Re: [secdir] SECDIR review of draft-ietf-mpls-tp-oam-requirements-03
Phillip Hallam-Baker <hallam@gmail.com> Sat, 21 November 2009 16:24 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 592D83A69E6 for <secdir@core3.amsl.com>; Sat, 21 Nov 2009 08:24:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pIZK2dbswKEn for <secdir@core3.amsl.com>; Sat, 21 Nov 2009 08:24:37 -0800 (PST)
Received: from mail-yx0-f192.google.com (mail-yx0-f192.google.com [209.85.210.192]) by core3.amsl.com (Postfix) with ESMTP id 2E5BA3A69E4 for <secdir@ietf.org>; Sat, 21 Nov 2009 08:24:37 -0800 (PST)
Received: by yxe30 with SMTP id 30so4578861yxe.29 for <secdir@ietf.org>; Sat, 21 Nov 2009 08:24:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=RZdapHHnpdM72p0xl86AIh/lv6oU/hImMj3k2iQmfCU=; b=AE+sckYc9xEohlG4LCy/3qJ9iaPZECNxSnpceT20AJOlOc91lizRvCBWwQbAdhovRJ e2j/iMWKU1It2/T0qnNiSvlGyMeUTOk5gRoK+sl7UhixLDljK7dJQBeBDgz6vtbP6itv SaAhSuMWe+UurFi9T+ldOEU+kilRgcJ/XNwig=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=B3CSVSsXdZDu1okwIWoJW8oiObbA5dOjQrIeXsfV3ZrTIGONHTOmwgS2axPJzOrAuY eXSp85T5emZoXLHxvZ9Hqo+Wr8SW49qJ6e9m7fwVIrT9Jdlg/5B75HA4TyrFxWQXhTIQ lkLHqCCx6DNvySbtV9okvDy1du3LRkkzKnfZk=
MIME-Version: 1.0
Received: by 10.90.16.38 with SMTP id 38mr4085910agp.112.1258820670590; Sat, 21 Nov 2009 08:24:30 -0800 (PST)
In-Reply-To: <4B03E456.7040900@alcatel-lucent.com>
References: <a123a5d60910061942h8f0504cjf7e1c3525c364d4d@mail.gmail.com> <4B03E456.7040900@alcatel-lucent.com>
Date: Sat, 21 Nov 2009 11:24:30 -0500
Message-ID: <a123a5d60911210824y263f7bf6l90bc7c28cc1202c6@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Martin Vigoureux <martin.vigoureux@alcatel-lucent.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dward@cisco.com, malcolm.betts@huawei.com, secdir@ietf.org
Subject: Re: [secdir] SECDIR review of draft-ietf-mpls-tp-oam-requirements-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Nov 2009 16:24:38 -0000
Yes, that works for me. On Wed, Nov 18, 2009 at 7:11 AM, Martin Vigoureux <martin.vigoureux@alcatel-lucent.com> wrote: > Dear Phillip, > > thanks for your review. > Would the following rephrasing (of the Security Considerations) > satisfy your expectations? > For your information, Tim Polk had a similar type of comment > as part of IESG Review and is ok with the text proposed below. > Thanks > > martin > > > OLD > In general, mechanisms SHOULD be provided to ensure that OAM > functions cannot be accessed unauthorized. > > Further, OAM messages MAY be authenticated to prove their origin and > to make sure that they are destined for the receiving node. > > An OAM packet received over a PW, LSP or Section MUST NOT be > forwarded beyond the End Point of that PW, LSP or Section, so as to > avoid that the OAM packet leaves the current administrative domain. > NEW > OAM systems (network management stations) SHOULD be designed such > that OAM functions cannot be accessed without authorization. > > OAM protocol solutions MUST include the facility for OAM messages to > authenticated to prove their origin and to make sure that they are > destined for the receiving node. The use of such facilities MUST be > configurable. > > An OAM packet received over a PW, LSP or Section MUST NOT be > forwarded beyond the End Point of that PW, LSP or Section, so as to > avoid that the OAM packet leaves the current administrative domain. > > > Phillip Hallam-Baker a écrit : >> >> I am reviewing this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the >> IESG. These comments were written primarily for the benefit of the >> security area directors. Document editors and WG chairs should treat >> these comments just like any other last call comments. Feel free to >> forward to any appropriate forum. >> >> >> This documents sets out requirements for Operations, Administration >> and Maintenance of MPLS Transport Profile. >> >> It is a high level architectural requirements document, intentionally >> separated from the details of specific implementations. As such it is >> appropriate for the security considerations section to be at a high >> level. >> >> It is however a mystery to this reader why encryption is specified as >> a should but integrity protections only merit a MAY. I would be much >> more reassured by a document that ignores confidentiality issues >> completely (as has been the general policy for low level routing &ct.) >> and points out the fact that this is yet another opportunity for a >> malicious party to play merry heck by introducing bogus data that >> other parts of the network will then operate on. >> >> For example, introduction of bogus messages would allow an attacker to >> reserve excessive bandwidth in the name of another party, possibly >> performing a DoS attack or possibly to perform a financial fraud, >> causing some party to incur costs for bandwidth not required. >> >> In comparison the confidentiality issues are rather minor, and in any >> event almost certainly subsumed by the fact that anyone who can >> observe the content of the OAM packets can almost certainly observe >> the volumes of the data flows and infer that information. While >> confidentiality is a nice to have, it is not worth much without >> integrity. >> >> I suggest that the security considerations section makes the ability >> to support integrity protections a MUST or SHOULD requirement. If only >> a SHOULD is applied, confidentiality would be better demoted to MAY. >> > -- -- New Website: http://hallambaker.com/ View Quantum of Stupid podcasts, Tuesday and Thursday each week, http://quantumofstupid.com/
- [secdir] SECDIR review of draft-ietf-mpls-tp-oam-… Phillip Hallam-Baker
- Re: [secdir] SECDIR review of draft-ietf-mpls-tp-… Martin Vigoureux
- Re: [secdir] SECDIR review of draft-ietf-mpls-tp-… Phillip Hallam-Baker