telechat review of draft-ietf-mpls-lsp-ping-lag-multipath-06
Thread-Index: AQHU1dNnxc5hRAyYl0CHKWsrtsDdC6YCUnoQ
Date: Fri, 8 Mar 2019 22:45:40 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F66B2EE17E@sjceml521-mbs.china.huawei.com>
References: <155206570582.3202.12517909943780959477@ietfa.amsl.com>
In-Reply-To: <155206570582.3202.12517909943780959477@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.125.10]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/SYf9zlt2pa-I1ZCi4kLpMIlGG44>
Subject: Re: [mpls] Secdir telechat review of draft-ietf-mpls-lsp-ping-lag-multipath-06
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2019 22:45:49 -0000

Need to modify my review comments:

Reviewer: Linda Dunbar
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other last call comments.

The described mechanism for LSP Multipath Ping is very clear.
The authors have added the text to address my comments to the 05 version on why there is no security risks of intermediate LSRs tampering data when the LSP Multipath Ping & response are traversing through. 

Linda Dunbar

-----Original Message-----
From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of Linda Dunbar via Datatracker
Sent: Friday, March 08, 2019 11:22 AM
To: secdir@ietf.org
Cc: mpls@ietf.org; draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org; ietf@ietf.org
Subject: Secdir telechat review of draft-ietf-mpls-lsp-ping-lag-multipath-06

Reviewer: Linda Dunbar
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other last call comments.

The document provides the detailed explanation of SR-MPLS processing in addition to RFC 8402. Since SR-MPLS are in the trusted domain, it is assumed that there is no malicious attacks to the nodes for the data plane and control plane.  RFC8402 already has the good description on the Security Consideration for both SR-MPLS & SRv6.

Best Regards,
Linda Dunbar