IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-pwe3-redundancy-06

Stewart Bryant <stbryant@cisco.com> Thu, 05 April 2012 17:03 UTC

Return-Path: <stbryant@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1A6B21F8775; Thu, 5 Apr 2012 10:03:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.479
X-Spam-Level:
X-Spam-Status: No, score=-110.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rTNtwB8SW4VQ; Thu, 5 Apr 2012 10:03:35 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id BD87721F8767; Thu, 5 Apr 2012 10:03:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=stbryant@cisco.com; l=2567; q=dns/txt; s=iport; t=1333645415; x=1334855015; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=nh3VLII6ax8/QTKFtpL5/VSr+/L/qpOrvOt2Lkrmf3Q=; b=iC6R4W3VVxKGgoJpphzNWUWxHbmq+j02YPSedViarUF0hJa/Ddb3/XJb BQOAxcCTdVA5cuztbipPC0dKUBFLB+gnvf1ynxwQvUoqZAymYOrEK6I8V gtIuW3y0rU1clrZ1gxfI0jb6nvSal3Z9a56Cm6lRI/sJpGQ7qhL+Okhpe 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAL/PfU+Q/khM/2dsb2JhbABFuG+BB4IJAQEBBBIBAhILAQVAARALGAkWDwkDAgECAUUGDQEHAQEeh2wLmwSDPBCcI5BaBJVrjkuBAmeCaA
X-IronPort-AV: E=Sophos;i="4.75,377,1330905600"; d="scan'208";a="70236693"
Received: from ams-core-3.cisco.com ([144.254.72.76]) by ams-iport-2.cisco.com with ESMTP; 05 Apr 2012 17:03:33 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id q35H3XK9008509; Thu, 5 Apr 2012 17:03:33 GMT
Received: from dhcp-bdlk10-data-vlan300-64-103-107-147.cisco.com (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id q35H3XXq028868; Thu, 5 Apr 2012 18:03:33 +0100 (BST)
Message-ID: <4F7DD065.3030105@cisco.com>
Date: Thu, 05 Apr 2012 18:03:33 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: Radia Perlman <radiaperlman@gmail.com>
References: <CAFOuuo5TLJpkwrej_J06mKTH2Y70yF-rvYDn2x06QQJFmCpA6g@mail.gmail.com>
In-Reply-To: <CAFOuuo5TLJpkwrej_J06mKTH2Y70yF-rvYDn2x06QQJFmCpA6g@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: draft-ietf-pwe3-redundancy.all@tools.ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-pwe3-redundancy-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2012 17:03:35 -0000

Authors

Please can you answer or address these comments

Thanks

Stewart


On 19/03/2012 22:22, Radia Perlman wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> This is a requirements document (intended as informational) for a
> routing protocol.
>
>
>
> At this level of abstraction, I don’t think there are any interesting
> security issues. There are some messages in the protocol that need to
> be communicated securely, and the security considerations section
> references some other RFCs and says the new messages will “inherit at
> least the same security properties” as the messages in those other
> RFCs. I didn’t look up what kind of protection existed there.
>
>
>
> The interesting routing protocol issue has to do with nesting of
> routing algorithms and the needed multipliers in timeouts. It would
> appear that pseudo-wires run over a conventional routed infrastructure
> and also connect parts of a conventional routed infrastructure. The
> spec assumes that failures within the inner routed infrastructure will
> heal themselves quickly enough to not be noticed by the pwe3
> redundancy protocol (if they are capable of healing at all), and that
> pseudo-wire failover (triggered by this inner failure) will happen
> quickly enough to not disrupt the routing protocol that is running
> over the pseudo-wires.
>
>
>
> But that requirement is not explicitly acknowledged in the document,
> and it intuitively seems like a significant challenge.
>
>
>
> Micro-level issues:
>
>
>
> In terminology (section 2), the Primary PW is defined as the one that
> will be used when any one will do, and that if it goes down and comes
> back the PW will revert to it. But it also defines non-revertive
> protection switching as an option where the traffic will not switch
> back to the primary unless the secondary fails, and in section 4.1 it
> says that non-revertive protection MUST be supported and revertive is
> optional.
>
>
>
> Typos:
>
>
>
> Section 4.1:
>
> besupported ->  be supported
>
> suported ->  supported
>
>
>
> Section 4.2:
>
> Orphaned bullet
>


-- 
For corporate legal information go to:

http://www.cisco.com/web/about/doing_business/legal/cri/index.html

v2.23.0 | Report a Bug | By Email