Re: [secdir] Secdir review of draft-ietf-mpls-tp-mip-mep-map-09
"Adrian Farrel" <adrian@olddog.co.uk> Sat, 07 September 2013 03:25 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5A9321F9DA3; Fri, 6 Sep 2013 20:25:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dt8WHW8aSbKf; Fri, 6 Sep 2013 20:24:56 -0700 (PDT)
Received: from asmtp1.iomartmail.com (asmtp1.iomartmail.com [62.128.201.248]) by ietfa.amsl.com (Postfix) with ESMTP id 4499C21F9D17; Fri, 6 Sep 2013 20:24:55 -0700 (PDT)
Received: from asmtp1.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id r873OskV021317; Sat, 7 Sep 2013 04:24:54 +0100
Received: from 950129200 ([119.225.221.74]) (authenticated bits=0) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id r873OlQP021289 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sat, 7 Sep 2013 04:24:51 +0100
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Vincent Roca' <vincent.roca@inria.fr>
References: <20500220-AB0E-46C7-B3EE-5738C7D8446F@inria.fr>
In-Reply-To: <20500220-AB0E-46C7-B3EE-5738C7D8446F@inria.fr>
Date: Sat, 07 Sep 2013 04:24:47 +0100
Message-ID: <0bb101ceab79$d1c0d070$75427150$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHNVAcSvtuGrBOkL1i0/8IXDm1dx5m8Segg
Content-Language: en-gb
Cc: 'IESG' <iesg@ietf.org>, draft-ietf-mpls-tp-mip-mep-map.all@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-mpls-tp-mip-mep-map-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Sep 2013 03:25:03 -0000
Hi Vincent, Thanks for your time. > This document refers to [RFC6371] and [RFC6941] for detailed security > discussions. I have no problem with that. However I have two comments: > > 1/ It says: > "Implementations therefore are required to offer security mechanisms > for OAM. Deployments are strongly advised to use such mechanisms." > These sentences do not use the RFC2119 key words. Is that deliberate? Yes. This is an Informational and Design Considerations document, not a protocol spec. The normal English language seemed perfectly fine for conveying the consensus of the WG. > 2/ I really have problems understanding the following claim: > "Mixing of per-node and per-interface OAM on a single node is not > advised as OAM message leakage could be the result." > Can you be more explicit in the I-D? It's important since it's probably not > discussed in [RFC6371] and [RFC6941]. It seemed to the authors (and the WG - in fact, I recall this text coming from the WG review) that an implementation that attempts to handle per interface OAM and per node OAM is almost certain to get confused and send the wrong OAM messages at the wrong time. I would not go as far as to suggest that the quoted text is particularly important, and the only way I can think to clarify it would be by adding "unless an implementation is particularly well designed and tested." > Minor comments: > > ** MEP is used without being defined. You're right! Amazed that it slipped through. Thanks. Cheers, Adrian
- [secdir] Secdir review of draft-ietf-mpls-tp-mip-… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-mpls-tp-… Adrian Farrel