Re: [secdir] SecDir review of draft-ietf-pce-gmpls-aps-req-08
"Ogaki, Kenichi" <ke-oogaki@kddi.com> Mon, 24 June 2013 00:34 UTC
Return-Path: <ke-oogaki@kddi.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55CEA21F9FDC; Sun, 23 Jun 2013 17:34:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KBpsHXI6i7+Y; Sun, 23 Jun 2013 17:34:08 -0700 (PDT)
Received: from UTMC1103.kddi.com (athena.kddi.com [210.141.112.39]) by ietfa.amsl.com (Postfix) with ESMTP id B534B21F9FD8; Sun, 23 Jun 2013 17:34:07 -0700 (PDT)
Received: from UTMC1132 (unknown [10.5.16.195]) by UTMC1103.kddi.com (Postfix) with SMTP id 2725E297D; Mon, 24 Jun 2013 09:34:05 +0900 (JST)
Received: from UTMC1122.kddi.com (localhost [127.0.0.1]) by localhost.kddi.com (Postfix) with ESMTP id 34785174FC; Mon, 24 Jun 2013 09:33:57 +0900 (JST)
Received: from LTMC1006.kddi.com (unknown [10.5.16.217]) by UTMC1122.kddi.com (Postfix) with ESMTP id 12AE9174F9; Mon, 24 Jun 2013 09:33:57 +0900 (JST)
Received: from LTMC1006.kddi.com (localhost.localdomain [127.0.0.1]) by LTMC1006.kddi.com with ESMTP id r5O0XuHv022717; Mon, 24 Jun 2013 09:33:56 +0900
Received: from LTMC1006.kddi.com.mid_18574161 (localhost.localdomain [127.0.0.1]) by LTMC1006.kddi.com with ESMTP id r5O0NusQ012650; Mon, 24 Jun 2013 09:23:56 +0900
Received: from KDDI0802PC0412 ([10.200.132.0] [10.200.132.0]) by post-zip.kddi.com with ESMTPA; Mon, 24 Jun 2013 09:23:55 +0900
From: "Ogaki, Kenichi" <ke-oogaki@kddi.com>
To: adrian@olddog.co.uk, 'Yaron Sheffer' <yaronf.ietf@gmail.com>
References: <51BE1BC7.9080500@gmail.com> <010f01ce6ace$15788430$40698c90$@olddog.co.uk>
In-Reply-To: <010f01ce6ace$15788430$40698c90$@olddog.co.uk>
Date: Mon, 24 Jun 2013 09:23:58 +0900
Message-Id: <018101ce7071$1f659750$5e30c5f0$@kddi.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Content-language: ja
Thread-index: AQHLh0WB0VH4mHfmMihaopBkqTJ8YwFMY//RmT9vj4A=
X-SA-MID: 18574161
X-WAuditID: 1306240933570000202616
X-Mailman-Approved-At: Mon, 24 Jun 2013 02:24:45 -0700
Cc: draft-ietf-pce-gmpls-aps-req.all@tools.ietf.org, 'The IESG' <iesg@ietf.org>, 'IETF Security Directorate' <secdir@ietf.org>
Subject: Re: [secdir] SecDir review of draft-ietf-pce-gmpls-aps-req-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2013 00:34:12 -0000
Dear Yaron an Adrian, Thank you for your comments. To address your comments, we propose the texts for Sec. 4. Security Considerations as follows: PCEP extensions to support GMPLS should be considered under the same security as current PCE work and this extension will not change the underlying security issues. Sec. 10 of [RFC5440] describes the list of security considerations in PCEP. At the time [RFC5440] was published, TCP Authentication Option (TCP-AO) had not been fully specified for securing the TCP connections that underlie PCEP sessions. TCP-AO [RFC5925] has now been published and PCEP implementations should fully support TCP-AO according to [RFC6952]. Thanks, Kenichi -- Kenichi Ogaki KDDI | IP Transport Network Development Dept. +81-(0)80-5945-9138 | www.kddi.com > -----Original Message----- > From: Adrian Farrel [mailto:adrian@olddog.co.uk] > Sent: Monday, June 17, 2013 5:14 AM > To: 'Yaron Sheffer' > Cc: 'IETF Security Directorate'; 'The IESG'; > draft-ietf-pce-gmpls-aps-req.all@tools.ietf.org > Subject: RE: SecDir review of draft-ietf-pce-gmpls-aps-req-08 > > Hi, > > Thanks Yaron. > > You're right about pointing to 5440. That document notes that TCP-AO should > be used once it becomes available, and since it has done, a pointer to RFC > 6952 would also be helpful. > > Cheers, > Adrian > > > -----Original Message----- > > From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf > > Of Yaron Sheffer > > Sent: 16 June 2013 21:11 > > To: IETF Security Directorate; The IESG; draft-ietf-pce-gmpls-aps- > > req.all@tools.ietf.org > > Subject: SecDir review of draft-ietf-pce-gmpls-aps-req-08 > > > > I have reviewed this document as part of the security directorate's > > ongoing effort to review all IETF documents being processed by the IESG. > > These comments were written primarily for the benefit of the security > > area directors. Document editors and WG chairs should treat these > > comments just like any other last call comments. > > > > This document defines additional GMPLS-specific requirements on the > > PCE architecture. > > > > It would be an understatement to characterize this reviewer as a > > non-expert on PCE and GMPLS. That being said, I believe the Security > > Considerations are correct in saying that this document does not add > > any additional security issues on top of PCE. > > > > I would recommend to add a pointer to where such considerations are in > > fact listed, e.g. Sec. 10 of RFC 5440. Though security folks will > > cringe at TCP-MD5 being described as the most practical security > > solution in that section. > > > > Thanks, > > Yaron
- [secdir] SecDir review of draft-ietf-pce-gmpls-ap… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-pce-gmpl… Adrian Farrel
- Re: [secdir] SecDir review of draft-ietf-pce-gmpl… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-pce-gmpl… Ogaki, Kenichi