Re: [secdir] Secdir review of draft-ietf-sidr-bgpsec-threats-06
Stephen Kent <kent@bbn.com> Mon, 30 September 2013 16:39 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85DAA21F8B07; Mon, 30 Sep 2013 09:39:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F-tMen3L0s5t; Mon, 30 Sep 2013 09:39:01 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 9977C21F8E21; Mon, 30 Sep 2013 09:39:01 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:44650 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VQgUr-000FHa-6m; Mon, 30 Sep 2013 12:38:57 -0400
Message-ID: <5249A91F.6020003@bbn.com>
Date: Mon, 30 Sep 2013 12:38:55 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
References: <A95B4818FD85874D8F16607F1AC7C628EA86FF@xmb-rcd-x09.cisco.com>
In-Reply-To: <A95B4818FD85874D8F16607F1AC7C628EA86FF@xmb-rcd-x09.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: The IESG <iesg@ietf.org>, "draft-ietf-sidr-bgpsec-threats-06.all@tools.ietf.org" <draft-ietf-sidr-bgpsec-threats-06.all@tools.ietf.org>, "<secdir@ietf.org>" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-sidr-bgpsec-threats-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2013 16:39:07 -0000
Joe, > Some issues: > > 1. I found it difficult to link the threats in section 3 to the attacks in section 4. This is more of a consistency of terminology issue and is probably just a nit. There is not 1-to-1 correspondence between threats and attacks. So, for each attacks in Section 4, there may be more than one threat that is motivated and capable of effecting the attack. > 2. The attacks in sections 4.1, 4.2, and 4.3 seem to be largely discounted as out of scope, yet they seem to impact the goals of PATHSEC. Is it assumed that there are countermeasures in place such as link protection between RGP peers? If other countermeasures besides PATHSEC are expected to be in place this should probably be mentioned in the security considerations. The text in 4.1, 4.2, and 4.3 does not say that those attacks are out of scope. In 4.1, there is little text because the attacks are not specific to the RPKI/PATHSEC context. Countermeasures are generic for IP and TCP layer attacks, as noted in the requirements doc. In 4.2 and 4.3 we give a number of examples of these classes of attacks, which is what this doc is intended to do. (Recall, it is not a requirements doc.) > 3. I found the argument against not including 'route leakage' a bit weak since the documents seems to be able to define what it means. Wouldn't 'route leakage' be a mechanism to realize one or more of the threats in section 3? There is not yet an accepted definition of route leak that represents a violation of BGP specs. The GROW WG is supposed to look into this issue. If it develops a suitable proposal, then IDR may elect to modify the BGP spec to address the concern. If IDR does so, SIDR's charter could be modified to develop countermeasures for the concern. But, for now, this is out of scope. So I disagree with the comment that the argument is weak. Also, your use of the term "threat" in the last sentence above is not consistent with the way the term is defined and used in Section 3; you seem to have switched "threat" and "attack" as well as section numbers. Steve
- [secdir] Secdir review of draft-ietf-sidr-bgpsec-… Joseph Salowey (jsalowey)
- Re: [secdir] Secdir review of draft-ietf-sidr-bgp… Stephen Kent
- Re: [secdir] Secdir review of draft-ietf-sidr-bgp… Joseph Salowey (jsalowey)