[secdir] Secdir review of draft-ietf-spring-oam-usecase-06

"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Fri, 30 June 2017 13:10 UTC

Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75C5C126CB6; Fri, 30 Jun 2017 06:10:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1v5tki0HoCkN; Fri, 30 Jun 2017 06:10:46 -0700 (PDT)
Received: from ns1.nict.go.jp (ns1.nict.go.jp [IPv6:2001:df0:232:300::1]) by ietfa.amsl.com (Postfix) with ESMTP id 29DBE1204DA; Fri, 30 Jun 2017 06:10:46 -0700 (PDT)
Received: from gw1.nict.go.jp (gw1.nict.go.jp [133.243.18.250]) by ns1.nict.go.jp with ESMTP id v5UDAi9i027677; Fri, 30 Jun 2017 22:10:44 +0900 (JST)
Received: from DESKTOP2JPR8KD (ssh1.nict.go.jp [133.243.3.49]) by gw1.nict.go.jp with ESMTP id v5UDAihJ027545; Fri, 30 Jun 2017 22:10:44 +0900 (JST)
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: draft-ietf-spring-oam-usecase.all@ietf.org, iesg@ietf.org, secdir@ietf.org
Date: Fri, 30 Jun 2017 22:10:42 +0900
Message-ID: <000a01d2f1a2$473494f0$d59dbed0$@nict.go.jp>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_000B_01D2F1ED.B71EADF0"
X-Mailer: Microsoft Outlook 16.0
Content-Language: ja
Thread-Index: AdLxokRNagQuj+VzTqOH2wtODcVqGg==
X-Virus-Scanned: clamav-milter 0.98.7 at zenith1
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/27CV6c71yCOyhNr0xtoQzEXxaiI>
Subject: [secdir] Secdir review of draft-ietf-spring-oam-usecase-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jun 2017 13:10:48 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security area
directors.

Document editors and WG chairs should treat these comments just like any
other last call comments.

 

[General summary]

This document has small nits.

 

[Clarification Questions]

In the "Security Considerations" section, the draft says that "some
fundamental MPLS security properties need to be discussed."

It would be nicer if you could elaborate more details of the "properties" in
the section or put some reference that describes the details.

 

The "Security Considerations" section in RFC 4379 says, "Overall, the
security needs for LSP ping are similar to those of ICMP" and elaborates
issues such as DoS attack and spoofing.

Is the proposed MPLS monitoring system free from these issues?

Since this draft discusses the path monitoring system in coparison with RFC
4379 from time to time, it would be nice if these security issues are also
addressed. (Indeed, I could not find the term "denial" in this document at
all.)

 

Thank you.

Take