Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-sfc-serviceid-header-10
Robert Sparks <rjsparks@nostrum.com> Mon, 26 October 2020 22:45 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 678343A1056; Mon, 26 Oct 2020 15:45:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.275, NICE_REPLY_A=-0.247, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BkUl04wGmull; Mon, 26 Oct 2020 15:45:32 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D99173A1050; Mon, 26 Oct 2020 15:45:28 -0700 (PDT)
Received: from unescapeable.local ([47.186.30.41]) (authenticated bits=0) by nostrum.com (8.16.1/8.16.1) with ESMTPSA id 09QMjRm1050062 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Mon, 26 Oct 2020 17:45:27 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1603752328; bh=3mzNJxJzwkf2XnjSyW3RLAMPfYoR1vgyRtPtX7RpR5k=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=AT4hW8roATTsUoAywxB2vRJgJspdIbyCTxn72sWLDpP9qDh+9wknKDOZVsVAoMXe+ BNOj090RnH0KACurkXXeZOVT5kV/Mq4qEqttrIqIJbaHMiF2IymhrCk4KfjCM0Ruif w6qqELN+gUCzHnRupEG8ucvsEWCAX1QK7chm+JEw=
X-Authentication-Warning: raven.nostrum.com: Host [47.186.30.41] claimed to be unescapeable.local
To: secdir@ietf.org
Cc: draft-ietf-sfc-serviceid-header.all@ietf.org, sfc@ietf.org, last-call@ietf.org
References: <160375112449.28199.4653147392736464602@ietfa.amsl.com>
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <a8e254e6-377e-3825-4713-3acc33a77b55@nostrum.com>
Date: Mon, 26 Oct 2020 17:45:26 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Thunderbird/78.4.0
MIME-Version: 1.0
In-Reply-To: <160375112449.28199.4653147392736464602@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-XsSn6pmKvPa_f3gcOeQi7oMXZA>
Subject: Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-sfc-serviceid-header-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2020 22:45:36 -0000
Heh - one typo correction below (that might have been obvious, but...) On 10/26/20 5:25 PM, Robert Sparks via Datatracker wrote: > Reviewer: Robert Sparks > Review result: Has Nits > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These comments > were written primarily for the benefit of the security area directors. Document > editors and WG chairs should treat these comments just like any other last call > comments. > > This document has nits that should be addressed before publication as Proposed > Standard RFC. > > Document reviewed: draft-ietf-sfc-serviceid-header-10 > > This document's security considerations rest on the premise that the > information it discusses will be added, transported, consumed, and removed > within a single administrative domain that is protected from eavesdroppers and > malicious on-path attackers through administrative controls. It is quite > upfront about that assumption, and the sfc documents it relies on make the same > assertions. > > This document introduces a mechanism that intentionally allows identifiers > (addresses) that would normally be hidden/contained behind a nat to be shared > beyond that nat, but again, within that single administrative domain. > > NITS: > > There are many places where the language in the document needs to be > simplified. There are also many places where 2119 language is being used in a > way that does not make sense. > > In document order: > > Introduction paragraph 2, sentence 1. What does it mean to infer enforcement? > Perhaps you mean "policies can be inferred"? Please simplify this sentence. > Break the example into a separate sentence and add detail if you can. If > possible, provide a reference to what you mean by "SFC-based differentiated > traffic policies" means. > > Introduction paragraph 3. This whole paragraph has complicated, paragraph That last word should have been "comma" > separated, phrases that should be written more simply. The next to last > sentence (at 53 words) is particularly hard to follow. > > Introduction paragraph 4, last sentence. This sentence does not parse. Please > rework it. > > Introduction paragraph 5. This one sentence paragraph was the most difficult in > the document for me to read. Please break it into several simpler sentences. > > Section 3: at "In order to prevent interoperability issues, the data and their > format to be injected in such header SHOULD be configured to nodes authorized > to inject such headers." This is not a 2119 SHOULD. It's even not clear what > "the data" is here. I suggest something like "The identifiers carried in the > Context Headers are opaque. Nodes providing them and consuming them will be > configured with the necessary information needed see into them." > > Section 3, at "Failures to inject such headers SHOULD be logged locally while a > notification alarm MAY be sent to a Control Element. The details of sending > notification alarms (i.e., the parameters affecting the transmission of the > notification alarms depend on the information in the Context Header such as > frequency, thresholds, and content of the alarm (full header, timestamp, etc.)) > SHOULD be configurable." None of these are correct use of 2119. Consider > re-framing the paragraph without using these terms. > > Section 3 at "That is, to strip such Context Headers." is not a sentence. > > Section 3 at the paragraph beginning "Depending on local policy". The structure > of this paragraph is very odd. Doesn't base SFC say to preserve NSH at > intermediaries? I suggest replacing this paragraph with something like "Normal > SFC intermediary behavior preserves Network Service Headers. Local policy can > require a proxy to strip ..." > > Section 3 at "NSH-aware SFs MUST be capable to run additional validation > checks". This isn't 2119. Perhaps you mean to say "Be aware that local policies > may require running additional validation checks at NSH-aware SFs". The whole > paragraph can be simplified. > > Section 3 at "Multiple Subscriber Identifier Context Headers MAY be present in > the NSH, each carrying a distinct opaque value but all pointing to the same > subscriber." This is a place where a 2119 MUST _would_ make sense. Say "Such > multiple headers MUST identify the same subscriber". I wonder, though, if > you're closing a door on carrying multiple identities that you'll regret later. > > Section 4 first paragraph, first sentence: I suggest replacing "identifier is" > with "identifiers are" > > Section 4 fifth paragraph: "defined as optional" -> "defined as an optional" > > Section 4 sixth paragraph. Similar to the section 3 paragraph I point to above, > the structure here is very odd. Again, I suggest something like "Normal SFC > intermediaries will preserve Context Headers, but local policy may require a > proxy to to strip one after processing it." > > Section 4 seventh paragraph: "ocnlficting"->"conflicting". I assume the default > behavior described here is specified in the base NSH docs? > > Security Considerations section paragraph 4: Consider "logging the content of > ... is not advised" rather than using 2119 here. The paragraph would be better > formulated if it explained the risk - SFs that _did_ use the context might be > better off not logging them in many cases as well. > > >
- [secdir] Secdir last call review of draft-ietf-sf… Robert Sparks via Datatracker
- Re: [secdir] [Last-Call] Secdir last call review … Robert Sparks
- Re: [secdir] [Last-Call] Secdir last call review … mohamed.boucadair
- Re: [secdir] [Last-Call] Secdir last call review … Robert Sparks
- Re: [secdir] [Last-Call] Secdir last call review … mohamed.boucadair