[secdir] secdir review of draft-ietf-pwe3-redundancy-06
Radia Perlman <radiaperlman@gmail.com> Mon, 19 March 2012 22:22 UTC
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF5DC21F885D; Mon, 19 Mar 2012 15:22:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.843
X-Spam-Level:
X-Spam-Status: No, score=-3.843 tagged_above=-999 required=5 tests=[AWL=-0.244, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5YyratlH7fQy; Mon, 19 Mar 2012 15:22:23 -0700 (PDT)
Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id AC38121F885C; Mon, 19 Mar 2012 15:22:22 -0700 (PDT)
Received: by eaaq11 with SMTP id q11so3047198eaa.31 for <multiple recipients>; Mon, 19 Mar 2012 15:22:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=igMBIxRhnLPn5RER0beZmS0wBo9KVGjilHjjLogY+aY=; b=vA3uhnZlXNdOoj+HCNcXq+oQjaI02olDVXYF8iJ3UNfdFHf8W1MEvNFr4AKb5/X4jG RktT4B9XPuqjfeN4bDLvOPRxCZ1VA7DmixfVIrWxGSlCQT9sFTN1Wh1ZN2IM/sPIpOUU Nwp2BKHVdwHLhnvNF7JH2bOS9rv4VsGDXElygcRM9m0LaXd16WIav8pCh6iGsFmrHL9Y XJcnC1cIDRVvH+0yruOWlyBfjKS0FqG8ih8hqFGgIIntCGHwXDj7heVAs20TCxyN9ecD m54kNHd99RiZFTzlWToqV9Goy6lxCSl2s2xs9K9OP1reW6Fy2fi8jmXIgET2PVzNItmy jiNA==
MIME-Version: 1.0
Received: by 10.213.15.130 with SMTP id k2mr644747eba.129.1332195741686; Mon, 19 Mar 2012 15:22:21 -0700 (PDT)
Received: by 10.213.19.129 with HTTP; Mon, 19 Mar 2012 15:22:21 -0700 (PDT)
Date: Mon, 19 Mar 2012 15:22:21 -0700
Message-ID: <CAFOuuo5TLJpkwrej_J06mKTH2Y70yF-rvYDn2x06QQJFmCpA6g@mail.gmail.com>
From: Radia Perlman <radiaperlman@gmail.com>
To: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-pwe3-redundancy.all@tools.ietf.org
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Subject: [secdir] secdir review of draft-ietf-pwe3-redundancy-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 22:22:24 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This is a requirements document (intended as informational) for a routing protocol. At this level of abstraction, I don’t think there are any interesting security issues. There are some messages in the protocol that need to be communicated securely, and the security considerations section references some other RFCs and says the new messages will “inherit at least the same security properties” as the messages in those other RFCs. I didn’t look up what kind of protection existed there. The interesting routing protocol issue has to do with nesting of routing algorithms and the needed multipliers in timeouts. It would appear that pseudo-wires run over a conventional routed infrastructure and also connect parts of a conventional routed infrastructure. The spec assumes that failures within the inner routed infrastructure will heal themselves quickly enough to not be noticed by the pwe3 redundancy protocol (if they are capable of healing at all), and that pseudo-wire failover (triggered by this inner failure) will happen quickly enough to not disrupt the routing protocol that is running over the pseudo-wires. But that requirement is not explicitly acknowledged in the document, and it intuitively seems like a significant challenge. Micro-level issues: In terminology (section 2), the Primary PW is defined as the one that will be used when any one will do, and that if it goes down and comes back the PW will revert to it. But it also defines non-revertive protection switching as an option where the traffic will not switch back to the primary unless the secondary fails, and in section 4.1 it says that non-revertive protection MUST be supported and revertive is optional. Typos: Section 4.1: besupported -> be supported suported -> supported Section 4.2: Orphaned bullet
- [secdir] secdir review of draft-ietf-pwe3-redunda… Radia Perlman
- [secdir] secdir review of draft-ietf-mpls-tp-oam-… Tina TSOU
- Re: [secdir] secdir review of draft-ietf-pwe3-red… Stewart Bryant
- Re: [secdir] secdir review of draft-ietf-pwe3-red… Bocci, Matthew (Matthew)
- Re: [secdir] secdir review of draft-ietf-mpls-tp-… Sprecher, Nurit (NSN - IL/Hod HaSharon)
- Re: [secdir] secdir review of draft-ietf-mpls-tp-… Tina TSOU