Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05

Eric Osborne <eric@notcom.com> Wed, 14 May 2014 13:03 UTC

Return-Path: <eric@notcom.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47EE21A0078 for <secdir@ietfa.amsl.com>; Wed, 14 May 2014 06:03:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7FmTyDImHowT for <secdir@ietfa.amsl.com>; Wed, 14 May 2014 06:03:25 -0700 (PDT)
Received: from mail-yk0-f178.google.com (mail-yk0-f178.google.com [209.85.160.178]) by ietfa.amsl.com (Postfix) with ESMTP id 0F6971A007C for <secdir@ietf.org>; Wed, 14 May 2014 06:03:24 -0700 (PDT)
Received: by mail-yk0-f178.google.com with SMTP id 20so1504705yks.37 for <secdir@ietf.org>; Wed, 14 May 2014 06:03:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Xqo3Yad8wz+6geHgWIy5SbtUCZpEKf+KNqcXio0wR5I=; b=N1kUnmEOqSUX10ueF+jeC74JtvHO+w1RG23Qezm+lcn/yW3d3fdcrg6P63hP9IAMle vOmw700XcE2l1/1Zm1wIi30lfVSu3aPbpnagbqPURNIPSz811D9wyT8GUYzMhPJf0+e8 Vb6uPnx4rds5Pb1hMujRIaclVs7Zi/OyUOK5aKq5hMZjYK5uqBFwY3enhfraPtRBUtK8 MLIZ4Gc+atho3yQPJRbiqf0jlNY9CdoJTaTSbvXH28cBefptKZhzIoZ2bkJ3v157Chdg 4GSTEvlMUoW3heWAP7g/tHu4Q9qUTCHX7lnVBpp9ZSdr7VG7yjVWk3qe3/cqojeZL1mC KLiw==
X-Gm-Message-State: ALoCoQlqAgk8Q/UZ4tyK7R97VITYSJO6Q4HXMzK3Bu1pV2YdTbZeyw7+szygNt+h1Y71fijw4n45
MIME-Version: 1.0
X-Received: by 10.236.93.195 with SMTP id l43mr5426662yhf.40.1400072598277; Wed, 14 May 2014 06:03:18 -0700 (PDT)
Received: by 10.170.60.20 with HTTP; Wed, 14 May 2014 06:03:18 -0700 (PDT)
In-Reply-To: <EA9D0543-BF2E-40B9-BA7A-76F145E64CA7@inria.fr>
References: <EA9D0543-BF2E-40B9-BA7A-76F145E64CA7@inria.fr>
Date: Wed, 14 May 2014 09:03:18 -0400
Message-ID: <CA+97oKOkkgcDs2bJZO172nrVB8NqPM-=UkOOxNYODtc59PxQ9w@mail.gmail.com>
From: Eric Osborne <eric@notcom.com>
To: Vincent Roca <vincent.roca@inria.fr>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/OYB-Wua3pocKba82d371neYcD6g
Cc: "draft-ietf-mpls-psc-updates@tools.ietf.org" <draft-ietf-mpls-psc-updates@tools.ietf.org>, IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 13:03:26 -0000

...
>
> - Making sure an implementation behaves correctly in front of malformed
>   messages is typically something that should be mentioned/discussed in the
>   Security Section. This is the case in section 2.3 "Error handling".
>   Can an attacker through malformed/unexpected messages (e.g., with fuzzing)
>   launch a DoS?
>   I don't suggest to move section 2.3 in the Security Discussion section,
> but
>   rather to add a sentence in the Security Section explaining that this
> document
>   in section 2.3 also clarifies how to react in front of
> malformed/unexpected
>   messages (which is essential from a security point of view).


I have added this to the security section.  It now reads:

---
7.  Security Considerations

   These changes and clarifications raise no new security concerns.  RFC
   6941 [RFC6941] provides the baseline security discussion for MPLS-TP,
   and PSC (both RFC 6378 and this document) fall under that umbrella.
   Additionally, Section 2.2 clarifies how to react to malformed or
   unexpected messages.

---


Is that sufficient?



eric


>
> Cheers,
>
>     Vincent