[secdir] Secdir review of draft-ietf-teas-te-express-path-03
"Christian Huitema" <huitema@huitema.net> Tue, 29 September 2015 04:57 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B1AE1A03AA for <secdir@ietfa.amsl.com>; Mon, 28 Sep 2015 21:57:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.801
X-Spam-Level:
X-Spam-Status: No, score=0.801 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gr1iRobg1G1T for <secdir@ietfa.amsl.com>; Mon, 28 Sep 2015 21:57:37 -0700 (PDT)
Received: from xsmtp12.mail2web.com (xsmtp12.mail2web.com [168.144.250.177]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11B851A03A5 for <secdir@ietf.org>; Mon, 28 Sep 2015 21:57:37 -0700 (PDT)
Received: from internal.xmail02.myhosting.com ([10.5.2.12] helo=xmail02.myhosting.com) by xsmtp12.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <huitema@huitema.net>) id 1Zgmys-0006Yo-8I for secdir@ietf.org; Tue, 29 Sep 2015 00:57:36 -0400
Received: (qmail 18569 invoked from network); 29 Sep 2015 04:57:32 -0000
Received: from unknown (HELO huitema1) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <draft-ietf-teas-te-express-path@tools.ietf.org>; 29 Sep 2015 04:57:32 -0000
From: Christian Huitema <huitema@huitema.net>
To: iesg@ietf.org, 'secdir' <secdir@ietf.org>, draft-ietf-teas-te-express-path@tools.ietf.org
Date: Mon, 28 Sep 2015 21:57:36 -0700
Message-ID: <00c301d0fa73$5d0053f0$1700fbd0$@huitema.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00C4_01D0FA38.B0A17BF0"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdD6cUGBKeVv7UUNSbGaXvmeokPjrg==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/IWH4_x3QCs1LSqDRze8FFm_Ujtw>
Subject: [secdir] Secdir review of draft-ietf-teas-te-express-path-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 04:57:39 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is ready for publication as an informational RFC. Draft-ietf-teas-te-express-path provides considerations on the use of performance criteria such as delay, loss and jitter when performing path selection when using routing protocols IS-IS or OSPF. The document warns developers against using poor criteria and causing oscillation. It provides guidance on the handling of paths whose measured criteria have changed. The security section states that This document is not currently believed to introduce new security concerns. Well, I currently believe that the authors may be correct about that. The only potential attack that I can think of would involve subtle manipulations of the criteria measurements in order to induce path oscillations. Such attack scenario does not feel very realistic or very serious. In any case that would not be a new attack due to this specific draft, but rather an existing attack on IS-IS or OSPF. -- Christian Huitema
- [secdir] Secdir review of draft-ietf-teas-te-expr… Christian Huitema