[secdir] secdir review of draft-ietf-bfd-rfc5884-clarifications-02

Stephen Kent <kent@bbn.com> Tue, 06 October 2015 20:03 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id E5B5A1B3277 for <secdir@ietfa.amsl.com>; Tue, 6 Oct 2015 13:03:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id R77GdQEfc4jc for <secdir@ietfa.amsl.com>; Tue, 6 Oct 2015 13:03:49 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 313DB1B31FB for <secdir@ietf.org>; Tue, 6 Oct 2015 13:03:49 -0700 (PDT)
Received: from ssh.bbn.com ([]:44292 helo=COMSEC.fios-router.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1ZjYSe-00084D-Kx; Tue, 06 Oct 2015 16:03:45 -0400
To: secdir <secdir@ietf.org>, aldrin.ietf@gmail.com, nobo.akiya.dev@gmail.com, kalyanir@cisco.com, venggovi@cisco.com, 'Jeffrey Haas' <jhaas@pfrc.org>, "Alvaro Retana (aretana)" <aretana@cisco.com>, db3546@att.com
From: Stephen Kent <kent@bbn.com>
Message-ID: <56142920.5080402@bbn.com>
Date: Tue, 6 Oct 2015 16:03:44 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------090608070908070209030002"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/GpH4m9rCBut3tWdYmwaFxpZz71s>
Subject: [secdir] secdir review of draft-ietf-bfd-rfc5884-clarifications-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2015 20:03:51 -0000

I reviewed this document as part of the security directorate's ongoing 
effort to review all IETF documents being processed by the IESG.These 
comments were written with the intent of improving security requirements 
and considerations in IETF drafts.Comments not addressed in last call 
may be included in AD reviews during the IESG review.Document editors 
and WG chairs should treat these comments just like any other last call 

This document is intended to clarify RFC 5584, which describes BFD for 
MPLS LSPs (try saying that quickly 5 times!).

I didn’t find any security problems with this very brief document.

The Security Considerations section refers to the RFC being “clarified” 
and additionally cites RFC 4379. RFC 4379 contains a reasonable Security 
Considerations section. RFC 5584 contains a 1-paragraph Security 
Considerations section that cites 4 RFCs: 5880, 5883, 4379, and 5290. 
RFC 5880 is the base document for BFD, and it contains a 2-page Security 
Considerations section, although several portions of the text are out of 
date. RFC 5883 contains a trivial, 1 paragraph Security Considerations 
section. RFC 4379 contains a decent 1-page Security Considerations 
section. RFC 5290 is the MPLS/GMPLS Security Framework, a substantial 
document discussing security for MPLS.

Considering the focus of this document and its 6-page length, its 
references to the Security Considerations sections of the other RFCs