Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05

Eric Osborne <eric@notcom.com> Wed, 14 May 2014 12:49 UTC

Return-Path: <eric@notcom.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 060231A0074 for <secdir@ietfa.amsl.com>; Wed, 14 May 2014 05:49:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dO11CkfxxU0c for <secdir@ietfa.amsl.com>; Wed, 14 May 2014 05:49:28 -0700 (PDT)
Received: from mail-yh0-f49.google.com (mail-yh0-f49.google.com [209.85.213.49]) by ietfa.amsl.com (Postfix) with ESMTP id A45641A0078 for <secdir@ietf.org>; Wed, 14 May 2014 05:49:26 -0700 (PDT)
Received: by mail-yh0-f49.google.com with SMTP id c41so1595013yho.8 for <secdir@ietf.org>; Wed, 14 May 2014 05:49:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=4DHr0P9AsqbPYJEYYeo23pMtTTP1gdbGXGQ6+2vRe1I=; b=jEugzeka776PNfZD/ek2ZKm/4VC6rpoUZfUy2i1teJkCwVa+jHMfp1+swc7s7ZGWo6 9k0kzu2Uynf5X3DVmsY7beCyOXkK2AHsB6FYWnQtjr+3/vFJUbSs5itwP1g43mnJQl6Z dnpZFAp0T/CtMzuMiX+Mif3lTJL8W2fxti+gmcnH12EbSgO2hRy/IqVHTqU7ga/+L+4W AcrJbcfTzMmBHlKsGCR87YBeOsnVfcMA3A+sc+sxkXqNmct5OAnX/WUX+acBQiY+p8Mm V2o4m1VHWltDT3Y/ypmjWPxppFzc4lDrAPH051oEhV+JwewBK98qxY13n2XOtrE1hOLx v8fw==
X-Gm-Message-State: ALoCoQkysOi265psbqqNBxCsBxb5XTea1zgqteIhJ3kjykjQRZEKjkyEwA3fdKp4nVN+KKcLeTop
MIME-Version: 1.0
X-Received: by 10.236.93.195 with SMTP id l43mr5314661yhf.40.1400071759788; Wed, 14 May 2014 05:49:19 -0700 (PDT)
Received: by 10.170.60.20 with HTTP; Wed, 14 May 2014 05:49:19 -0700 (PDT)
In-Reply-To: <08c801cf6e05$0d200d90$276028b0$@olddog.co.uk>
References: <EA9D0543-BF2E-40B9-BA7A-76F145E64CA7@inria.fr> <08c801cf6e05$0d200d90$276028b0$@olddog.co.uk>
Date: Wed, 14 May 2014 08:49:19 -0400
Message-ID: <CA+97oKPfUSyTOWYqut1dyhGWjU4Stto9-EkErjCN7x1M7RD+Eg@mail.gmail.com>
From: Eric Osborne <eric@notcom.com>
To: Adrian Farrel <adrian@olddog.co.uk>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/IWmODi1QUGydnl_DRForAg9CcU0
X-Mailman-Approved-At: Wed, 14 May 2014 05:51:33 -0700
Cc: secdir@ietf.org, IESG <iesg@ietf.org>, "draft-ietf-mpls-psc-updates@tools.ietf.org" <draft-ietf-mpls-psc-updates@tools.ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 12:49:29 -0000

Does 6941 go down as normative or informative?  My guess is informative.




eric

On Mon, May 12, 2014 at 1:10 PM, Adrian Farrel <adrian@olddog.co.uk> wrote:
> Hi Vincent,
>
>
>
> Good points, but s/6378/6941/
>
>
>
> Adrian
>
>
>
> From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Vincent Roca
> Sent: 12 May 2014 18:03
> To: IESG; draft-ietf-mpls-psc-updates@tools.ietf.org; secdir@ietf.org
> Cc: Vincent Roca
> Subject: Secdir review of draft-ietf-mpls-psc-updates-05
>
>
>
> Hello,
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
>
>
> IMHO, the document is Almost ready.
>
>
>
>
>
> The author claims this document "raise[s] no new security concerns".
>
> I think the author is right, however I have two comments:
>
>
>
> - it's preferable to mention explicitely that RFC 6378 provides the baseline
>
>   security discussion and that it also applies to the present document.
>
>
>
> - Making sure an implementation behaves correctly in front of malformed
>
>   messages is typically something that should be mentioned/discussed in the
>
>   Security Section. This is the case in section 2.3 "Error handling".
>
>   Can an attacker through malformed/unexpected messages (e.g., with fuzzing)
>
>   launch a DoS?
>
>   I don't suggest to move section 2.3 in the Security Discussion section,
> but
>
>   rather to add a sentence in the Security Section explaining that this
> document
>
>   in section 2.3 also clarifies how to react in front of
> malformed/unexpected
>
>   messages (which is essential from a security point of view).
>
>
>
> Cheers,
>
>
>
>     Vincent