Re: [secdir] Secdir last call review of draft-ietf-mpls-flow-ident-06

Stewart Bryant <stewart.bryant@gmail.com> Thu, 01 March 2018 20:07 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74B2712025C; Thu, 1 Mar 2018 12:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4S8GUEyNCPGF; Thu, 1 Mar 2018 12:07:01 -0800 (PST)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A745212EC42; Thu, 1 Mar 2018 12:06:57 -0800 (PST)
Received: by mail-wm0-x22a.google.com with SMTP id s206so47864wme.0; Thu, 01 Mar 2018 12:06:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=7QivAaMO5rnXrYYr8xrKROfGXXyKXxAF5GxDXuCpq+I=; b=b7IhYo96krrY165YhBdSIw4cWKMWlO+k3oNuwm4pQWYiw8TgnmBdUBs9yxq4v+lho4 4HJEzuD+bTeryxUxTUQRpar1YT+RjolKRoT6s8ArCiXqOUFv1MhU9fqA6iV0/ccoAB4j okkORM3cn9BIw6RUyunvn6DdFXaa4urOk8lUCf5aZ3KyA9F5bWL03jtCM2Qq/PDQ12g1 /HOPC/V+mZupD19UnKcuaMYj6Csri5mhMqwEIxSuNPalwkz7/PqG8PnniK/pJjBBf7bZ bWgaGL4Qeo8pqSOGk7II5BR1jWwiszG0z4NVGaL2HsBqXJSBPez+jXYApA0iNPhWHKy2 0Qrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=7QivAaMO5rnXrYYr8xrKROfGXXyKXxAF5GxDXuCpq+I=; b=rkZdZvc+fectSDTCR2R6UucdOQfWO1ZAWVgBU7P8WFENCZwMJ4tMcCn/hShX0tazWM Zifq2/pE5k0payt6dSX/1ApSkeYHAE7dRD5OoqN64GTFzSX2mmaprq1ViUIye8bNScu4 saINWEsAsl1bbRGKbzGnUJtplRbx5VYy+8ASwBfp86XaXHB5nHTr2KBVx1w6w7+mq1om oV08Xh2Gw05QaXoaYf8jek1BXR5rY+7zdfKQYMBEW/Q1meADuPHM81BOLosgNhHPxpd6 J97aE50LFa/yR6Cw9RiwoQTDsWkTfX0QFEi8ok6hTj5c/2fHwMW4oLTXaqgEZNONh+gi g6OQ==
X-Gm-Message-State: AElRT7H7aDeoTm0dFyUpIjcMYtbj8JtSf57pucuyO74f6DLV2qrkqyWn vejVwHeS505BpPNnn2c2nJJdvdKx
X-Google-Smtp-Source: AG47ELuJOZyZNCAOYqAAlM1r0UYh88+UyUO9u2q53FpoDNQwq0SqCWiQAkRAQnrcu4i8LTOo445nuw==
X-Received: by 10.28.166.201 with SMTP id p192mr2572538wme.132.1519934816012; Thu, 01 Mar 2018 12:06:56 -0800 (PST)
Received: from [192.168.2.126] (host213-123-124-182.in-addr.btopenworld.com. [213.123.124.182]) by smtp.gmail.com with ESMTPSA id f23sm8846558wrf.77.2018.03.01.12.06.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Mar 2018 12:06:55 -0800 (PST)
To: Daniel Franke <dafranke@akamai.com>, secdir@ietf.org
Cc: draft-ietf-mpls-flow-ident.all@ietf.org, ietf@ietf.org, mpls@ietf.org
References: <151562021088.5645.6014648171409606834@ietfa.amsl.com>
From: Stewart Bryant <stewart.bryant@gmail.com>
Message-ID: <7a2b19b9-7c5e-035a-49c9-e87186f77eeb@gmail.com>
Date: Thu, 1 Mar 2018 20:06:54 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <151562021088.5645.6014648171409606834@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/SGV6BrOnXFeUnsRpbT5DKd5AELc>
Subject: Re: [secdir] Secdir last call review of draft-ietf-mpls-flow-ident-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 20:07:02 -0000

Hi Daniel

Thank you for the review.


On 10/01/2018 21:36, Daniel Franke wrote:
> Reviewer: Daniel Franke
> Review result: Has Nits
>
> I have reviewed this document as part of the security directorate's ongoing
> effort to review all IETF documents being processed by the IESG. These comments
> were written primarily for the benefit of the security area directors. Document
> editors and WG chairs should treat these comments just like any other last call
> comments.
>
> I know next to nothing about MPLS. The proposed functionality seems reasonable
> and persuasively justified, but it is possible that there are significant
> issues I'm overlooking. I have a couple nitpicks about the Security
> Considerations section.
>
> The lowercased (i.e., non-RFC-2119) "must"s and "should"s are weasel words when
> not connected with a statement of what objective is achieved by following those
> recommendations. For example, the sentence "Propagation of identification
> information outside the MPLS network imposing it must be disabled by default"
> ought to be prefaced or suffixed with something along the lines of "In order to
> preserve present assumptions about MPLS privacy properties".
This is a useful point and I have included it in the security section.
> I see a lot of discussion about confidentiality concerns when flow information
> is propagated across trust boundaries, but no discussion about the dual
> integrity concerns.
I am not sure what a dual integrity concern is. Do you mean data integrity?
> I suggest including some word of warning that flow
> information received from an untrusted LSR cannot be assumed correct, so
> caution is advised before relying on it, e.g., to determine for billing
> purposes whether SLAs are being met.
In an MPLS network we would not have any exchange with an untrusted LSR.
It is a fundamental assumption that routers within the same domain are 
trustworthy.
If a router was untrustworthy it could cause immense damage to the whole
network, for example, by sending false reachability information that 
would bring the
whole network down.  So within an MPLS network we tend to trust that the
routers tell the truth.

- Stewart

>