[secdir] review of draft-ietf-mpls-loss-delay-03

Stephen Kent <kent@bbn.com> Mon, 13 June 2011 00:03 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E0D3111E813A for <secdir@ietfa.amsl.com>; Sun, 12 Jun 2011 17:03:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id FKnw61DIxYkp for <secdir@ietfa.amsl.com>; Sun, 12 Jun 2011 17:03:21 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com []) by ietfa.amsl.com (Postfix) with ESMTP id 1160011E807C for <secdir@ietf.org>; Sun, 12 Jun 2011 17:03:20 -0700 (PDT)
Received: from dommiel.bbn.com ([]:37491 helo=[]) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1QVuch-000K5B-Of; Sun, 12 Jun 2011 20:03:20 -0400
Mime-Version: 1.0
Message-Id: <p06240800ca1af8a1d167@[]>
Date: Sun, 12 Jun 2011 19:20:22 -0400
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-904199097==_ma============"
Cc: swallow@cisco.com, loa@pi.nu, rcallon@juniper.net, danfrost@cisco.com, stbryant@cisco.com
Subject: [secdir] review of draft-ietf-mpls-loss-delay-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2011 00:03:22 -0000

I reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The abstract for draft-ietf-mpls-tp-loss-delay-profile-03 describes 
it as "a profile of the general MPLS loss, delay, and throughput 
measurement techniques that suffices [sic] to meet the specific 
requirements of MLS-TP." It is a very brief (5 pages, including 
boilerplate) document intended as an informational RFC. The document 
that forms the basis for this profile, draft-ietf-mpls-loss-delay-01, 
is also in progress.

The security considerations section of this document refers to the 
base document cited above. Since this document is a profile of that 
one, this is a reasonable indirection. (I note that the document 
under review cites version 1 of that base document, and that version 
2 is now current, something that can be addressed later.) I looked at 
the security considerations section of the base specification. It is 
two paragraph in length. The first paragraph does a reasonable job of 
describing the top level security concerns associated with the 
exchange of performance monitoring messages in a context such as 
this. (The text would be better if the third concern were identified 
as "confidentiality.") The second paragraph, however, states:

    If reception or alteration of performance-related data by
    unauthorized devices is an operational concern, authentication
    and/or encryption procedures should be used to ensure message
    integrity and confidentiality.  Such procedures are outside the
    scope of this document, but have general applicability to OAM
    protocols in MPLS networks.

First, this paragraph is poorly worded (e.g., the mixed uses of 
"authentication," "encryption," "integrity," and "confidentiality"). 
Second, there is concrete reference to any candidate security 
mechanisms that can provide such services. I am not aware of any IETF 
standards that might offer such services for MPLS traffic. If there 
are none, this second paragraph is not adequate; if there are, they 
should be cited here.