Re: [secdir] Secdir last call review of draft-ietf-manet-dlep-pause-extension-05
Lou Berger <lberger@labn.net> Wed, 03 April 2019 22:07 UTC
Return-Path: <lberger@labn.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 473E61202A6 for <secdir@ietfa.amsl.com>; Wed, 3 Apr 2019 15:07:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zeibDU5dCKz2 for <secdir@ietfa.amsl.com>; Wed, 3 Apr 2019 15:07:04 -0700 (PDT)
Received: from outbound-ss-879.bluehost.com (outbound-ss-879.bluehost.com [69.89.30.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3CAA120161 for <secdir@ietf.org>; Wed, 3 Apr 2019 15:07:03 -0700 (PDT)
Received: from cmgw11.unifiedlayer.com (unknown [10.9.0.11]) by gproxy2.mail.unifiedlayer.com (Postfix) with ESMTP id 20ED31E0AA8 for <secdir@ietf.org>; Wed, 3 Apr 2019 16:06:59 -0600 (MDT)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id Bo26hjhbJVLCbBo26hE78Q; Wed, 03 Apr 2019 16:06:59 -0600
X-Authority-Reason: nr=8
X-Authority-Analysis: $(_cmae_reason
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:From:References:Cc:To:Subject:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=EVFLSlff3169fHxVIx7BmZdbAN+X+HYRKuKOIht76G0=; b=w4hXRXVkZeAnSc7HaPU8kFhPcM TY5NDh+EUzt2RqHnMG9zEWByk/Hee7zoc9IjIKat8hdy2b2p2a2N5q2xFgz2S6txEFAZv1n50MJul GFV+Kk9rMGqx25U6sknVoP2Qp;
Received: from pool-72-66-11-201.washdc.fios.verizon.net ([72.66.11.201]:47382 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <lberger@labn.net>) id 1hBo26-000ow6-On; Wed, 03 Apr 2019 16:06:58 -0600
To: Stephen Kent <kent@alum.mit.edu>, secdir@ietf.org
Cc: draft-ietf-manet-dlep-pause-extension.all@ietf.org, manet@ietf.org, ietf@ietf.org
References: <155309526492.14741.18141095676597911076@ietfa.amsl.com>
From: Lou Berger <lberger@labn.net>
Message-ID: <6dddf23c-806a-d8ab-7f65-ac7b0855deac@labn.net>
Date: Wed, 03 Apr 2019 18:06:57 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1
MIME-Version: 1.0
In-Reply-To: <155309526492.14741.18141095676597911076@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 72.66.11.201
X-Source-L: No
X-Exim-ID: 1hBo26-000ow6-On
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-72-66-11-201.washdc.fios.verizon.net ([IPv6:::1]) [72.66.11.201]:47382
X-Source-Auth: lberger@labn.net
X-Email-Count: 2
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/PVJhOnQ8_Q27uwpt4fGkrThbHOo>
Subject: Re: [secdir] Secdir last call review of draft-ietf-manet-dlep-pause-extension-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 22:07:08 -0000
Hi Steve, Thanks for the comments! On 3/20/2019 11:21 AM, Stephen Kent via Datatracker wrote: > Reviewer: Stephen Kent > Review result: Has Nits > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written with the intent of improving security requirements and > considerations in IETF drafts. Comments not addressed in last call may be > included in AD reviews during the IESG review. Document editors and WG chairs > should treat these comments just like any other last call comments. > > Review Summary: Ready with nits > > This brief document defines and extension to DLEP That enables a modem to use > DLEP to pause and resume inbound traffic from a specific peer. DLEP (RFC 8175) > cites GTSM as a security mechanism, which is rather weak, but it says that > implementations SHOULD use TLS (1.2), which is fine. > > The text states that “An example of when a modem might send this data item is > when an internal queue length exceeds a particular threshold.” However, all of > details of this data item seem to focus exclusively on queues. Thus it seems > likely that this is not just an example, but, rather, the primary motivation > for introducing the pause extension. A slight rewording of the text here seems > appropriate, or the authors could describe other (not-queue-based) examples. fair point, how about: OLD: An example of when a modem might send this data item is when an internal queue length exceeds a particular threshold. NEW: The motivating use case is for this data item is when a modem's internal queue length exceeds a particular threshold. Other use cases are possible, e.g., when there a non queue related congestion points within a modem, but such are not explicitly described in this document. > The Security Considerations section of 8175 addresses a reasonable range of > concerns. Thus it is appropriate that this document’s Security Considerations > section is very brief, as it cites the corresponding section in 8175. I suggest > a couple of minor change to the wording here: > > “The extension does not inherently introduce any additional threats … > -> > “The extension does not inherently introduce any additional vulnerabilities …” > > “ … but this is not a substantively different threat by …” > -> > “ … but this is not a substantively different attack by …” > > There are numerous examples of awkward/poor phrasing throughout the document, > which I hope the RFC Editor will correct, e.g., > > Abstract: > “…to the DLEP protocol …” -> “… to DLEP …” Hopefully these have already been corrected, if not I'm sure the editor will help us out. > page 7: > > “A modem can indicate that traffic is to be suppressed on a device wide or > destination specific basis.” > > “A modem can indicate that traffic is to be suppressed on a device- wide or > destination-specific basis.” Thanks. > “This includes that to indicate that transmission can resume to all > destinations …” > > “Thus, to indicate that transmission can resume to all destinations, …” I'm not sure thus is quite right, but will revise! Thanks again!, Lou > >
- [secdir] Secdir last call review of draft-ietf-ma… Stephen Kent via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Lou Berger
- Re: [secdir] Secdir last call review of draft-iet… Stephen Kent