[secdir] Secdir telechat review of draft-ietf-opsawg-service-assurance-architecture-12
Christian Huitema via Datatracker <noreply@ietf.org> Tue, 20 December 2022 19:01 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AFD91C14F740; Tue, 20 Dec 2022 11:01:59 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Christian Huitema via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-opsawg-service-assurance-architecture.all@ietf.org, last-call@ietf.org, opsawg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 9.4.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <167156291971.30422.1052696363553168878@ietfa.amsl.com>
Reply-To: Christian Huitema <huitema@huitema.net>
Date: Tue, 20 Dec 2022 11:01:59 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4YX2Fcv_U8Y-HPjK8R17pvofJkA>
Subject: [secdir] Secdir telechat review of draft-ietf-opsawg-service-assurance-architecture-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2022 19:01:59 -0000
Reviewer: Christian Huitema Review result: Ready My review of version 11 of this draft was making a number of suggestions. These suggestions have largely been addressed in the version 12 of the draft: * The risk caused by compromised agents are addressed by setting permissions according to [I-D.ietf-opsawg-service-assurance-yang]. * The security section now includes a more precise description of the permissions that should be granted to SAIN agents * The authors added recommendation that service administrators only obtain the information needed for building the assurance graph and no more, which somewhat mitigates the risk of attackers using configuration data. * The authors added a suggestion to compare reporting by multiple agents and detect potential anomalies such as compromised agent mishbehaving, and reasonably flag that as a point for further study. * The risks caused by loss of access to NTP service are documented. In addition to flagging the NTP risk, the authors could have suggested mitigation for temporary loss of access to the NTP service. There might be ways such as indicating the state of the clocks in the agents report, or estimating potential clock drift based on quality of local clocks and delay since the last NTP synchronization. However, this is speculative and it would be sufficient to flag it for further study.
- [secdir] Secdir telechat review of draft-ietf-ops… Christian Huitema via Datatracker
- Re: [secdir] Secdir telechat review of draft-ietf… Benoit Claise