Re: [secdir] secdir review of draft-ietf-softwire-lw4over6-11

<mohamed.boucadair@orange.com> Mon, 27 October 2014 06:50 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2DE11A1A39; Sun, 26 Oct 2014 23:50:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XO1ljcMpWaFJ; Sun, 26 Oct 2014 23:50:22 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23FD81A89B8; Sun, 26 Oct 2014 23:50:22 -0700 (PDT)
Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm14.si.francetelecom.fr (ESMTP service) with ESMTP id 5A32D22C2E8; Mon, 27 Oct 2014 07:50:20 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.55]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id 38A1623805C; Mon, 27 Oct 2014 07:50:20 +0100 (CET)
Received: from OPEXCLILM23.corporate.adroot.infra.ftgroup ([169.254.2.240]) by OPEXCLILH03.corporate.adroot.infra.ftgroup ([10.114.31.55]) with mapi id 14.03.0195.001; Mon, 27 Oct 2014 07:50:20 +0100
From: <mohamed.boucadair@orange.com>
To: Samuel Weiler <weiler@watson.org>, "draft-ietf-softwire-lw4over6.all@tools.ietf.org" <draft-ietf-softwire-lw4over6.all@tools.ietf.org>
Thread-Topic: secdir review of draft-ietf-softwire-lw4over6-11
Thread-Index: AQHP7wYExWTftw7JLEWHpivKLsWtkpxDgqWg
Date: Mon, 27 Oct 2014 06:50:19 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93301BD386@OPEXCLILM23.corporate.adroot.infra.ftgroup>
References: <alpine.BSF.2.11.1410231708570.60907@fledge.watson.org>
In-Reply-To: <alpine.BSF.2.11.1410231708570.60907@fledge.watson.org>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2014.10.27.53032
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/UlAPdr4aUkC7Yn5qFPGeyqzfOWg
Cc: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-softwire-lw4over6-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 06:50:25 -0000

Dear Samuel,

Meany thank for the review.

Please see inline.

Cheers,
Med

-----Message d'origine-----
De : Samuel Weiler [mailto:weiler@watson.org] 
Envoyé : jeudi 23 octobre 2014 23:12
À : draft-ietf-softwire-lw4over6.all@tools.ietf.org
Cc : secdir@ietf.org; iesg@ietf.org
Objet : secdir review of draft-ietf-softwire-lw4over6-11

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.


Does this mechanism introduce new points for a DoS attack,
e.g. forging the ICMPv6 error message (type 1, code 5) mentioned in
Section 5.1?  I would like to see a list and discussion of these or,
if appropriate, an analysis showing that none exist.

[Med] Good point. We can add this sentence: 

"lwAFTR MUST rate limit ICMPv6 error messages to defend against DoS attacks generated by an abuse user.".

It's probably worth explaining this 2119 RECOMMENDation in more 
detail:

    Unless an lwB4 is being allocated a full IPv4 address, it is
    RECOMMENDED that PSIDs containing the well-known ports (0-1023) are
    not allocated to lwB4s.

[Med] FWIW, this text was added as a response to a comment from the WG (http://www.ietf.org/mail-archive/web/softwires/current/msg06008.html,
https://www.ietf.org/mail-archive/web/softwires/current/msg06035.html). Saying that, I'm personally for removing this sentence from the draft. This is more deployment-specific rather than an architectural discussion. We can just remove this one and let any deployment draft discuss this point further. 

I would like to see a discussion of provisioning mechanism security.

[Med] This is out of scope of this document. Dedicated provisioning mechanism specification documents should discuss it. We can add a sentence to Section 9 to capture this.

Are there security-related factors that should drive the choice of
provisioning mechanism (the doc mentions several options...)?  Are
there configuration choices that should or must be made when using one
of thsoe for this purpose?

[Med] No IMHO.

Non-security stuff:

I'm not seeing any explicit discussion of whether (and how) a lwB4 can 
request additional port space after the initial assignment.  If that 
feature does not exist, I would like to see it explicitly acknowledged 
as a limitation with a discussion of why it is not being provided.

[Med] This is implementation-specific. This feature is supported when PCP is used for instance (draft-ietf-pcp-port-set).

Again, assuming that there is not such a mechanism: since this is the 
architecture document, I would like to see a few words on expected 
port assignment/utilization ratios.  

[Med] Discussion on address sharing ratio is deployment-specific. It has nothing to do with in an architectural document. You may find a discussion in http://tools.ietf.org/html/rfc6269#appendix-B and http://tools.ietf.org/html/draft-ietf-softwire-stateless-4v6-motivation-05#section-4.2. 


Assuming a typical case of a 
residential subscriber, it seems that lw4o6 would need to assign 
enough ports to each user to accommodate expected peak usage.  This 
pretty clearly results in fewer users accommodated on a public v4 
address than if they were sharing the port space on demand.  How much 
much v4 space does lw4o6 consume in this environment compared to 
DS-Lite?

[Med] This is deployment-specific. Please refer to http://tools.ietf.org/html/draft-ietf-softwire-stateless-4v6-motivation-05#section-4.2 

Editorial stuff:

The next-to-last paragraph of section 1 doesn't seem to flow well with
the text around it, perhaps for lack of clarity in pronoun
antecedents:

    This document is an extended case, which covers address sharing for
    [RFC7040].  It is also a variant of A+P called Binding Table Mode
    (see Section 4.4 of [RFC6346]).

[Med] What about:

    "This document extends the mechanism defined in [RFC7040] by allowing address sharing. The solution in this document is also a variant of A+P called Binding Table Mode (see Section 4.4 of [RFC6346])."


And I think something is broken in the below sentence:

    The solution specified in this document allows the assignment of
    either a full or a shared IPv4 address requesting CPEs.

[Med] What about:

   "This document allows for the assignment of
    either a full IPv4 address or a shared IPv4 address to requesting CPEs."