Re: [secdir] secdir review of draft-templin-aero-10
Fred Templin <fltemplin@yahoo.com> Mon, 23 April 2012 16:31 UTC
Return-Path: <fltemplin@yahoo.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DA6B21F85BE for <secdir@ietfa.amsl.com>; Mon, 23 Apr 2012 09:31:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.184
X-Spam-Level:
X-Spam-Status: No, score=-0.184 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxKViHwhCPPs for <secdir@ietfa.amsl.com>; Mon, 23 Apr 2012 09:31:08 -0700 (PDT)
Received: from nm10-vm0.bullet.mail.bf1.yahoo.com (nm10-vm0.bullet.mail.bf1.yahoo.com [98.139.213.147]) by ietfa.amsl.com (Postfix) with SMTP id 2F2FD21F859F for <secdir@ietf.org>; Mon, 23 Apr 2012 09:31:08 -0700 (PDT)
Received: from [98.139.212.149] by nm10.bullet.mail.bf1.yahoo.com with NNFMP; 23 Apr 2012 16:31:07 -0000
Received: from [98.139.215.248] by tm6.bullet.mail.bf1.yahoo.com with NNFMP; 23 Apr 2012 16:31:07 -0000
Received: from [127.0.0.1] by omp1061.mail.bf1.yahoo.com with NNFMP; 23 Apr 2012 16:31:07 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 646961.32276.bm@omp1061.mail.bf1.yahoo.com
Received: (qmail 44981 invoked by uid 60001); 23 Apr 2012 16:31:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1335198667; bh=gLrxemWWxge/oCwF4ZSptwmknZK1dvscWBH3kMxfYDk=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=0Ei0CYh5mOnqsx7JHbQcQMQbdec4F1CuqESG9lk33UjqigzYNz30NI82QdDj0UPNVZ1XvZ5QhtyMGCDC6y67sDmfkm7oqkKyDE/nvDNZDyWMhX0X9X3YTfoZXmYsIte/WZ6qdLfTWfKlqJDol7zHtDweUvMJZ9FT3fl/G6yldog=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=tLfZmMQ6z0tMPhaeV6YdUtI/FMVwAg0tz/wLDOhWLRGQFRgMjHATlHIlecZfTIjmM32HbsDNkI7hcN9h7xcadTyF01l33zBCi+a/9T1G71i4sjFCQVEooS27991tj7DgrU4cm9x+C4M2Y5hY0mHWiJ6o7BGFcYDHpxq/M1ei/Kw=;
X-YMail-OSG: ZlCLLyYVM1lkj6ykm4fhV8A.6EKiptt70W5sR4pLRJ.cYup sk7YFyxBv5PbSNa_A7ffDu18detk8EhWhp.QJ0FMTc6SbGGXTNPJ9UBGj8ud pVLvn1Vsoq03g5PckQasBNshyX_0xsGcMGfOHb7wmeRwTfBCj.vLhi_mcvRI wk0RR2CpzCKM9pcFYkZdqCUibS0TeB85UsqUNaWPx.rnDheWp1gAN32WpG6u XKycwZpIpn_WqsfYlMO5WYwTVr6h6lz3ijtFlDyqNjpv6iHoS.a96_hMr3dg nojSqs.Dew_9Oj1pe5zfEgnAZRCHoGXZLKfhTn18O.H7j7L4i9mEjC7EbgtW y2Jf6GCGf3J0eQS0PyMgq_h7pMlN4Ec10Eq23RiyIcwasjUEJkGgP_CWX0JJ pxQaAs8B3uYR0f.3dgVJLdr7h5YLyFrajFfBi3CsOzitQGXnmCgMjgmDHVz0 6Yz8ed0l16ZsrwIJo8J3641fstXkZeLHEDCJPQzJ5XfF4nHx.
Received: from [130.76.32.197] by web161601.mail.bf1.yahoo.com via HTTP; Mon, 23 Apr 2012 09:31:07 PDT
X-Mailer: YahooMailWebService/0.8.117.340979
References: <36214B77-821E-47B9-8349-A89D2800E24C@cisco.com>
Message-ID: <1335198667.40720.YahooMailNeo@web161601.mail.bf1.yahoo.com>
Date: Mon, 23 Apr 2012 09:31:07 -0700
From: Fred Templin <fltemplin@yahoo.com>
To: Joe Salowey <jsalowey@cisco.com>, "secdir@ietf.org" <secdir@ietf.org>, The IESG <iesg@ietf.org>, "draft-templin-aero.all@tools.ietf.org" <draft-templin-aero.all@tools.ietf.org>
In-Reply-To: <36214B77-821E-47B9-8349-A89D2800E24C@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="-83809723-123150112-1335198667=:40720"
X-Mailman-Approved-At: Mon, 23 Apr 2012 09:56:22 -0700
Subject: Re: [secdir] secdir review of draft-templin-aero-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Fred Templin <fltemplin@yahoo.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2012 16:31:09 -0000
Hello Joe, Thank you for these comments. Please see attached for my proposed resolutions: Fred fltemplin@acm.org >________________________________ > From: Joe Salowey <jsalowey@cisco.com> >To: secdir@ietf.org; The IESG <iesg@ietf.org>; draft-templin-aero.all@tools.ietf.org >Sent: Sunday, April 22, 2012 3:00 PM >Subject: secdir review of draft-templin-aero-10 > >I have reviewed this document as part of the security directorate's >ongoing effort to review all IETF documents being processed by the >IESG. These comments were written primarily for the benefit of the >security area directors. Document editors and WG chairs should treat >these comments just like any other last call comments. > >I apologize for the delay in getting this review out. Hopefully it is still useful. > >This first set of comments is primarily for the authors. > >1. In section 4.4.4 on Data origin authentication the last paragraph states that only the 3rd of the above conditions is acceptable, do you really mean the 4th? >2. In section 4.4.4 there is reference to the packet including a digital signature to authenticate the origin. What is the signature mechanism? Is this SEND or something different? I did not see a reference to it. >3. The security considerations do not say much about the consequences of trusting an inappropriate intermediate router, ingress node or egress node. Clearly DOS to the ingress node is a possibility. Data modification and disclosure can be a goal of an attacker who tries to control the routing. Are there other issues the reader should be aware of (perhaps other DOS attacks such as amplification attacks). Anything outside the considerations of RFC4861)? >4. The security consideration section indicates that spoofing protection can be provided by links that provide link layer security mechanisms. Link Layer security mechanisms may or may not help. I believe more information is needed here. L2 mechanisms may not provide adequate protection of upper layer address bindings. In some cases L2 mechanisms do not provide source origin authentication such as multicast traffic protected with the group key in WiFi and group security associations in 802.1AE (MACSEC). > >This set of comments is mostly for the area directors: > >1. I am mostly concerned about the lack of definition for the digital signature mechanism. Perhaps this is easily rectified by a reference to an existing specification. Its not clear to me what the specification would be (perhaps SEND??)? Is something needed in addition? >2. The risks of not securing the proposal are not defined in the security considerations section. I think this would be helpful, but may not be strictly necessary. There is some mention of Link-Layer security helping in some aspects of this, but its not clear on what characteristics the lower layer security needs to provide. > >Cheers, > >Joe > >
- [secdir] secdir review of draft-templin-aero-10 Joe Salowey
- Re: [secdir] secdir review of draft-templin-aero-… Fred Templin
- Re: [secdir] secdir review of draft-templin-aero-… Fred Templin
- Re: [secdir] secdir review of draft-templin-aero-… Joe Salowey
- Re: [secdir] secdir review of draft-templin-aero-… Fred Templin
- Re: [secdir] secdir review of draft-templin-aero-… Joe Salowey
- Re: [secdir] secdir review of draft-templin-aero-… Sean Turner
- Re: [secdir] secdir review of draft-templin-aero-… Fred L. Templin
- Re: [secdir] secdir review of draft-templin-aero-… Fred L. Templin