[secdir] Security directorate review of draft-ietf-pim-explicit-tracking [Was: Re: Security directorate reveiw of draft-asaeda-mboned-explicit-tracking

Magnus Nyström <magnusn@gmail.com> Fri, 08 November 2013 04:16 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id C2A3321E8185; Thu, 7 Nov 2013 20:16:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id nobYyAgmSfkN; Thu, 7 Nov 2013 20:16:11 -0800 (PST)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id A94BF21E81B6; Thu, 7 Nov 2013 20:16:05 -0800 (PST)
Received: by mail-wg0-f46.google.com with SMTP id m15so1413635wgh.13 for <multiple recipients>; Thu, 07 Nov 2013 20:16:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=jDZ03fC5k9T95J2YhzdUe19D/eFRiAkACVOP2el3UCY=; b=NtxlzXWSztNNBh7np05KkSVgLpjOxC3PYIIGp3PCDTkoJaB/E9+g4EMNUj38s3PRPz dMWBK/QL3LngfVB4fnx1uf8knj3i1Xv5FbBntvNU+cVS455M5+JrkTYlveOf+qQ/JAN1 e3rejcp0eIsKdYxdcaKQHe7dQFb7GHrI2+5n0vGtuAtV4JOZOwpTR6DtgTTgmGu4EYuZ eiVeqHzDoMHNgGokgIyCMxpmnpgZAig1j5s0to+f0mMty7VB7Upb8D7jdZMsZUG0guY5 h3klrHOkL7FoLBMUeeecAnraz9g/hACTjDzLElahxGVCa3y5Ek5kyTBkweqTs5vZiDOU Y83A==
MIME-Version: 1.0
X-Received: by with SMTP id fp9mr616263wic.33.1383884160941; Thu, 07 Nov 2013 20:16:00 -0800 (PST)
Received: by with HTTP; Thu, 7 Nov 2013 20:16:00 -0800 (PST)
Date: Thu, 7 Nov 2013 20:16:00 -0800
Message-ID: <CADajj4bk2-+_zVOnXW8cZ6_x5_o1dwMvV9Ab7+wYDU6hnnsitg@mail.gmail.com>
From: =?ISO-8859-1?Q?Magnus_Nystr=F6m?= <magnusn@gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-pim-explicit-tracking@tools.ietf.org
Content-Type: multipart/alternative; boundary=001a11c3844cd2c5b504eaa2a377
Cc: "iesg@ietf.org" <iesg@ietf.org>
Subject: [secdir] Security directorate review of draft-ietf-pim-explicit-tracking [Was: Re: Security directorate reveiw of draft-asaeda-mboned-explicit-tracking
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2013 04:16:12 -0000

[I did it again ... Sorry about the incorrect Subject: title, I used the
original draft name, the current name is of course

On Thu, Nov 7, 2013 at 8:13 PM, Magnus Nyström <magnusn@gmail.com>; wrote:

> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors. Document editors and WG chairs should treat these comments just
> like any other last call comments.
> This document describes a tracking function for multicast routers and
> proxies, intended to reduce latencies and network traffic, among other
> things.
> The document seems well written but the security considerations sections
> makes vague references to "serious threats" that may be introduced by
> malicious hosts on the network yet only states that "abuse" can be
> mitigated by limiting the amount of information a router can store (which
> seems like a given anyway?). It would be good if the document enumerated
> the "serious threats" and their mitigations.
> -- Magnus

-- Magnus