[secdir] SECDIR review of draft-ietf-dime-agent-overload-08

Watson Ladd <watsonbladd@gmail.com> Thu, 19 January 2017 01:21 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6AF41295A6 for <secdir@ietfa.amsl.com>; Wed, 18 Jan 2017 17:21:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XgvFk69h9ohQ for <secdir@ietfa.amsl.com>; Wed, 18 Jan 2017 17:21:04 -0800 (PST)
Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F8601293E9 for <secdir@ietf.org>; Wed, 18 Jan 2017 17:21:04 -0800 (PST)
Received: by mail-yw0-x230.google.com with SMTP id l19so21270363ywc.2 for <secdir@ietf.org>; Wed, 18 Jan 2017 17:21:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=+chUuSTg7A3vekhlDAZjQBlElakGJJCRG5DGQHAFBJk=; b=afSkKqxy6/E2nwe/e/Gnkl8118QsTorR8Aly4jVK/qD9ixEnUNUSos9peJc3bR6BgU a+37I1W+FHfoBimExSLVF1yKH1oJlf7s0ejtyQMOn/VDWXlV8bzBcJzfy9H2G5mKusWc ykd1oBPn8EvdWFTFo11t3oVcSCxZ5shOqP3ACKjyzLp0QWoplz6g1uTlxkxx4XG282SV drWb6J8MP/efx/WO8Fib6zt7M3R0iMHI/ZVnZ0NJtJ4zqp2N3g0OQE6roeNkZZYxc2TS VYvRBIwSW8KsBqV8GIeCoaGpbL/KgjarkGDVnhDMcICf/Que2LrvrYtHRtOA2JSl7Dfz 7+Bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+chUuSTg7A3vekhlDAZjQBlElakGJJCRG5DGQHAFBJk=; b=XgjnCJL0MQgaBgYfibOjBBsBGVirga1pMv2WAYdtvR/vdOm6SRAUX4tV7YGbngubcc 5d1QLfbklTaC5HYXD/yQZDNozsbSzN8Gdas3Sie95ypdx3EEljPX+7MkTmG5PDFnr7Nt tSpimRztmnKCLm7V/5husj/sEC20IrSuGzwlXdHQOjvCHNpWTu+DVx++3tDrTVCpNl3i PRuUZ+eOUzcSdkxex+GhheNEhlnDV63HP883cKEkcEdT1ZO/AWW036qzEv5zEggy4kHQ 0pMz0RKZwosGslb9I5YGe9TGNHAo/ugBEIGVqCs8myWgwwyne0QV6Sr7Y9hJL6a+J37b bTYQ==
X-Gm-Message-State: AIkVDXKIR67CxI2TF0dzlEQQPNuSlHMCTT8uafnQgM1qVbrl8+bv+sohufhrjKk3dT0FYoWhXDCcyGVwvH/rBQ==
X-Received: by 10.13.240.7 with SMTP id z7mr4671344ywe.37.1484788863422; Wed, 18 Jan 2017 17:21:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.235.136 with HTTP; Wed, 18 Jan 2017 17:21:03 -0800 (PST)
From: Watson Ladd <watsonbladd@gmail.com>
Date: Wed, 18 Jan 2017 17:21:03 -0800
Message-ID: <CACsn0cntjB4OXpFm0YF6iotG73zi-2yfOf5pLq_kyx-BJZo15Q@mail.gmail.com>
To: draft-ietf-dime-agent-overload.all@tools.ietf.org, secdir@ietf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/F0844wnzyNFKbYzhDszyrlqXts4>
Subject: [secdir] SECDIR review of draft-ietf-dime-agent-overload-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2017 01:21:06 -0000

I have reviewed this as part of the SECDIR effort to review all
documents. I believe it is ready with nits.

I am concerned that this document doesn't adequately address the
consequences of malicious insertion of overload reports. While I am
not an expert on Diameter (and in particular what kinds of
authentication are used), merely noting that a malicious report can
have negative consequences is not enough. Mechanisms should be defined
to prevent this, such as authenticating all connections and ensuring
that reports only apply to the nodes that send them. The fact that
Diameter connections are authenticated may or may not be enough.

Sincerely,
Watson Ladd