[secdir] Secdir review of draft-cardenas-dff

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 19 February 2013 21:40 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC87C21E8064 for <secdir@ietfa.amsl.com>; Tue, 19 Feb 2013 13:40:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.591
X-Spam-Level:
X-Spam-Status: No, score=-102.591 tagged_above=-999 required=5 tests=[AWL=0.008, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sU-MIxyne35G for <secdir@ietfa.amsl.com>; Tue, 19 Feb 2013 13:40:36 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 548BB21E8050 for <secdir@ietf.org>; Tue, 19 Feb 2013 13:40:36 -0800 (PST)
Received: from [10.20.30.90] (50-1-98-12.dsl.dynamic.sonic.net [50.1.98.12]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id r1JLeYJM050254 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <secdir@ietf.org>; Tue, 19 Feb 2013 14:40:35 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <308C8DD6-3F66-453A-9AE3-C6C8DA5F3E96@vpnc.org>
Date: Tue, 19 Feb 2013 13:40:34 -0800
To: secdir <secdir@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
Subject: [secdir] Secdir review of draft-cardenas-dff
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2013 21:40:37 -0000

Greetings again. draft-cardenas-dff, "Depth-First Forwarding in Unreliable Networks (DFF)", describes an experimental protocol that lets the network try to heal routing problems with messages in the data plane (instead of in the control plane). The protocol will change the routing of future packets in a way very similar to routing changes do today.

The security considerations section seems complete well thought-out. Basically, it says "content of redirected packets is out of scope, as is upper-layer security", which seems fine. It discusses the main concerns, which is this protocol making some denial-of-service attacks a bit easier, and does so fairly completely.

--Paul Hoffman