[secdir] secdir review of draft-ietf-pce-pcep-exp-codepoints-04
Taylor Yu <tlyu@mit.edu> Thu, 11 January 2018 03:49 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5C33126CF9; Wed, 10 Jan 2018 19:49:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xq9Y0SoXet30; Wed, 10 Jan 2018 19:49:49 -0800 (PST)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D70D126C3D; Wed, 10 Jan 2018 19:49:48 -0800 (PST)
X-AuditID: 1209190c-76bff700000049ec-9e-5a56dedba35c
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 52.81.18924.BDED65A5; Wed, 10 Jan 2018 22:49:47 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w0B3nkCY022912; Wed, 10 Jan 2018 22:49:46 -0500
Received: from localhost (nyc-02.triskelion.com [162.243.175.178]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w0B3nipo010555; Wed, 10 Jan 2018 22:49:45 -0500
From: Taylor Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-pce-pcep-exp-codepoints.all@ietf.org
Date: Thu, 11 Jan 2018 03:49:44 +0000
Message-ID: <ldv373d5a1z.fsf@ubuntu-1gb-nyc1-01.localdomain>
Lines: 20
MIME-Version: 1.0
Content-Type: text/plain
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrBIsWRmVeSWpSXmKPExsUixCmqrXv7XliUQf96VYv1PTuZLWb8mchs 8WHhQxYHZo8lS34yBTBGcdmkpOZklqUW6dslcGW03JzPXHCUveLS8g2MDYxz2LoYOTkkBEwk DrZ9BbK5OIQEFjNJdK3bDeVsZJSYurwDyvnGKPFqzVbWLkYODjYBOYnLt4JBukUEYiT+vO9i B7GFBewl9v34yQRiswioSryZMA0szitgIzHj70wWEJtHgFNi0e95bBBxQYmTM5+AxZkFJCQO vnjBPIGRZxaS1CwkqQWMTKsYZVNyq3RzEzNzilOTdYuTE/PyUot0DfVyM0v0UlNKNzGCA0aS ZwfjmTdehxgFOBiVeHgZhcOihFgTy4orcw8xSnIwKYnyBnKGRgnxJeWnVGYkFmfEF5XmpBYf YpTgYFYS4V0cCFTOm5JYWZValA+TkuZgURLndTfRjhISSE8sSc1OTS1ILYLJynBwKEnwPr4L 1ChYlJqeWpGWmVOCkGbi4AQZzgM0PBqkhre4IDG3ODMdIn+K0ZKjbeWTNmaOGy9eA8lpy960 MQux5OXnpUqJ8+4GaRAAacgozYObCUoAiz6v3/SKURzoRWHeRSBVPMDkATf1FdBCJqCF5zeG giwsSURISTUwOi1Iqbi33OxByJWFh9RP/L+apZLSIluXOdnbo6lZ7FHrki1Z0U/27ZuwuJNb mrPVaf5SZeYPPIYWclyXOnx4Bfg0b/xnVnhh6dNkcUWSx2vVigQf7zuHtaL2z16S8P3X5c2c dbOcMxcfnfAnI9JsDwe/dnl7cbJO1gyrh6zcZ37+Odzget1ciaU4I9FQi7moOBEAclvhzdsC AAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/FSUXrsOj4mhuu6GY-v7fscBMAVQ>
Subject: [secdir] secdir review of draft-ietf-pce-pcep-exp-codepoints-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2018 03:49:51 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: ready The security considerations section seems reasonable. The warning about receiving conflicting experimental codepoints from another system seems a little out of place if this were a protocol exposed to the Internet at large. (An implementation should in general handle all unexpected inputs, accidental or malicious, in a way to avoid harmful consequences.) On the other hand, like many routing-related protocols, PCEP doesn't seem to have very strong integrity or authentication properties and instead relies on filtering, physical measures, or lower layers such as TCP-AO. Best regards, -Taylor