[secdir] SECDIR Review of draft-zeilenga-ldap-dontusecopy-08
Phillip Hallam-Baker <hallam@gmail.com> Thu, 07 October 2010 00:42 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E597D3A7015; Wed, 6 Oct 2010 17:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.397
X-Spam-Level:
X-Spam-Status: No, score=-2.397 tagged_above=-999 required=5 tests=[AWL=0.201, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zt1hiaDhdvUU; Wed, 6 Oct 2010 17:42:33 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id 0543A3A6EB3; Wed, 6 Oct 2010 17:42:31 -0700 (PDT)
Received: by wwj40 with SMTP id 40so143677wwj.13 for <multiple recipients>; Wed, 06 Oct 2010 17:43:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=6oluo8mEUCOg46O90oBTlK0LgvM2qsKzVrlytsRAWyQ=; b=t20vu5mpCioBetpElSt5FY61DAlE9x4BTuzO2hOPAtyRO5z4+pUpK1iWTuDTlrZ8Sx 6tgN1qwTUlGLs/MniCKt8w5IoIa2v49aw0fJrQ2HyppLOL08I0vBv5iIh95qM2qNtmbR rovJuCYcY5QtPiQscUe9s/n7tgmCLO4fGgj70=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=dpYlaMBajTpp5/XIYtVp686U/Osp+a6C3r9jXyzQfvzpgWg8wPBt4+FHqXdU1UrqjN mwezfRmjbcBB7nUeXqhvu1lLwcYH5Gd+058i5UTPHPt3ljBAGKvhrCuHB5VPbckiKmfc PaxeSVTa1no+mvS8P/1aFVKTAzvnGpNKz0l9o=
MIME-Version: 1.0
Received: by 10.216.186.207 with SMTP id w57mr1572015wem.19.1286412192266; Wed, 06 Oct 2010 17:43:12 -0700 (PDT)
Received: by 10.216.166.9 with HTTP; Wed, 6 Oct 2010 17:43:12 -0700 (PDT)
Date: Wed, 06 Oct 2010 20:43:12 -0400
Message-ID: <AANLkTi=MGYU+9WrYgq2aa47cnZ_+2aP0vBODKcPsbsxy@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: secdir@ietf.org, iesg@ietf.org, Kurt.Zeilenga@Isode.COM
Content-Type: multipart/alternative; boundary="001485f1e2e8c13a4d0491fc2d56"
Subject: [secdir] SECDIR Review of draft-zeilenga-ldap-dontusecopy-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2010 00:42:35 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes what is essentially a 'send original, not cached flag' for LDAP. Only security issue I can see here is that the following does not give the purpose very clearly. 4. Security Considerations This control is intended to be provided where providing service using copied information might lead to unexpected application behavior. Designers of directory applications should consider where it is appropriate for clients to provide this control. Designers should consider whether use of copied information, in particular security and policy information, may result insecure behavior. I would suggest the following instead 4. Security Considerations This control is intended to be provided where providing service using copied information might lead to unexpected application behavior. Use of the Don't Use Copy control may permit an attacker to perform or amplify a Denial of Service attack by causing additional server resources to be employed. LDAP is frequently used for storage and distribution of security sensitive information, including access control and security policy information. Failure to use the Don't Use Copy control may thus permit an attacker to gain unauthorized access by allowing reliance on stale data. The meaning is unchanged, but the additional context might help the reader. -- Website: http://hallambaker.com/
- [secdir] SECDIR Review of draft-zeilenga-ldap-don… Phillip Hallam-Baker
- Re: [secdir] SECDIR Review of draft-zeilenga-ldap… Alexey Melnikov