[pcp] Genart LC review: draft-ietf-pcp-anycast-06
Robert Sparks <rjsparks@nostrum.com> Thu, 04 June 2015 19:20 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C2CF1A8961; Thu, 4 Jun 2015 12:20:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PnGevU2AO7NZ; Thu, 4 Jun 2015 12:20:35 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D25601A895E; Thu, 4 Jun 2015 12:20:35 -0700 (PDT)
Received: from unnumerable.local (pool-71-170-237-80.dllstx.fios.verizon.net [71.170.237.80]) (authenticated bits=0) by nostrum.com (8.15.1/8.14.9) with ESMTPSA id t54JKZMw049333 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK); Thu, 4 Jun 2015 14:20:35 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host pool-71-170-237-80.dllstx.fios.verizon.net [71.170.237.80] claimed to be unnumerable.local
Message-ID: <5570A4FE.6070600@nostrum.com>
Date: Thu, 04 Jun 2015 14:20:30 -0500
From: Robert Sparks <rjsparks@nostrum.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: General Area Review Team <gen-art@ietf.org>, pcp@ietf.org, "ietf@ietf.org" <ietf@ietf.org>, draft-ietf-pcp-anycast@ietf.org
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/pcp/Hu7eZSBqqYf7GX_BJfLU8D6oNE0>
Subject: [pcp] Genart LC review: draft-ietf-pcp-anycast-06
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2015 19:20:37 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-pcp-anycast-06 Reviewer: Robert Sparks Review Date: 04Jun15 IETF LC End Date: 11Jun15 IESG Telechat date: Not yet scheduled Summary: On the right track, but has issues that should be discussed This draft reads easily, but there are a few things that might need more attention. It could be that these have been beaten to death already, but if so, it would be better if the document gave pointers to places where others with the questions wouldn't be left wondering. Issues: 1) The document recommends hard-coding these addresses into applications. In the spirit (at least) of BCP 105 (RFC4085), shouldn't the recommendation be more "have their configuration set by default to this well known value"? 2) Section 3 punts on some really hard things that deserve more discussion in this document, or this document should point to a good discussion elsewhere. It's fine that the document doesn't solve the synchronization or coordination problems it hints at, but it should make it more clear that these problems will exist, and are important to consider when deploying a new node that joins this anycast address. In particular, without careful synchronization and coordination, applications like VoIP using PCP controlled resources will be disrupted. The current text really does not convey that message. 3) Aren't there some new security issues with just having the well-known address? At a minimum, it's an attractive target, and the guidance in 18.3.1 of RFC6887 may be particularly relevant. More subtly, would it make it easier to construct packets that look enough like PCP to be disruptive to send from compromised nodes participating in a DDos Attack from inside an administrative domain? Would it make it easier for an attacker that has partially compromised a host influence the firewall between him and that host, making finishing the compromise even easier? (Especially compared to a PCP server that was configured at the client that wasn't just the default router). 4) It would help to expand on the 3rd paragraph of section 5.2. In very simple scenarios (like having a home router start responding to this address), it's easy to see the tradeoffs between automatic configuration and securing the pcp commands. But it would help if the document talked through the consequences of not using pcp-authentication in more complex environments (using something like a departmentalized university, or several distinct administrative domains behind a common CGN as an example perhaps?)
- [pcp] Genart LC review: draft-ietf-pcp-anycast-06 Robert Sparks
- [pcp] Genart Telechat review: draft-ietf-pcp-anyc… Robert Sparks