[secdir] Secdir review of draft-ietf-mpls-psc-updates-05

Vincent Roca <vincent.roca@inria.fr> Mon, 12 May 2014 17:06 UTC

Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 541AF1A0741; Mon, 12 May 2014 10:06:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.2
X-Spam-Status: No, score=-7.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 6tu-isbSrbJ8; Mon, 12 May 2014 10:06:20 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr []) by ietfa.amsl.com (Postfix) with ESMTP id 6EBB41A0740; Mon, 12 May 2014 10:06:19 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.97,1036,1389740400"; d="scan'208,217";a="61530708"
Received: from unknown (HELO []) ([]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES128-SHA; 12 May 2014 19:06:10 +0200
From: Vincent Roca <vincent.roca@inria.fr>
Content-Type: multipart/alternative; boundary=Apple-Mail-39-700189312
Date: Mon, 12 May 2014 19:03:04 +0200
Message-Id: <EA9D0543-BF2E-40B9-BA7A-76F145E64CA7@inria.fr>
To: IESG <iesg@ietf.org>, draft-ietf-mpls-psc-updates@tools.ietf.org, secdir@ietf.org
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/3tdmM6UuCCrrtXrV5UHQ_zzl1ZY
Subject: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 17:06:22 -0000


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

IMHO, the document is Almost ready.

The author claims this document "raise[s] no new security concerns".
I think the author is right, however I have two comments:

- it's preferable to mention explicitely that RFC 6378 provides the baseline
  security discussion and that it also applies to the present document.

- Making sure an implementation behaves correctly in front of malformed
  messages is typically something that should be mentioned/discussed in the
  Security Section. This is the case in section 2.3 "Error handling".
  Can an attacker through malformed/unexpected messages (e.g., with fuzzing)
  launch a DoS?
  I don't suggest to move section 2.3 in the Security Discussion section, but
  rather to add a sentence in the Security Section explaining that this document
  in section 2.3 also clarifies how to react in front of malformed/unexpected
  messages (which is essential from a security point of view).