[secdir] Security directorate reveiw of draft-asaeda-mboned-explicit-tracking

Magnus Nyström <magnusn@gmail.com> Fri, 08 November 2013 04:13 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AE8F21E81A7; Thu, 7 Nov 2013 20:13:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1K53dFnEwU4p; Thu, 7 Nov 2013 20:13:42 -0800 (PST)
Received: from mail-we0-x22c.google.com (mail-we0-x22c.google.com [IPv6:2a00:1450:400c:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id B271F21E80A3; Thu, 7 Nov 2013 20:13:41 -0800 (PST)
Received: by mail-we0-f172.google.com with SMTP id q58so1431905wes.17 for <multiple recipients>; Thu, 07 Nov 2013 20:13:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=px+wSKN/7rN+Gs60M9rdqFpphi0ZWRcfGqbkQH5aimI=; b=RrxE+JOLYaBJEHwvvY+n8UfhO3Z8lPuE0jcHvp/scDC75SczvcPqYszTxISQO1LwjL +M/eX8JGrM0Xfu3ZpZCkE/kIzyOmjRekqZg/qJyt+fUDH1/XyuhPk/nSPBuTpRalSZXK q4R/0NvY7/8Xxo5R74eP//Fh8aXdWUHi98MAGQdzajCL7w3j21ZQm7jGi65+zY5HQZMO 8HrHB4B2m2ltnjxdrN9eTAZwU/YpYM9xaSvmdby8oHkZGe9TCaokFPF96S2T3BuAegaz PQZSnqrux9R0c7EflUOjn6kvRsRjw9mphMfnbWDtXgsqx9aKwGA5NLPQiV0TDvPYuX9y OM0Q==
MIME-Version: 1.0
X-Received: by 10.180.160.212 with SMTP id xm20mr620751wib.23.1383884018218; Thu, 07 Nov 2013 20:13:38 -0800 (PST)
Received: by 10.180.93.167 with HTTP; Thu, 7 Nov 2013 20:13:38 -0800 (PST)
Date: Thu, 7 Nov 2013 20:13:38 -0800
Message-ID: <CADajj4bSQv-v1L7HTNo+Z9L9pnPvPU1D5N0U+NXa4hV5nPs2xQ@mail.gmail.com>
From: =?ISO-8859-1?Q?Magnus_Nystr=F6m?= <magnusn@gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-asaeda-mboned-explicit-tracking@tools.ietf.org
Content-Type: multipart/alternative; boundary=047d7b624d3450ff6304eaa29b2b
Cc: "iesg@ietf.org" <iesg@ietf.org>
Subject: [secdir] Security directorate reveiw of draft-asaeda-mboned-explicit-tracking
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2013 04:13:42 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes a tracking function for multicast routers and
proxies, intended to reduce latencies and network traffic, among other
things.

The document seems well written but the security considerations sections
makes vague references to "serious threats" that may be introduced by
malicious hosts on the network yet only states that "abuse" can be
mitigated by limiting the amount of information a router can store (which
seems like a given anyway?). It would be good if the document enumerated
the "serious threats" and their mitigations.

-- Magnus