Re: [secdir] Secdir review of draft-ietf-mpls-tp-nm-req-05.txt
Eric Gray <eric.gray@ericsson.com> Wed, 07 October 2009 11:08 UTC
Return-Path: <eric.gray@ericsson.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A7B2028C15C; Wed, 7 Oct 2009 04:08:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.372
X-Spam-Level:
X-Spam-Status: No, score=-5.372 tagged_above=-999 required=5 tests=[AWL=1.227, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8i4yoyOitLpf; Wed, 7 Oct 2009 04:08:03 -0700 (PDT)
Received: from imr2.ericy.com (imr2.ericy.com [198.24.6.3]) by core3.amsl.com (Postfix) with ESMTP id 9181E28C15B; Wed, 7 Oct 2009 04:08:03 -0700 (PDT)
Received: from eusrcmw750.eamcs.ericsson.se (eusrcmw750.exu.ericsson.se [138.85.77.50]) by imr2.ericy.com (8.13.1/8.13.1) with ESMTP id n97B9SvT021821; Wed, 7 Oct 2009 06:09:31 -0500
Received: from eusrcmw751.eamcs.ericsson.se ([138.85.77.51]) by eusrcmw750.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Wed, 7 Oct 2009 06:09:30 -0500
Received: from eusaamw0706.eamcs.ericsson.se ([147.117.20.31]) by eusrcmw751.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Wed, 7 Oct 2009 06:09:30 -0500
Received: from EUSAACMS0701.eamcs.ericsson.se ([169.254.1.112]) by eusaamw0706.eamcs.ericsson.se ([147.117.20.31]) with mapi; Wed, 7 Oct 2009 07:09:30 -0400
From: Eric Gray <eric.gray@ericsson.com>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Date: Wed, 07 Oct 2009 07:09:27 -0400
Thread-Topic: Secdir review of draft-ietf-mpls-tp-nm-req-05.txt
Thread-Index: AcpF/8sLTZXa7qQ6QXWrlXJ1vfqMGwBPEM8g
Message-ID: <C0AC8FAB6849AB4FADACCC70A949E2F193A244B1@EUSAACMS0701.eamcs.ericsson.se>
References: <4ACA5FC1.1050704@gondrom.org>
In-Reply-To: <4ACA5FC1.1050704@gondrom.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 07 Oct 2009 11:09:30.0560 (UTC) FILETIME=[A46C8400:01CA473E]
Cc: "swallow@cisco.com" <swallow@cisco.com>, "tim.polk@nist.gov" <tim.polk@nist.gov>, "Pasi.Eronen@nokia.com" <Pasi.Eronen@nokia.com>, Scott Mansfield <scott.mansfield@ericsson.com>, "adrian.farrel@huawei.com" <adrian.farrel@huawei.com>, "hklam@Alcatel-Lucent.com" <hklam@Alcatel-Lucent.com>, "loa@pi.nu" <loa@pi.nu>
Subject: Re: [secdir] Secdir review of draft-ietf-mpls-tp-nm-req-05.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2009 11:08:04 -0000
Tobias, Thanks for your review and comments. The decision to publish this document as a standards track RFC was based on the previous restriction that ITU-T cannot refer to an Informational RFC. This restriction has only just been relaxed to allow references to an RFC that results from the IETF consensus process, so it may no longer be necessary to publish this draft as a standards track RFC. That decision is out of my hands. Some definitions included are verbatim extractions from ITU-T publications, taken to avoid the need for a normative reference to those publications. As such, they are not actually subject to change and - if you disagree with them - I would suggest taking it up with applicable Questions in Study Group 15 at ITU-T. We tried to clarify the use of RFC 2119 language in this document and were somewhat limited in our ability to do so by the requirements enforced by "idnits" that the text must appear verbatim in the draft. The intent in - for example - making a statement that the NE MUST perform persistency checks is to ensure protocol and management specifications ensure that doing so is possible based on configuration. The case where persitistency checking is effectively disabled by configuration could be considered the degenerate case where required persistency is zero. The intention with alarm suppression is that some alarms are not desired in some configurations or under some conditions. Escalation procedures MAY, in certain situations, result in escalating an alarm condition to one that is not suppressed. Hence - to directly answer your question - suppression is permanent for those specific alarms for which it is configured, and as long as it is not configured otherwise. The instance of "the" that you pointed out should be changed to "that" as you suggest. Again, thanks for the review! -- Eric -----Original Message----- From: Tobias Gondrom [mailto:tobias.gondrom@gondrom.org] Sent: Monday, October 05, 2009 5:06 PM To: iesg@ietf.org; secdir@ietf.org Cc: tim.polk@nist.gov; Pasi.Eronen@nokia.com; Eric Gray; Scott Mansfield; hklam@Alcatel-Lucent.com; swallow@cisco.com; loa@pi.nu; adrian.farrel@huawei.com Subject: Secdir review of draft-ietf-mpls-tp-nm-req-05.txt I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. 0. From the security perspective, the requirements in this document appear to be sufficient, though not very detailed. As it's a requirments doc, this is ok. Obviously, I assume following specifications will be more detailed in how the described security requirments are satisfied. 1. DISCUSS: Question: as the document describes requirements and is in wide areas unprecise in how they shall be implemented I wonder why it aims to be "Standards Track" and not "Informational"? 2. COMMENT: Question: section Terminology: "Fault: A fault is the inability of a function to perform a required action. This does not include an inability due to preventive maintenance, lack of external resources, or planned actions (from [21], 3.26)." Why does a lack of external resources not constitute a fault? (the other two reasons I can understand but this one not? 3. COMMENT: section 5.2: "The MPLS-TP NE MUST perform persistency checks on fault causes before it declares a fault cause a failure." I am not sure whether a "SHOULD" would be more appropriate here: First, depending on the type of fault a NE my consider a failure after the first fault cause and Second, two paragraphs below, you speak of configurable time "A data-plane forwarding path failure MUST be declared if the fault cause persists continuously for a configurable time (Time-D). The failure MUST be cleared if the fault cause is absent continuously for a configurable time (Time-C)." if it is configurable, it may also be configured to infinite small, which kind of contradicts with the "MUST" for persistency check? 4. COMMENT: Section 5.3.2: Question: should this "An MPLS-TP NE MUST support suppression of alarms based on configuration." be changed to "An MPLS-TP NE MUST support suppression of alarms based on configuration and for a limited time." Or do you may not want to allow infinite and unlimited suppression of alarms? 6. s/An MPLS-TP NE MUST support secure management protocols and SHOULD do so in a manner the reduce potential impact of a DoS attack./An MPLS-TP NE MUST support secure management protocols and SHOULD do so in a manner that reduces potential impact of a DoS attack. Kind regards, Tobias Tobias Gondrom email: tobias.gondrom@gondrom.org
- [secdir] Secdir review of draft-ietf-mpls-tp-nm-r… Tobias Gondrom
- Re: [secdir] Secdir review of draft-ietf-mpls-tp-… Eric Gray
- Re: [secdir] Secdir review of draft-ietf-mpls-tp-… Loa Andersson