Re: [secdir] Security review of draft-ietf-rmcat-wireless-tests-08
Mirja Kuehlewind <ietf@kuehlewind.net> Fri, 21 February 2020 09:59 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 344ED1200C5; Fri, 21 Feb 2020 01:59:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dhde4hOfbpnd; Fri, 21 Feb 2020 01:59:49 -0800 (PST)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32A2F1200B6; Fri, 21 Feb 2020 01:59:49 -0800 (PST)
Received: from 200116b824c4be0061570d07dc536186.dip.versatel-1u1.de ([2001:16b8:24c4:be00:6157:d07:dc53:6186]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1j555t-0007Re-00; Fri, 21 Feb 2020 10:59:37 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mirja Kuehlewind <ietf@kuehlewind.net>
In-Reply-To: <202001210619.00L6JdAc025427@rumpleteazer.rhmr.com>
Date: Fri, 21 Feb 2020 10:59:36 +0100
Cc: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-rmcat-wireless-tests.all@tools.ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <49CC1810-636F-4655-BD4C-FD2FE727F3EE@kuehlewind.net>
References: <202001210619.00L6JdAc025427@rumpleteazer.rhmr.com>
To: Hilarie Orman <hilarie@purplestreak.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1582279189;be6a9218;
X-HE-SMSGID: 1j555t-0007Re-00
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/FeaxPEXXOJxY2oPhb3UZ-XNy0fg>
Subject: Re: [secdir] Security review of draft-ietf-rmcat-wireless-tests-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2020 09:59:51 -0000
Hi Hilarie, Thanks for this review. Please see below. > On 21. Jan 2020, at 07:19, Hilarie Orman <hilarie@purplestreak.com> wrote: > > Security review of Evaluation Test Cases for Interactive > Real-Time Media over Wireless Networks > draft-ietf-rmcat-wireless-tests-08 > > Do not be alarmed. I generated this review of this document as part > of the security directorate's ongoing effort to review all IETF > documents being processed by the IESG. These comments were written > with the intent of improving security requirements and considerations > in IETF drafts. Comments not addressed in last call may be included > in AD reviews during the IESG review. Document editors and WG chairs > should treat these comments just like any other last call comments. > > The focus of this document is the definition of test cases that can be > used evaluate congestion control algorithms for cellular and Wi-Fi > networks. If the testing is done on isolated testbed networks, there > are are few, if any, security considerations. > > The Security Considerations section mentions safeguards to avoid > "congestion collapse of the Internet" and "leaking non-responsive > traffic from unproven congestion avoidance techniques onto the open > Internet". The former seems overly general (shouldn't all IETF > protocols strive to avoid breaking the Internet?), and I am not at all > sure what the latter means. This document belongs to a set of two documents where the other one is draft-ietf-rmcat-eval-test. Both documents have the same text in the security considerations section and for draft-ietf-rmcat-eval-test we created this text based on the SECDIR review feedback. You are right that this text is rather general but the main purpose was to provide people the right pointers. And yes all protocol should not break the Internet; this is one thing we usually look for in TSV reviews, however, in this case it’s a bit a chicken and egg problem because the whole testing in this doc is about figuring out if the proposed congestion control is safe enough to test on the Internet or not. > > I would recommend that test setups use passwords and keys that are > specific to the test environment, but that is a generic recommendation > for all test environments. It is probably not needed in this > document. I think that is really a point that is out of scope for this document. However, passwords and keys still don’t help if your test setup is wrongly configured and traffic can “escape”. We usually assume that test setups are used that are not connected to the internet at all, or only to ssh into the machines but all other traffic is by default blocked. That’s what’s meant with “avoid leaking”. Mirja > > Hilarie > >
- [secdir] Security review of draft-ietf-rmcat-wire… Hilarie Orman
- Re: [secdir] Security review of draft-ietf-rmcat-… Mirja Kuehlewind