Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 831AB1A03A1 for ; Wed, 9 Jul 2014 07:04:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.03 X-Spam-Level: X-Spam-Status: No, score=-2.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=unavailable Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a8tpWiUd6-dh for ; Wed, 9 Jul 2014 07:04:29 -0700 (PDT) Received: from mail-qa0-x233.google.com (mail-qa0-x233.google.com [IPv6:2607:f8b0:400d:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA42C1A050E for ; Wed, 9 Jul 2014 07:04:28 -0700 (PDT) Received: by mail-qa0-f51.google.com with SMTP id j7so6061883qaq.24 for ; Wed, 09 Jul 2014 07:04:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=zsbnmCneC6P+pwY5+AL5vfpB6+cntXX/P8DawNXaDN4=; b=EYmAtKyFf66LxzFnz7g1lQ1350fy04eq4T5nGI+n9WZFn7c6MM7QyPAPjk+Jy7h8Ir NNm7qHZyZtl3H+Xgc1TpInbBOk/VlF7EuSDZKjxEr1Unp/OHAuTGF+aCZ5x1Vpuf0b3E flecxy1a1p7PYeUH+wpwEvQnJgMxvChvaIHzZ8hmEsB8cM4LMbHJvQxfZ/kFOwEyRfN5 4wDEnfjlVqP3PB8mNTJSe+13WYEfhlLdJQbd1oSgHmMGlAuaU7Kg5yNPDBKj+QxnhqVI erSth+lx3uk3ez6wUAAjK/f4QfaQLOTGKpheJtUuCby61VuKr884IzQfs71bxsLGgJAW jq1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=zsbnmCneC6P+pwY5+AL5vfpB6+cntXX/P8DawNXaDN4=; b=F1f3ZdFVzN2T8N7/f8A6q+CxK3zewnoU5vanHW3mjoLEd00v2aIcjdkrnkepIY/n2Q 5Z582NutU/Js1Uxljzxk/BJ8iJmTukUrct8RuVTciWtVFQcWo22AGTWrprKdpiaNkAs0 /Dt6PiuIdCxKb0a1PYw0e9lQJ0AC7MYuPzKZ0AINWO2GinD3+1Hwof260MlvcRLFKg71 UX5lrTzBWkrMEtgWK5BTCwWbHfJMm1tNBwOHTbhATjEK5ttxJPfyg17QFSVnpak4NwNi yH4jenF/msebp9vORPDoTgF3zrsxHT6KEgbjMpN/vrmkGcmQOiL6IsBOTK3Jv3eW6z26 B9sA== X-Gm-Message-State: ALoCoQk4z62cdjGOkSXlaxLVTWtIrs78IPfmeJgsQt1Ks/Y21zfE+fKneWaDDX9oGYeO56ptQL6m MIME-Version: 1.0 X-Received: by 10.224.134.201 with SMTP id k9mr71000586qat.59.1404914667797; Wed, 09 Jul 2014 07:04:27 -0700 (PDT) Received: by 10.229.100.72 with HTTP; Wed, 9 Jul 2014 07:04:27 -0700 (PDT) In-Reply-To: <068f01cf9b53$7fc60b30$7f522190$@olddog.co.uk> References: <068f01cf9b53$7fc60b30$7f522190$@olddog.co.uk> Date: Wed, 9 Jul 2014 15:04:27 +0100 Message-ID: From: Ben Laurie To: adrian@olddog.co.uk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/2vW6WdYn3VbU5Fll_9GMenFVdRE Cc: The IESG , IETF Discussion List , "secdir@ietf.org" Subject: Re: [secdir] Security review of draft-ietf-pce-questions-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2014 14:04:30 -0000 On 9 July 2014 09:55, Adrian Farrel wrote: > Hi Ben, > > Thanks for taking the time to review this document and for posting your c= omments to the IETF discussion list so that we can consider them as last ca= ll comments. > > [snip] > >> The security considerations section makes this claim: >> >> "This informational document does not define any new protocol elements >> or mechanism. As such, it does not introduce any new security >> issues." >> >> I agree with the premise, but not the conclusion: just because an RFC >> does not introduce new security issues, that does not mean that there >> are no security considerations. >> >> Indeed, this RFC discusses many things that have quite serious >> security considerations, without mentioning any of them. For example, >> section 4 "How Do I Find My PCE?" (the very first question) advocates >> a number of potentially completely insecure mechanisms with no mention >> of their security properties (or otherwise). This is obviously >> pervasive, given the stance taken in the security considerations. >> >> The document does mention that RFC 6952 gives a security analysis for >> PCEP, and perhaps this is sufficient but it seems to me that a >> document intended to give useful background information to noobs >> should include security directly in that information rather than defer >> to another giant document (which mixes PCEP info with other >> protocols). > > I don't believe that this document is strong on "advocacy", but discusses= which tools are out there and what some people do. > > Previous PCE RFCs have given some attention to security concerns in the u= se of PCE (RFC 4655), PCE discovery (RFC 4674, RFC 5088. RFC 5089), and the= PCEP (RFC 4657 and RFC 5440). As such, "PCE Security" was not deemed by th= e authors to be a previously "unanswered question" and so did not need atte= ntion in this document. > > That said, you are correct that the various sections do not discuss the s= ecurity implications relating to those sections. I would be pretty loathe t= o add security text to each section in this document: I think that would ma= ke the document heavy and less likely to be read by its intended consumers = (it is not targeting "noobs" although they are welcome to read it). Your position appears to be that they will then go on to read much heavier documents in order to discover the security properties of the solutions you suggest, which seems a little unlikely, particularly if there's no mention of the necessity to do so. Or perhaps you think security is not important? > Perhaps a solution to this *is* to treat Security as an unanswered questi= on and add a section "How Secure is my PCE-Enabled System?" I can't think o= f a lot to add there except for general egg-sucking guidance, but there wou= ld be a pointer to the TCP-AO discussions currently going on in the WG. Wha= t do you think of that as a way forward? I have no idea what discussions are going on, but once more, if you are concerned about "heaviness" of documentation, pointing at ongoing discussions does not strike me as a route to lightness.