Re: [secdir] Security review of draft-ietf-pce-questions-06

"Adrian Farrel" <> Thu, 17 July 2014 11:58 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 39D951A01DC; Thu, 17 Jul 2014 04:58:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -99.2
X-Spam-Status: No, score=-99.2 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MKBXmGy5QuNT; Thu, 17 Jul 2014 04:58:00 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CA7861A0AD9; Thu, 17 Jul 2014 04:57:59 -0700 (PDT)
Received: from (localhost.localdomain []) by (8.13.8/8.13.8) with ESMTP id s6HBvtrB026815; Thu, 17 Jul 2014 12:57:55 +0100
Received: from 950129200 ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id s6HBvr1Q026778 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 17 Jul 2014 12:57:53 +0100
From: Adrian Farrel <>
To: 'Eric Gray' <>, 'Ben Laurie' <>, 'IETF Discussion List' <>,
References: <> <068f01cf9b53$7fc60b30$7f522190$> <>
In-Reply-To: <>
Date: Thu, 17 Jul 2014 12:57:58 +0100
Message-ID: <041801cfa1b6$5a810b40$0f8321c0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQH4uJ9KXH6Wajq6HAA2wc6J8Axr9gJ/ZfD4AWXJRCqbMtETEA==
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-
X-TM-AS-Result: No--23.044-10.0-31-10
X-imss-scan-details: No--23.044-10.0-31-10
X-TMASE-MatchedRID: gzVbiXtWD9vRhEyb9f1sjvHkpkyUphL9fkSt9GqmKVVcKZwALwMGs49/ 6wlLhvp4qyDt8DBUTDmued80oPVHSslBBl8WJYU/BEfU2vugRF3QFyJP0HTtvja39Upg7qzqp7u eaEkDqTMUCcGijQ+ntadU6xPWHi+4q87gT7hcKkJT46Ow+EhYOH5Lmbb/xUuaZ5yuplze9psDXU JoExxkYST9NCas8YSASAQzjYmjIgFQswgj0HOv3JpWgCLYjjT9oddeo3DnwAvF8BOx7bOWqIzRE xx/TfU2cim13LKEE7DINWYNYTSoY/Gtxj+4NuNiSDkh6bW+bceUWmF9Epiq6krNh1lQnbOZo9t8 5Zz3caier62Ni/rU6ElFud27bG08Y0pFVhY0RJyzI1v7J4hECiR8aOC0Z4AonSPw4pGdVDwbBER RNLx2o9ePBxJDl9ljP9QK0j0PSltCFB88XbRv2T2wBi8e6DsKIaVkFIrQFhscZFsYO/SuCC6rIz 8N2yWt585VzGMOFzABi3kqJOK62QtuKBGekqUpPjKoPgsq7cA=
Subject: Re: [secdir] Security review of draft-ietf-pce-questions-06
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 17 Jul 2014 11:58:02 -0000

Hi Eric,

Ben has clarified...

> I prefer 1 [Add security-related text to each section of this document], that
> way the security advice is likely to be read by whoever reads that section - 
> that is, by the people who are likely to benefit from it.

I've agreed to look at this, but i find myself a tiny bit busy. There is a meeting I have to go to at the end of the week and I have to prepare some material.

Will get to this in due course.


> -----Original Message-----
> From: Eric Gray []
> Sent: 17 July 2014 02:15
> To:; 'Ben Laurie'; 'IETF Discussion List';
> Cc:
> Subject: RE: Security review of draft-ietf-pce-questions-06
> Adrian,
> 	I think it might be useful to have a little more information in the Security
> Considerations section.
> 	For the example Ben gives, for example, the draft could include text in
> the SC section that makes the point Ben made and refers to the RFCs (or other
> places) where these issues have been discussed or addressed.
> 	I am not sure the suggestion was to put security text in each section so
> much as to put pointers to relevant places where (admittedly not new) security
> issues have already been hashed out.
> 	I don't think this would be the first draft that had an SC section listing
> the issues (old or new) that apply to other sections in the same draft.
> --
> Eric
> -----Original Message-----
> From: ietf [] On Behalf Of Adrian Farrel
> Sent: Wednesday, July 09, 2014 4:55 AM
> To: 'Ben Laurie'; 'IETF Discussion List';
> Cc:
> Subject: RE: Security review of draft-ietf-pce-questions-06
> Hi Ben,
> Thanks for taking the time to review this document and for posting your
> comments to the IETF discussion list so that we can consider them as last call
> comments.
> [snip]
> > The security considerations section makes this claim:
> >
> > "This informational document does not define any new protocol elements
> > or mechanism.  As such, it does not introduce any new security
> > issues."
> >
> > I agree with the premise, but not the conclusion: just because an RFC
> > does not introduce new security issues, that does not mean that there
> > are no security considerations.
> >
> > Indeed, this RFC discusses many things that have quite serious
> > security considerations, without mentioning any of them. For example,
> > section 4 "How Do I Find My PCE?" (the very first question) advocates
> > a number of potentially completely insecure mechanisms with no mention
> > of their security properties (or otherwise). This is obviously
> > pervasive, given the stance taken in the security considerations.
> >
> > The document does mention that RFC 6952 gives a security analysis for
> > PCEP, and perhaps this is sufficient but it seems to me that a
> > document intended to give useful background information to noobs
> > should include security directly in that information rather than defer
> > to another giant document (which mixes PCEP info with other
> > protocols).
> I don't believe that this document is strong on "advocacy", but discusses which
> tools are out there and what some people do.
> Previous PCE RFCs have given some attention to security concerns in the use of
> PCE (RFC 4655), PCE discovery (RFC 4674, RFC 5088. RFC 5089), and the PCEP (RFC
> 4657 and RFC 5440). As such, "PCE Security" was not deemed by the authors to be
> a previously "unanswered question" and so did not need attention in this
> document.
> That said, you are correct that the various sections do not discuss the security
> implications relating to those sections. I would be pretty loathe to add security
> text to each section in this document: I think that would make the document
> heavy and less likely to be read by its intended consumers (it is not targeting
> "noobs" although they are welcome to read it).
> Perhaps a solution to this *is* to treat Security as an unanswered question and
> add a section "How Secure is my PCE-Enabled System?" I can't think of a lot to
> add there except for general egg-sucking guidance, but there would be a pointer
> to the TCP-AO discussions currently going on in the WG. What do you think of
> that as a way forward?
> Thanks,
> Adrian