[secdir] secdir review of draft-ietf-ippm-model-based-metrics-10
David Mandelberg <david@mandelberg.org> Sun, 12 March 2017 21:14 UTC
Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 2CA05126CD8
for <secdir@ietfa.amsl.com>; Sun, 12 Mar 2017 14:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3qCnkUM1ZUIn for <secdir@ietfa.amsl.com>;
Sun, 12 Mar 2017 14:14:21 -0700 (PDT)
Received: from nm19-vm3.access.bullet.mail.gq1.yahoo.com
(nm19-vm3.access.bullet.mail.gq1.yahoo.com [216.39.63.77])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 6E0B71293FB
for <secdir@ietf.org>; Sun, 12 Mar 2017 14:14:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1489353260; bh=l86TH49w9ozpdk6NfGvcpZxME/lBOB7p2edKmRKYslQ=;
h=To:From:Subject:Date:From:Subject;
b=ZEttXQ0TCPFwjE8UDKOjjNFXh3aHT6GSnWGwk329BlnKfB16+wbXoTynx+Orzv5SuQOI1OWpvjqdMqdsLS7J1+gAnU+cnkRfHB4NrAH6oGYlxu5DMfqjjqrAvnDvpIXjSxsfPYUz618Ax3G2WUZFX+nRzEmco672cFhfHwYtWjAcBleOVTya7inx375YcG6x14wggJbIpyPes3Q8QX+QQAi0jxkDQjqHg12/Y3v4d1b9hdhRYGKpmc1AtNwW5ZHxzJytux1CsDjB6Hud9m1/7X0lqvVjCr3jIiTtY3QZNkmKY+U3gPdkCqBS67WnrjfWiheoKcROUR9ptxLMJBoDSg==
Received: from [216.39.60.172] by nm19.access.bullet.mail.gq1.yahoo.com with
NNFMP; 12 Mar 2017 21:14:20 -0000
Received: from [98.138.226.243] by tm8.access.bullet.mail.gq1.yahoo.com with
NNFMP; 12 Mar 2017 21:14:20 -0000
Received: from [127.0.0.1] by smtp114.sbc.mail.ne1.yahoo.com with NNFMP;
12 Mar 2017 21:14:20 -0000
X-Yahoo-Newman-Id: 321652.22938.bm@smtp114.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: hd47o3MVM1nZM06_jzkP52dh4UHcevU1o9fnGKWaGKCDM95
9rnHMw8ygXH45jTXbc7eDDIrFX_a8.sIoU1M7yASP4itktixVcFM79hipEtW
BSyXZ2wGn.urq_Zq.0sxoraSVLPgG3q_ffLQgo4rlwIKIJ2AbB8zA8uoU.kK
M6MZIGcq9HlnJm5Y7o5JHlWLNU5YjKaDS_rredPo3kHuYQA22Ehe_czzq_6c
nji2xNoRCbOnkaDYYWZH5PCWnqJj1xzlUtUtF5fpG0a_xhxNH802dx7N7NMJ
s1LkfLOGyukJbmW.7UrpnPF_03gZGt9iCJgDdJUGgvoBRLIOVXc8PdMNSNk8
JnsyRhDO9hg.fWeRmYR5VVGCNB8jB4on1wfpAqzIapvyOFeu3Cw4DU_26YAZ
zu8.sUJJhkQudt1r1TsJilP.AeTmaUw6CBL6SX95YBSKuxGFXRVRCxR63dlE
QaK1LXV12bZ5wTcXRC4I7uejk1nqkLCk64nAi0oJPVn4jcV0.dZQKlSkQtWw
Z2Z9ZJCkSkNWxpdOj5akDFHzqzXl9jExBZjgQjl5Bpg--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from [192.168.1.152] (DD-WRT [192.168.1.1])
by uriel.mandelberg.org (Postfix) with ESMTPSA id 248D81C6034;
Sun, 12 Mar 2017 17:14:19 -0400 (EDT)
To: iesg@ietf.org, secdir@ietf.org,
draft-ietf-ippm-model-based-metrics.all@ietf.org
From: David Mandelberg <david@mandelberg.org>
Message-ID: <5e4d6947-30ed-60c6-d9ab-b2af4485f82c@mandelberg.org>
Date: Sun, 12 Mar 2017 17:14:15 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Thunderbird/45.7.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="PXX7hQvDGpWn6QLNa47nPtsNJxRDinrMu"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/AXx23P_QT2NCsMI6wcjJwEkgzTc>
Subject: [secdir] secdir review of draft-ietf-ippm-model-based-metrics-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>,
<mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>,
<mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Mar 2017 21:14:23 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This experimental draft "provides a framework for designing suites of IP diagnostic tests" to measure a network path's bulk transport capacity. As mentioned in the security considerations, actual attempts at measurement might be subject to manipulation by an attacker. As I understand it, the framework in this document neither attempts to prevent such attacks, nor makes them any more likely. The only other relevant potential security issue I could think of is whether measurement system(s) using this framework could be co-opted by an attacker to cause a denial of service to a specific network path. I think this would depend entirely on the implementation of a system designed using the framework in this document, and is therefore pretty far removed from this document itself. An attack like this also might not be possible because of some part of the framework that I missed. So I'll trust the authors' and/or working group's judgment on what to do with this comment. I think this draft is somewhere between (inclusive) Ready and Ready With Issues, depending on how far off-base my point about denial of service is. I'm leaning towards Ready. -- David Eric Mandelberg / dseomn http://david.mandelberg.org/
- [secdir] secdir review of draft-ietf-ippm-model-b… David Mandelberg
- Re: [secdir] secdir review of draft-ietf-ippm-mod… Matt Mathis