[secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 26 April 2016 12:48 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AD4B12D1B7; Tue, 26 Apr 2016 05:48:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rhjo2-kYNwPf; Tue, 26 Apr 2016 05:48:12 -0700 (PDT)
Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 093B212D1B6; Tue, 26 Apr 2016 05:48:12 -0700 (PDT)
Received: by mail-lf0-x22d.google.com with SMTP id c126so16507881lfb.2; Tue, 26 Apr 2016 05:48:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to; bh=4j7Fqb5x9Sz91jifcn4FfbxosR8OfyAwrndrpW/n9sI=; b=SiVCANasSg4JKkQhVf5EAxc7reHXEaj+8VXjcM12UzHUrR37kB4jX1Z9p0nUEQ3pmp 4RM2H5ecyGBe7s2e/PStBuQoEGZLPS22Ddna4XwlmpjFlYTlE0kqmVaug5hNeHoZTve+ Ogc/kgiW35YpKyghxjhWCoYysUbtULcxLNwP1GjULq9iBdxV1aCIsEPL0wzAUu1jnuYt 1n/yTeWmxuwqdusdqEuEo1eza3nhaiCJ11PPnOf+ZElaUWbT0lx0c+eAGt0gaWgsmJAt u2GzhJJ+yVFgRiQ61yej094U8wmeD7RfBNZKsoZz1eiPH7W7qD+BMwxEtLUf96Pf5Lc0 dimQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:date:message-id:subject:from :to; bh=4j7Fqb5x9Sz91jifcn4FfbxosR8OfyAwrndrpW/n9sI=; b=j7RDBaBClsP+KcwiEVYmqk5xjzkbjVtlP61IaikF/7pKAWMVq6cgriyQPoTAJ9/+rc fwVcekeFiAel2hNz0u/9wjIC8LANKdyFcwvGe7yOyuPBLifbYZpG3jL/LXMLMUPWsaFg Fm9mIw6r9SDqdKIdhaTUwq9wN/xCmNsscEwvOJEpATU/evl02p+ee/9J6YDgpWSp/gcb 6uocAXTBFq9SWXZF+Z0Z1JMOJpL35t+YwF3P4Jdq0u/sdkPvqjyxiPu8ch0i7yIM22O0 zisnA/J5b1ePnKHKOUlCNKj/kc+EAvo3jLRP5YLbQfct1rRxU/2yk/hGIV1UPfokbkFS NP4g==
X-Gm-Message-State: AOPr4FWMme+w5NvG9y0yceUSf5IuhBk8ikIOKsrXC034CRvrljCWAgF37OcsgOu66Wim5MqHkArJ3sqUOTD/mw==
MIME-Version: 1.0
X-Received: by 10.112.135.4 with SMTP id po4mr1245075lbb.112.1461674890025; Tue, 26 Apr 2016 05:48:10 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.3.102 with HTTP; Tue, 26 Apr 2016 05:48:09 -0700 (PDT)
Date: Tue, 26 Apr 2016 08:48:09 -0400
X-Google-Sender-Auth: kYSLYmBHM62py0cRpcUwahmVtIA
Message-ID: <CAMm+Lwho5C8JzQ92Nk4mQjjhwKG0gvus=xH5G0e6s9smEg=DNg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-pals-seamless-vccv.all@ietf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Pq1B1ZVnVGznwkhjBjGIwOJmdsQ>
Subject: [secdir] SECDIR review of draft-ietf-pals-seamless-vccv-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 12:48:13 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.


This document is an incremental change to a layer 2 virtualization
layer (Software Defined Networking). As such it properly references
RFC5085 for security considerations.

That said, I am a bit surprised at the security considerations in
RFC5085 which points out that denial of service is an issue but not
the introduction of a new set of opportunities for interception. This
is surprising given that BGP interception had already been used in
international hostilities when the RFC was published.

Further the proposed solution is to sprinkle on some magic IPSEC dust
or equivalent. While that might be an appropriate approach in an
experimental protocol, it is hardly adequate for a production protocol
with implications for Internet security as a whole.

Given the critical function of this layer and the date of its
inception, I would expect to see a comprehensive security architecture
developed as part of the overall scheme.