Re: [secdir] Secdir review of draft-ietf-teas-yang-te-topo-15

Lou Berger <lberger@labn.net> Tue, 05 June 2018 14:02 UTC

Return-Path: <lberger@labn.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6E7213107B for <secdir@ietfa.amsl.com>; Tue, 5 Jun 2018 07:02:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.695
X-Spam-Level:
X-Spam-Status: No, score=-2.695 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.795, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ndoN3AcAgrFK for <secdir@ietfa.amsl.com>; Tue, 5 Jun 2018 07:02:20 -0700 (PDT)
Received: from gproxy2-pub.mail.unifiedlayer.com (gproxy2-pub.mail.unifiedlayer.com [69.89.18.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 771BD13107D for <secdir@ietf.org>; Tue, 5 Jun 2018 07:02:20 -0700 (PDT)
Received: from cmgw14.unifiedlayer.com (unknown [10.9.0.14]) by gproxy2.mail.unifiedlayer.com (Postfix) with ESMTP id 648291E0F40 for <secdir@ietf.org>; Tue, 5 Jun 2018 08:01:16 -0600 (MDT)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id QCUzf0hrVYnqBQCUzfcEyx; Tue, 05 Jun 2018 07:59:45 -0600
X-Authority-Reason: nr=8
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zZccASSnNOzmhEAXe6z4PoC+3ldhj1Seu3qCwp7zx0E=; b=WhyJGRgtElbDKAWhnOe3Ca8ySj poDNxh0ZC+ezDN9VUbxOiPGLh/1ZieFZAdemIVdfVzh1jqPkuDgSKvMlYBej1H4LBy9b9KF7QKEl/ T0of+JksBd1HH6X16/j+x2u53;
Received: from pool-100-15-86-101.washdc.fios.verizon.net ([100.15.86.101]:48452 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89_1) (envelope-from <lberger@labn.net>) id 1fQCWS-003llN-0h; Tue, 05 Jun 2018 08:01:16 -0600
To: Melinda Shore <melinda.shore@gmail.com>, secdir@ietf.org, IESG <iesg@ietf.org>, draft-ietf-teas-yang-te-topo.all@ietf.org
References: <1b9239b4-ff6a-4f85-4c6e-8b714cf6b6a3@gmail.com>
From: Lou Berger <lberger@labn.net>
Message-ID: <c50db559-a144-29d2-c486-626cfe1d372f@labn.net>
Date: Tue, 5 Jun 2018 10:01:13 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <1b9239b4-ff6a-4f85-4c6e-8b714cf6b6a3@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 100.15.86.101
X-Source-L: No
X-Exim-ID: 1fQCWS-003llN-0h
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-100-15-86-101.washdc.fios.verizon.net ([IPv6:::1]) [100.15.86.101]:48452
X-Source-Auth: lberger@labn.net
X-Email-Count: 2
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/UOvBbCLoh6xAyEZMyOmI0NoDJDQ>
Subject: Re: [secdir] Secdir review of draft-ietf-teas-yang-te-topo-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2018 14:02:28 -0000

Melinda,

     The authors have published an update with a revised security 
considerations section, please take a look at your convenience and let 
the authors know if you see that more is needed.

https://tools.ietf.org/html/draft-ietf-teas-yang-te-topo-16#section-8

Lou
(Doc Shepherd)
On 5/31/2018 11:19 PM, Melinda Shore wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> The summary of the review is Ready with issues
>
> This document defines a technology-agnostic YANG data model for
> representation of traffic engineering topologies, and is intended to
> serve as a base model for other technology-specific traffic engineering
> topology models.
>
> The document is clearly written and appears comprehensive with respect
> to its subject matter.  I suspect that sections 1-4 would be a useful
> reference for people wanting to learn about TE topologies in general,
> and I enjoyed reading it.
>
> The security considerations section is scanty and, unfortunately,
> insufficient.  The statement "The data-model by itself does not create
> any security implications" seems questionable at best, since it contains
> information about network topology and the treatment of traffic,
> which may be of value to an attacker.  The lack of discussion of
> the threat environment is particularly problematic given that the
> model is intended to be used for manipulating TE topologies.  The
> authors may want to look to draft-ietf-i2rs-yang-network-topo as
> a model (no pun intended) of a good security considerations
> section for a topology model.  I don't see how this document can
> be published with the security considerations section in its current
> condition.
>
> This is really a trivial nit, but a nit nevertheless - the second
> paragraph of the terminology section probably belongs in the
> introduction instead, as it lays out expectations for the reader
> and contains a pointer to introductory material for readers
> unfamiliar with the IETF's traffic engineering work.
>
> Melinda
>