Re: [secdir] Security review: draft-ietf-mpls-soft-preemption-18.txt

Stephen Kent <kent@bbn.com> Mon, 07 September 2009 15:16 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03ECA3A69C9 for <secdir@core3.amsl.com>; Mon, 7 Sep 2009 08:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.567
X-Spam-Level:
X-Spam-Status: No, score=-2.567 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N9hm267rAuO8 for <secdir@core3.amsl.com>; Mon, 7 Sep 2009 08:16:28 -0700 (PDT)
Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 2D8823A695A for <secdir@ietf.org>; Mon, 7 Sep 2009 08:16:28 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[192.168.1.5]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1Mkf1a-0007uO-Dh; Mon, 07 Sep 2009 10:16:54 -0400
Mime-Version: 1.0
Message-Id: <p06240809c6cad2cc37b4@[192.168.1.5]>
In-Reply-To: <FED2184CF597405083AE68F9F2DFCE19@your029b8cecfe>
References: <200909040212.n842CS3M028820@harbor.orleans.occnc.com> <FED2184CF597405083AE68F9F2DFCE19@your029b8cecfe>
Date: Mon, 7 Sep 2009 11:10:49 -0400
To: Adrian Farrel <Adrian.Farrel@huawei.com>
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Cc: mpls-chairs@tools.ietf.org, secdir <secdir@ietf.org>, draft-ietf-mpls-soft-preemption@tools.ietf.org
Subject: Re: [secdir] Security review: draft-ietf-mpls-soft-preemption-18.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2009 15:16:29 -0000

At 12:04 PM +0100 9/4/09, Adrian Farrel wrote:
>Hi Stephen,
>
>Thanks for your review. After discussion with the authors, I have 
>added an RFC Editor note as follows.
>
>Thanks,
>Adrian
>
>Section 10
>OLD
>   This document does not introduce new security issues.  The security
>   considerations pertaining to the original RSVP protocol [RFC3209]
>   remain relevant.
>NEW
>   This document does not introduce new security issues.  The security
>   considerations pertaining to the original RSVP protocol [RFC3209]
>   remain relevant. Further details about MPLS security considerations
>   can be found in [I-D.ietf-mpls-mpls-and-gmpls-security].
>
>   As noted in Section 6.1, soft preemption may result in temporary link
>   under provisioning condition while the soft preempted TE LSPs are
>   rerouted by their respective head-end LSRs. Although this is a less
>   serious condition than false hard preemption, and despite the
>   mitigation procedures described in Section 6.1, network operators
>   should be aware of the risk to their network should the soft
>   preemption processes be subverted, and should apply the relevant MPLS
>   control plane security techniques to protect against attacks.
>---
>Section 13.2
>ADD
>   [I-D.ietf-mpls-mpls-and-gmpls-security] Fang, L. Ed., "Security
>              Framework for MPLS and GMPLS Networks", draft-ietf-mpls-
>              mpls-and-gmpls-security-framework-06.txt, work in
>              progress.



Thanks for the reply. I these minor text changes address my concerns.

Steve