Re: [secdir] sec-dir review of draft-ietf-forces-lfb-lib-10.txt
Joel Halpern <joel.halpern@ericsson.com> Thu, 31 January 2013 22:14 UTC
Return-Path: <joel.halpern@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DAA121F8645; Thu, 31 Jan 2013 14:14:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OoZnBe82blfy; Thu, 31 Jan 2013 14:14:58 -0800 (PST)
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) by ietfa.amsl.com (Postfix) with ESMTP id 8129621F862A; Thu, 31 Jan 2013 14:14:58 -0800 (PST)
X-AuditID: c618062d-b7fcb6d000007ada-04-510aece1cace
Received: from EUSAAHC006.ericsson.se (Unknown_Domain [147.117.188.90]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id 68.BD.31450.1ECEA015; Thu, 31 Jan 2013 23:14:57 +0100 (CET)
Received: from EUSAAMB101.ericsson.se ([147.117.188.118]) by EUSAAHC006.ericsson.se ([147.117.188.90]) with mapi id 14.02.0318.004; Thu, 31 Jan 2013 17:14:57 -0500
From: Joel Halpern <joel.halpern@ericsson.com>
To: Derek Atkins <derek@ihtfp.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: sec-dir review of draft-ietf-forces-lfb-lib-10.txt
Thread-Index: AQHN//7qKZA2lEKlI0S4AYyNngOpn5hj/0Gg
Date: Thu, 31 Jan 2013 22:14:56 +0000
Message-ID: <6BCE198E4EAEFC4CAB45D75826EFB0760869A2@eusaamb101.ericsson.se>
References: <sjmwqutovqp.fsf@mocana.ihtfp.org>
In-Reply-To: <sjmwqutovqp.fsf@mocana.ihtfp.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.135]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPLMWRmVeSWpSXmKPExsUyuXRPlO7DN1yBBhc+m1u0nbnHarFy0g52 i96Vr5gs9r9/zGgx489EZos/1+4xWXxY+JDFYvqkHnYHDo9d01cweyxZ8pPJY/nXBywezS+e s3h8ufyZzWPdrGWsAWxRXDYpqTmZZalF+nYJXBmHLhsV3BSoaPr4hrWBcRZvFyMnh4SAicT2 R/1MELaYxIV769m6GLk4hASOMEr0NhxihHCWM0o87m1hA6liE9CTWPv+MViHiECWxP2X98GK mAVmM0msn/uIESQhLGAv8eHkUkaIIgeJQ7f+s0PYRhLnj3eAxVkEVCWa32wEs3kFvCUe3/sO NJQDaJuexJsVgSBhTgF9iZXNP8BaGYGu+35qDdheZgFxiVtP5kNdLSCxZM95ZghbVOLl43+s ELayxPc5j1gg6nUkFuz+xAZha0ssW/iaGWKtoMTJmU9YJjCKzUIydhaSlllIWmYhaVnAyLKK kaO0OLUsN93IYBMjMBKPSbDp7mDc89LyEKM0B4uSOG+Q64UAIYH0xJLU7NTUgtSi+KLSnNTi Q4xMHJxSDYwlTm++KS3/OOvS7irhBScWu01bruc2X2RWc932IwErv4uG29ZMOvHy4XWrVPEd 0+Vk3+VUex86J/RKez3blTUGsZJB9k1+euYrk14rcS52t/hmWxb59eL+16+uO6Z33Lv5sv2+ lZ5K0nIDf4XiWqZPMv2RupqWic/XCNaYh0SGHgpwd494sVGJpTgj0VCLuag4EQBHFuGxkgIA AA==
X-Mailman-Approved-At: Fri, 01 Feb 2013 04:09:04 -0800
Cc: "wmwang@zjsu.edu.cn" <wmwang@zjsu.edu.cn>, "ogawa.kentaro@lab.ntt.co.jp" <ogawa.kentaro@lab.ntt.co.jp>, "chuanhuang_li@zjsu.edu.cn" <chuanhuang_li@zjsu.edu.cn>, "forces-chairs@tools.ietf.org" <forces-chairs@tools.ietf.org>, "ehalep@ece.upatras.gr" <ehalep@ece.upatras.gr>
Subject: Re: [secdir] sec-dir review of draft-ietf-forces-lfb-lib-10.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2013 22:14:59 -0000
Would a pointer to 5810 (the ForCES Protocol RFC, which defines how these things are manipulated) help? The LFBs here are not different from any other LFBs which affect device behavior. Yes, manipulating them can cause problems. That's why the protocol has security mechanisms. (I probably should have caught that and made sure there was such a reference.) Do we need more than that? Yours, Joel -----Original Message----- > From: Derek Atkins [mailto:derek@ihtfp.com] > Sent: Thursday, January 31, 2013 5:04 PM > To: iesg@ietf.org; secdir@ietf.org > Cc: forces-chairs@tools.ietf.org; wmwang@zjsu.edu.cn; > ehalep@ece.upatras.gr; ogawa.kentaro@lab.ntt.co.jp; > chuanhuang_li@zjsu.edu.cn; Joel Halpern > Subject: sec-dir review of draft-ietf-forces-lfb-lib-10.txt > > Hi, > > I have reviewed this document as part of the security > directorate's ongoing effort to review all IETF documents > being processed by the IESG. These comments were written > primarily for the benefit of the security area directors. > Document editors and WG chairs should treat these comments > just like any other last call comments. > > This document defines basic classes of Logical Function > Blocks (LFBs) > used in the Forwarding and Control Element Separation > (ForCES). The > basic LFB classes are defined according to ForCES FE model > and ForCES > protocol specifications, and are scoped to meet requirements of > typical router functions and considered as the basic LFB > library for > ForCES. The library includes the descriptions of the LFBs and the > XML definitions. > > The Security Considerations section offloads itself to RFC3746. > > It is unclear to me if any of the new functions defined in > the LFB need any additional authentication or authorization, > and if so I do not see how that would be added. > > -derek > > -- > Derek Atkins 617-623-3745 > derek@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant >
- [secdir] sec-dir review of draft-ietf-forces-lfb-… Derek Atkins
- Re: [secdir] sec-dir review of draft-ietf-forces-… Joel Halpern
- Re: [secdir] sec-dir review of draft-ietf-forces-… Derek Atkins