Re: [secdir] SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02

[Stephen Kent <kent@bbn.com>]

Christopher,

Sorry for my mischaracterization of the scope of this doc.

So, you are saying that there are no security considerations relevant to 
the choice of metrics?

Steve

On 3/6/13 11:37 AM, Dearlove, Christopher (UK) wrote:
>
> Please note that this is not a rationale of OLSRv2.
>
> This is a rationale of how metrics were added to OLSRv2, a small 
> subset of the complete OLSRv2 functionality.
>
> There were of course security considerations in the design of OLSRv2, 
> but this is not that document.
>
> -- 
>
> Christopher Dearlove
>
> Senior Principal Engineer, Communications Group
> Communications, Networks and Image Analysis Capability
> BAE Systems Advanced Technology Centre
> West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
> Tel: +44 1245 242194 |  Fax: +44 1245 242124
>
> chris.dearlove@baesystems.com <mailto:chris.dearlove@baesystems.com> | 
> http://www.baesystems.com
>
> BAE Systems (Operations) Limited
> Registered Office: Warwick House, PO Box 87, Farnborough Aerospace 
> Centre, Farnborough, Hants, GU14 6YU, UK
> Registered in England & Wales No: 1996687
>
> *From:*Stephen Kent [mailto:kent@bbn.com]
> *Sent:* 06 March 2013 15:40
> *To:* secdir; Dearlove, Christopher (UK); T.Clausen@computer.org; 
> philippe.jacquet@alcatel-lucent.com; macker@itd.nrl.navy.mil; 
> sratliff@cisco.com; Stewart Bryant; Adrian Farrel
> *Subject:* SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02
>
> **** WARNING ****
>
> /This message originates from outside our organisation, either from an 
> external partner or the internet.//
> /Keep this in mind if you answer this message./
> /Please see this process 
> <http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Dealing%20With%20Suspicious%20Emails.pdf> 
> on how to deal with suspicious emails.//
>
> SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02
>
> I reviewed this document as part of the security directorate's ongoing 
> effort to review all IETF documents being processed by the IESG.  
> These comments were written primarily for the benefit of the security 
> area directors.  Document editors and WG chairs should treat these 
> comments just like any other last call comments.
>
> This document is targeted as an Informational RFC. It describes itself 
> as "... an historic record of the rationale for, and design 
> considerations behind, how link metrics were included in OLSRv2."
>
> The Security Considerations section says simply "This document does 
> not specify any security considerations." It's been a very long time 
> (many years) since I've encountered that phrase in a candidate RFC. A 
> rationale document itself probably does not entail security 
> considerations, but the omission of any security discussion suggests 
> that security did not play a role in the deign of this routing 
> protocol. Is that true? If so, who thinks this is a good thing?
>
> I looked at the I-D that defines OLSRv2. It contains a two-page 
> Security Considerations section. From my perspective, this document 
> ought to provide background info (rationale) for the security 
> suggestions contained that document.
>
>
> ********************************************************************
> This email and any attachments are confidential to the intended
> recipient and may also be privileged. If you are not the intended
> recipient please delete it from your system and notify the sender.
> You should not copy it or use it for any purpose nor disclose or
> distribute its contents to any other person.
> ********************************************************************
>