[secdir] Review of draft-ietf-ippm-twamp-reflect-octets-07

Shawn Emery <shawn.emery@oracle.com> Sun, 08 August 2010 06:01 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F2B783A67F4; Sat, 7 Aug 2010 23:01:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.618
X-Spam-Level:
X-Spam-Status: No, score=-6.618 tagged_above=-999 required=5 tests=[AWL=-0.019, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eyS0zkeiH75R; Sat, 7 Aug 2010 23:01:17 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 278493A66B4; Sat, 7 Aug 2010 23:01:15 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id o7861k1D008330 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 8 Aug 2010 06:01:47 GMT
Received: from acsmt355.oracle.com (acsmt355.oracle.com [141.146.40.155]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o782aEjL023308; Sun, 8 Aug 2010 06:01:46 GMT
Received: from abhmt010.oracle.com by acsmt354.oracle.com with ESMTP id 476386761281247257; Sat, 07 Aug 2010 23:00:57 -0700
Received: from [10.7.250.156] (/10.7.250.156) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sat, 07 Aug 2010 23:00:57 -0700
Message-ID: <4C5E4818.5040308@oracle.com>
Date: Sun, 08 Aug 2010 00:00:56 -0600
From: Shawn Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.2.4) Gecko/20100610 Lightning/1.0b2 Thunderbird/3.1
MIME-Version: 1.0
To: secdir@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-ippm-twamp-reflect-octets.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] Review of draft-ietf-ippm-twamp-reflect-octets-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Aug 2010 06:01:19 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments.

This draft describes two optional features of the Two-Way Active 
Measurement Protocol (TWAMP):

a. The ability of a controller host to tag packets to allow simplified 
identification.
b. A sender packet format that allows test packets of equal size to be 
sent each way.

The security considerations section does exist and I've followed the 
references to the One-way Active Measurement Protocol (OWAMP) security 
considerations section, which TWAMP extends. OWAMP has a nice write-up 
of the various attacks and how to mitigate such attacks. I don't believe 
the new TWAMP features discussed in this draft introduces any new 
vectors beyond what OWAMP/TWAMP already has.

General comments:

None.

Editorial comments:

Closing parentheses missing:
(by the Server or
Session-Reflector

Shawn.
--