Re: [secdir] Secdir review of draft-ietf-mboned-mtrace-v2-21
Derrell Piper <ddp@electric-loft.org> Tue, 28 November 2017 00:23 UTC
Return-Path: <ddp@electric-loft.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 334C5128C81; Mon, 27 Nov 2017 16:23:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 164PEuFnlr0N; Mon, 27 Nov 2017 16:23:52 -0800 (PST)
Received: from Mail.Yoyodyne.COM (mail.yoyodyne.com [139.60.72.138]) by ietfa.amsl.com (Postfix) with SMTP id 4C4F1128AA1; Mon, 27 Nov 2017 16:23:52 -0800 (PST)
Received: from [IPv6:2603:3024:170f:af00:dcd1:1d8e:7784:9f91] ([2603:3024:170f:af00:dcd1:1d8e:7784:9f91]) by Mail.Yoyodyne.COM via Internet for <secdir@ietf.org> (and others); Mon, 27 Nov 2017 16:23:52 PST
From: Derrell Piper <ddp@electric-loft.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_830C2323-EE52-42F8-8042-9EF19CC07CFE"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Date: Mon, 27 Nov 2017 16:23:51 -0800
References: <151181870041.30959.17144962798564184590@ietfa.amsl.com> <C758369D-5D40-41E0-A838-F134031632EB@electric-loft.org>
To: secdir@ietf.org, ietf@ietf.org, draft-ietf-mboned-mtrace-v2-21.all@ietf.org
In-Reply-To: <C758369D-5D40-41E0-A838-F134031632EB@electric-loft.org>
Message-Id: <DC7A8884-2B15-476B-9249-1E5C95A66859@electric-loft.org>
X-Mailer: Apple Mail (2.3445.4.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/3e5-Fw-P6qk7c0GKfSuM_3Na1CQ>
Subject: Re: [secdir] Secdir review of draft-ietf-mboned-mtrace-v2-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 00:23:53 -0000
[Apologies for the repost, hopefully this one doesn’t wrap. I also didn’t include the “.all” suffix on the previous email.] Reviewer: Derrell Piper Review result: ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a new version of tracroute designed for multicast. In the multicast environment, traceroute functions in reverse with each router on the path back towards the client adding diagnostic information along the way. This information can be used to diagnose a variety of network problems, including packet loss (congestion) and configuration problems (TTL). The security considerations section discusses a variety of requirements and suggestions for multicast routers and the protocol includes an ADMIN_PROHIB flag which can be used at a border router to prevent multicast traceroute from being able to probe network topology or to perform traffic analysis. This appears to be a useful diagnostic utility and the obvious security concerns seem to have been addressed. nits: page 33, section 9.3 and 9.4 MAY should be capitalized in these two sections. Derrell
- [secdir] Secdir telechat review of draft-wu-l3sm-… Rifaat Shekh-Yusef
- [secdir] Secdir review of draft-ietf-mboned-mtrac… Derrell Piper
- Re: [secdir] Secdir review of draft-ietf-mboned-m… Derrell Piper