Re: [secdir] secdir review of draft-ietf-6man-flow-3697bis

Sean Turner <turners@ieca.com> Mon, 11 July 2011 21:01 UTC

Return-Path: <turners@ieca.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1FBC11E81F3 for <secdir@ietfa.amsl.com>; Mon, 11 Jul 2011 14:01:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.384
X-Spam-Level:
X-Spam-Status: No, score=-102.384 tagged_above=-999 required=5 tests=[AWL=0.214, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JW8hfqkzJOQV for <secdir@ietfa.amsl.com>; Mon, 11 Jul 2011 14:01:49 -0700 (PDT)
Received: from nm4-vm0.bullet.mail.sp2.yahoo.com (nm4-vm0.bullet.mail.sp2.yahoo.com [98.139.91.190]) by ietfa.amsl.com (Postfix) with SMTP id 2FC2711E816B for <secdir@ietf.org>; Mon, 11 Jul 2011 14:01:49 -0700 (PDT)
Received: from [98.139.91.61] by nm4.bullet.mail.sp2.yahoo.com with NNFMP; 11 Jul 2011 21:01:46 -0000
Received: from [98.139.91.33] by tm1.bullet.mail.sp2.yahoo.com with NNFMP; 11 Jul 2011 21:01:46 -0000
Received: from [127.0.0.1] by omp1033.mail.sp2.yahoo.com with NNFMP; 11 Jul 2011 21:01:46 -0000
X-Yahoo-Newman-Id: 724481.10743.bm@omp1033.mail.sp2.yahoo.com
Received: (qmail 60283 invoked from network); 11 Jul 2011 21:01:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1310418106; bh=TdUGvhetdTTYAa7588ebYh0mKrSfTmsJE5edGtO6q+Q=; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=wG2UNJJ8RBoePUxKAI/dib20iJY0LLcGO6oSsZUdm4mA8c08T49Zt8IM4pvI5PA4jwicEY94eT2+tE5EOhQOqq43Z+GSumpXgv2uxBA2eyMPAmTrOTNdOIYPo3r+RcWFbYR8JayRnNm791zq54L0RfY4zARr2P/05kk7p0v64pE=
Received: from thunderfish.westell.com (turners@96.231.118.23 with plain) by smtp115.biz.mail.sp1.yahoo.com with SMTP; 11 Jul 2011 14:01:46 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: xniHbAkVM1kqxffnysbLqDXJgb.EY489eg0ppKJJbg8bgMz n80fu0BiGYjVbRwcdCjJzOTagah2hgicqAZs4PrD95ym0nlAo0KuXH99XU8a ZoHAYpQ6rGcNYQiwosLSXacSe6NKB8wvybGZF7wemdQ2qY2kphKpGcj8rc5Q mXiJsZU5KzyH5FsmGmax.FV2Z4uDeK6ezlSyI5CmtZYUsdUurszASQ4JIvuW N_A7j0SUsnXJNoO1wnovitgVPFSZONWmh.zbQKNROWOx7ZjDfBAQSWDJzRti ulfBGNyVs5yNJAKmkDmVDzIE3xf_b6uZlwwyMFwEr0KwELDEoxULpcQDZ7WI hlVCd18SqLG3kxxEjnTBD.lh66gUEd3EPOIGoIhoka2Y-
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4E1B64B8.2020607@ieca.com>
Date: Mon, 11 Jul 2011 17:01:44 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
References: <173612BD-2825-4A21-98C7-CA8BD5639368@bbn.com> <4E1B6309.4050008@gmail.com>
In-Reply-To: <4E1B6309.4050008@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-6man-flow-3697bis@tools.ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-6man-flow-3697bis
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2011 21:01:50 -0000

On 7/11/11 4:54 PM, Brian E Carpenter wrote:
> Richard,
>
> Thanks for the review.
>
> On 2011-07-12 01:17, Richard L. Barnes wrote:
>> I have reviewed this document as part of the security
>> directorate's ongoing effort to review all IETF documents
>> being processed by the IESG.  These comments were written
>> primarily for the benefit of the security area directors.
>> Document editors and WG chairs should treat these comments
>> just like any other last call comments.
>>
>> This document describes how end hosts and intermediate nodes
>> should populate and handle the IPv6 flow label field.  The
>> document spends a fair bit of time discussing security
>> considerations related to the flow label and its relation to
>> IPsec in particular.  Overall, the document does a thorough
>> job of discussing security considerations, and I don't think
>> there's anything they've clearly missed.
>>
>> The only request I would have would be for the authors to add
>> a little more discussion around the "theft of service"
>> threat.  It would be helpful to detail the
>> assumptions/circumstances under which this threat aries --
>> namely that networks provide resources based on flow label
>> and flow label values are set by end hosts.
>
> The difficulty about doing this is that (as the WG wanted) we
> have dropped almost all of the discussion of flow state
> establishment methods, which is really where these risks arise.
> To be frank I think that anything we could add would be
> hand-waving.
>
>> Given the risks
>> that this document discusses, it might be worth considering a
>> recommendation that networks SHOULD NOT make resource
>> allocation decisions based on flow labels without some
>> external means of assurance.  Or some similar warning against
>> making resource decisions on a completely unsecured field.
>
> Yes, that makes sense when *not* in the stateless load
> distribution scenario.
>
>>
>> Also, purely from a terminology perspective, I found the
>> phrase "unintended service" confusing and less accurate than
>> the "better service" phrase used in RFC 3697.  It might be
>> better to spell this out: " ... an adversary may be able to
>> obtain a class of service that the network did not intend to
>> provide ... "
>
> Agreed.
>
> However - the I-D cutoff is upon us, so although I will post an
> update in the next few minutes, I'm afraid these changes will
> not be made before the IESG telechat.

Plan B, which some people hate, is to write up an RFC editor note (i.e., 
OLD/NEW) for Jari.

spt