Re: [secdir] secdir review of draft-ietf-ospf-dynamic-hostname
"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Fri, 03 July 2009 02:26 UTC
Return-Path: <cpignata@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7000F3A67EA for <secdir@core3.amsl.com>; Thu, 2 Jul 2009 19:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.532
X-Spam-Level:
X-Spam-Status: No, score=-4.532 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybyBBLTe7rZz for <secdir@core3.amsl.com>; Thu, 2 Jul 2009 19:26:11 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id BDF2D3A697F for <secdir@ietf.org>; Thu, 2 Jul 2009 19:26:10 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.42,338,1243814400"; d="scan'208";a="49303315"
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-1.cisco.com with ESMTP; 03 Jul 2009 02:26:27 +0000
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id n632QR1g008168; Thu, 2 Jul 2009 22:26:27 -0400
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n632QR2M017730; Fri, 3 Jul 2009 02:26:27 GMT
Received: from xmb-rtp-204.amer.cisco.com ([64.102.31.25]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Jul 2009 22:26:27 -0400
Received: from 171.70.151.174 ([171.70.151.174]) by xmb-rtp-204.amer.cisco.com ([64.102.31.25]) with Microsoft Exchange Server HTTP-DAV ; Fri, 3 Jul 2009 02:26:26 +0000
Message-ID: <D5403E17-8C3F-4EE0-9F2E-8D634A2A51E1@cisco.com>
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: secdir-secretary@mit.edu
Thread-Topic: secdir review of draft-ietf-ospf-dynamic-hostname
Thread-Index: Acn7hao0DQ4p4FGIRHCNsN/I9Vv43w==
In-Reply-To: <alpine.BSF.2.00.0907020059380.38071@fledge.watson.org>
Content-Type: text/plain; format="flowed"; delsp="yes"; charset="us-ascii"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0 (iPhone Mail 7A341)
Date: Thu, 02 Jul 2009 22:26:17 -0400
References: <alpine.BSF.2.00.0907020059380.38071@fledge.watson.org>
X-OriginalArrivalTime: 03 Jul 2009 02:26:27.0006 (UTC) FILETIME=[AAB635E0:01C9FB85]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1508; t=1246587987; x=1247451987; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=cpignata@cisco.com; z=From:=20=22Carlos=20Pignataro=20(cpignata)=22=20<cpignata@ cisco.com> |Subject:=20Re=3A=20secdir=20review=20of=20draft-ietf-ospf- dynamic-hostname |Sender:=20 |To:=20<secdir-secretary@mit.edu>; bh=VJKyA+ZqGLIjjzFL+3xRvZZtWP4tovXN+wBaJyP3+OY=; b=miPFGKNawFzWj9j2CM0lKwm5GiNDUCMgq8Rh6mRtccjvKzBAtH225JXid5 PA3ubY99ZB0sXdf2dXkwyucrjG31ZKBuY/YATYD3tQBGwdKEDuRp7Po6Gu5b BSMQ+c59IW;
Authentication-Results: rtp-dkim-2; header.From=cpignata@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
Cc: ospf-chairs@tools.ietf.org, draft-ietf-ospf-dynamic-hostname@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-ospf-dynamic-hostname
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2009 02:26:12 -0000
Many Thanks for your review, Sam. -- Thumb typed by Carlos Pignataro. On Jul 2, 2009, at 1:14 AM, "Samuel Weiler" <weiler+secdir@watson.org> wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should > treat these comments just like any other last call comments. > > > The dynamic hostname TLV is an optional in-band mechanism to provide > human-friendly symbolic names that map to router IDs. > > The security considerations section 1) encourages the use of OSPF > authentication and 2) calls out the grand fun possible if a > misconfigured or compromised router sends bad mappings. While > that's probably less fun than could be had from just sending bad > routing data, it adds an extra level of complexity to the debugging > when these new symbolic names, as shown in config and debugging > tools, don't match the expected router IDs. But I'm not sure > anything more really needs to be said here. > > Resource exhaustion, as raised by Robert Sparks, looks to be a > possibility, but I could go either way on whether it's worth adding > words about it specifically -- do we need to call out the potential > for resource exhaustion for every field in every protocol? > > I'd let the doc go as-is. > > -- Sam >
- [secdir] secdir review of draft-ietf-ospf-dynamic… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-ospf-dyn… Carlos Pignataro (cpignata)