[secdir] Secdir last call review of draft-ietf-pals-status-reduction-04

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 30 March 2017 14:53 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 700F3129517; Thu, 30 Mar 2017 07:53:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: <secdir@ietf.org>
Cc: draft-ietf-pals-status-reduction.all@ietf.org, ietf@ietf.org, pals@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.49.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149088558240.15511.14051374750329617951@ietfa.amsl.com>
Date: Thu, 30 Mar 2017 07:53:02 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/63ZRsZnPVkhEEWxKo2Pzk4UN-xw>
Subject: [secdir] Secdir last call review of draft-ietf-pals-status-reduction-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 14:53:03 -0000

Reviewer: Yaron Sheffer
Review result: Ready

This document proposes a way to aggregate status messages of multiple
pseudowires carried on the same MPLS-network LSP.

The Security Considerations simply refer to an earlier RFC, and this
makes sense in this case.

However from a broader perspective, I think the community should
consider another look at its security assumptions. After what we've
seen in recent years, maybe it's not a good idea to refer back to a
2006 document that contains this sentence: "To prevent unwanted packet
insertion, it is also important to prevent unauthorized physical
access to the PSN," We have all learned the hard way that this advice
is not practical - bad actors WILL get physical access to your
network.