Re: [secdir] Security review of draft-ietf-mpls-tp-psc-itu-02.txt
"Hilarie Orman" <ho@alum.mit.edu> Mon, 24 February 2014 05:51 UTC
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 780B31A0814; Sun, 23 Feb 2014 21:51:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VWYOStUMyRvG; Sun, 23 Feb 2014 21:51:54 -0800 (PST)
Received: from out01.mta.xmission.com (out01.mta.xmission.com [166.70.13.231]) by ietfa.amsl.com (Postfix) with ESMTP id 5C3ED1A0813; Sun, 23 Feb 2014 21:51:54 -0800 (PST)
Received: from in02.mta.xmission.com ([166.70.13.52]) by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from <hilarie@purplestreak.com>) id 1WHoSD-0005CT-NK; Sun, 23 Feb 2014 22:51:51 -0700
Received: from [72.250.219.84] (helo=sylvester.rhmr.com) by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from <hilarie@purplestreak.com>) id 1WHoSB-00045R-4I; Sun, 23 Feb 2014 22:51:49 -0700
Received: from sylvester.rhmr.com (localhost [127.0.0.1]) by sylvester.rhmr.com (8.14.4/8.14.4/Debian-2ubuntu1) with ESMTP id s1O5pgru000623; Sun, 23 Feb 2014 22:51:42 -0700
Received: (from hilarie@localhost) by sylvester.rhmr.com (8.14.4/8.14.4/Submit) id s1O5pfrm000621; Sun, 23 Feb 2014 22:51:41 -0700
Date: Sun, 23 Feb 2014 22:51:41 -0700
Message-Id: <201402240551.s1O5pfrm000621@sylvester.rhmr.com>
From: Hilarie Orman <ho@alum.mit.edu>
To: ryoo@etri.re.kr
In-reply-to: Yourmessage <5B4A6CBE3924BB41A3BEE462A8E0B75A286BA563@SMTP2.etri.info>
X-XM-AID: U2FsdGVkX18RC8QuIFkP2Gkotmf/Bfz5
X-SA-Exim-Connect-IP: 72.250.219.84
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: *;ryoo@etri.re.kr
X-Spam-Relay-Country:
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/WxotoWjNc9wx932xPjvCXsygis0
Cc: draft-ietf-mpls-tp-psc-itu@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Security review of draft-ietf-mpls-tp-psc-itu-02.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Hilarie Orman <ho@alum.mit.edu>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 05:51:56 -0000
Something like: "This document introduces no new security risks. RFC 6378 points out that MPLS relies on assumptions about traffic injection difficulty and assumes the the control plane does not have end-to-end security. RFC520 describes MPLS security issues and generic methods for securing traffic privacy and integrity. MPLS use should conform such advice." Hilarie > From: "Ryoo, Jeong-dong" <ryoo@etri.re.kr> > Date: Mon, 24 Feb 2014 04:35:08 +0000 Dear Hilarie, Thanks for your comment. I am not sure about what text has actually to be put in the Section 13 to reflect your suggestion. Do you have any text in mind? Best regards, Jeong-dong ________________________________ >From : "Hilarie Orman" <ho@alum.mit.edu> Sent : 2014-02-24 09:36:04 ( +09:00 ) To : iesg@ietf.org <iesg@ietf.org>, secdir@ietf.org <secdir@ietf.org> Cc : draft-ietf-mpls-tp-psc-itu@tools.ietf.org <draft-ietf-mpls-tp-psc-itu@tools.ietf.org> Subject : Security review of draft-ietf-mpls-tp-psc-itu-02.txt Security review of draft-ietf-mpls-tp-psc-itu-02.txt MPLS Transport Profile (MPLS-TP) Linear Protection to Match the Operational Expectations of SDH, OTN and Ethernet Transport Network Operators Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The abstract for this document states: This document describes alternate mechanisms to perform some of the sub-functions of MPLS Transport Profile (MPLS-TP) linear protection defined in RFC 6378, and also defines additional mechanisms. The purpose of these alternate and additional mechanisms is to provide operator control and experience that more closely models the behavior of linear protection seen in other transport networks. The security considerations are the timeworn statement that No specific security issue is raised in addition to those ones already documented in RFC 6378 [RFC6378] In RFC 6378 we find: MPLS networks make the assumption that it is very hard to inject traffic into a network and equally hard to cause traffic to be directed outside the network. The control-plane protocols utilize hop-by-hop security and assume a "chain-of-trust" model such that end-to-end control-plane security is not used. For more information on the generic aspects of MPLS security, see [RFC5920]. To my great astonishment I found that "RFC5920 Security Framework for MPLS and GMPLS Networks" is an excellent document, and it is my suggestion that the current draft reference it directly in section 13 "Security Considerations". Barring any surprises in the extensive state diagrams, I otherwise am inclined to accept the "no new issues" handwave. Hilarie
- [secdir] Security review of draft-ietf-mpls-tp-ps… Hilarie Orman
- Re: [secdir] Security review of draft-ietf-mpls-t… Hilarie Orman
- Re: [secdir] Security review of draft-ietf-mpls-t… Adrian Farrel
- Re: [secdir] Security review of draft-ietf-mpls-t… Ryoo, Jeong-dong
- Re: [secdir] Security review of draft-ietf-mpls-t… Ryoo, Jeong-dong