[secdir] secdir review of draft-ietf-mpls-lsp-ping-relay-reply

Sean Turner <turners@ieca.com> Sat, 13 December 2014 19:29 UTC

Return-Path: <turners@ieca.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 6FC261A1B36 for <secdir@ietfa.amsl.com>; Sat, 13 Dec 2014 11:29:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id rTFpvfdLcJ3V for <secdir@ietfa.amsl.com>; Sat, 13 Dec 2014 11:29:21 -0800 (PST)
Received: from gateway01.websitewelcome.com (gateway01.websitewelcome.com []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 894461A1AF6 for <secdir@ietf.org>; Sat, 13 Dec 2014 11:29:21 -0800 (PST)
Received: by gateway01.websitewelcome.com (Postfix, from userid 5007) id EB4C7767DAE38; Sat, 13 Dec 2014 13:29:20 -0600 (CST)
Received: from gator3286.hostgator.com (gator3286.hostgator.com []) by gateway01.websitewelcome.com (Postfix) with ESMTP id D9BD9767DAE18 for <secdir@ietf.org>; Sat, 13 Dec 2014 13:29:20 -0600 (CST)
Received: from [] (port=63359 helo=[]) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <turners@ieca.com>) id 1XzsNT-0000rk-Tq; Sat, 13 Dec 2014 13:29:20 -0600
From: Sean Turner <turners@ieca.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Message-Id: <B04C70D5-6C5C-4962-8867-32F68AF74D47@ieca.com>
Date: Sat, 13 Dec 2014 14:29:18 -0500
To: draft-ietf-mpls-lsp-ping-relay-reply@tools.ietf.org, secdir@ietf.org, The IESG <iesg@ietf.org>, ietf@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Exim-ID: 1XzsNT-0000rk-Tq
X-Source-Sender: ([]) []:63359
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 3
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/Cy13MkPMP8dRcC8xkOHW-oAWpjM
Subject: [secdir] secdir review of draft-ietf-mpls-lsp-ping-relay-reply
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Dec 2014 19:29:24 -0000

Do not be alarmed.  I have reviewed this document as part of the
security directorate’s ongoing effort to review all IETF documents being
processed by the IESG.  These comments were written with the intent
of improving security requirements and considerations in IETF drafts.
Comments not addressed in last call may be included in AD reviews
during the IESG review.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Version: 06
Summary: Ready with some non-security/non-privacy nits.

Ping mechanisms always give me the heebie-jeebies [1]
because of the security concerns associated with them (i.e., DoS, 
spoofing/hijacking/etc., and unauthorized disclosure).  This document
specifies an extension to the existing ECHO mechanism in RFC 4379
and it does nothing to address these concerns in fact it increases the
concerns wrt DoS. *BUT* it rightly points this increase exposure out in
the security considerations section.  It provides remediation techniques
similar to those specified in RFC 4379: rate limit and validate source
against access list.  This draft, unlike RFC 4379, does recommend that
operators wishing to not disclose their nodes blank the address out in
the TLV.  This draft also refers to RFC 4379 for additional security

WARNING - questions and nits follow:

s3 - 1st paragraph: Relayed Echo Reply “replaces” Echo Reply - does this
mean you’re deprecating the use of “Echo Reply”?

s4.1: Is the outermost label allowed to be set to 255 to support the
“ping” mode or must it always be set to 1, 2, etc. to support “traceroute"
mode - as described in RFC 4379 s4.3?   I know s5 is just an example
but it really looks like this extension is just supposed to be for fault

s4.1 - last paragraph: Does the next initiator put it’s address in the stack
before or after the previous initiator?  I assume it’s after, but I maybe
missed that part?  Would be good to state that explicitly.


[1] http://en.wikipedia.org/wiki/Heebie-jeebies_(idiom)