[secdir] secdir review of draft-ietf-ospf-dynamic-hostname
Samuel Weiler <weiler+secdir@watson.org> Thu, 02 July 2009 05:13 UTC
Return-Path: <weiler+secdir@watson.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 478D53A6C20; Wed, 1 Jul 2009 22:13:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X-MYZpmir8Cu; Wed, 1 Jul 2009 22:13:05 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by core3.amsl.com (Postfix) with ESMTP id 5758C3A6AF3; Wed, 1 Jul 2009 22:13:05 -0700 (PDT)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.3/8.14.3) with ESMTP id n625DNWd018974; Thu, 2 Jul 2009 01:13:23 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.3/8.14.3/Submit) with ESMTP id n625DNIf018970; Thu, 2 Jul 2009 01:13:23 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Thu, 02 Jul 2009 01:13:23 -0400
From: Samuel Weiler <weiler+secdir@watson.org>
X-X-Sender: weiler@fledge.watson.org
To: secdir@ietf.org, iesg@ietf.org, ospf-chairs@tools.ietf.org, draft-ietf-ospf-dynamic-hostname@tools.ietf.org
Message-ID: <alpine.BSF.2.00.0907020059380.38071@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1 (fledge.watson.org [127.0.0.1]); Thu, 02 Jul 2009 06:13:24 +0100 (BST)
Subject: [secdir] secdir review of draft-ietf-ospf-dynamic-hostname
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: secdir-secretary@mit.edu
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2009 05:13:06 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The dynamic hostname TLV is an optional in-band mechanism to provide human-friendly symbolic names that map to router IDs. The security considerations section 1) encourages the use of OSPF authentication and 2) calls out the grand fun possible if a misconfigured or compromised router sends bad mappings. While that's probably less fun than could be had from just sending bad routing data, it adds an extra level of complexity to the debugging when these new symbolic names, as shown in config and debugging tools, don't match the expected router IDs. But I'm not sure anything more really needs to be said here. Resource exhaustion, as raised by Robert Sparks, looks to be a possibility, but I could go either way on whether it's worth adding words about it specifically -- do we need to call out the potential for resource exhaustion for every field in every protocol? I'd let the doc go as-is. -- Sam
- [secdir] secdir review of draft-ietf-ospf-dynamic… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-ospf-dyn… Carlos Pignataro (cpignata)