IETF Logo Mail Archive

[secdir] secdir review of draft-ietf-conex-mobile-05

"Xialiang (Frank)" <frank.xialiang@huawei.com> Fri, 11 September 2015 00:49 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46A901B4302; Thu, 10 Sep 2015 17:49:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ThQudoNYpEVW; Thu, 10 Sep 2015 17:49:35 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 505101B2D58; Thu, 10 Sep 2015 17:49:34 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml404-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BXM03819; Fri, 11 Sep 2015 00:49:32 +0000 (GMT)
Received: from SZXEMA412-HUB.china.huawei.com (10.82.72.71) by lhreml404-hub.china.huawei.com (10.201.5.218) with Microsoft SMTP Server (TLS) id 14.3.235.1; Fri, 11 Sep 2015 01:49:30 +0100
Received: from SZXEMA502-MBS.china.huawei.com ([169.254.4.68]) by SZXEMA412-HUB.china.huawei.com ([10.82.72.71]) with mapi id 14.03.0235.001; Fri, 11 Sep 2015 08:49:25 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: secdir <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-conex-mobile.all@ietf.org" <draft-ietf-conex-mobile.all@ietf.org>
Thread-Topic: secdir review of draft-ietf-conex-mobile-05
Thread-Index: AdDsK7I1VyJu7Bl6QJ2ZXX3RKt6srw==
Date: Fri, 11 Sep 2015 00:49:24 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12AE63401@SZXEMA502-MBS.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.135.43.91]
Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F12AE63401SZXEMA502MBSchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/F9EsCWkOrfZnMnIPZtl7USyqP9o>
Subject: [secdir] secdir review of draft-ietf-conex-mobile-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2015 00:49:37 -0000

Hi,
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comment.

This memo describes a mobile communications use case for congestion exposure (ConEx) with a particular focus on those mobile communication networks that are architecturally similar to the 3GPP Evolved Packet System (EPS).

I have the following comments:

l  1. It should be helpful to consider the communication security between the ConEx senders and receivers such as the Confidentiality, data integrity and peer entity authentication in the security considerations part. Because in general, the corresponding risks are still possible to exist.

l  2. The authentication mechanism among all the elements of ConEx solution should also be considered to handle the condition of faked messages or invalid peer elements.

Recommendation:  Ready With Issues

B.R.
Frank

v2.23.0 | Report a Bug | By Email