Re: [secdir] SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02
Stephen Kent <kent@bbn.com> Wed, 06 March 2013 17:02 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CA8321F8C93 for <secdir@ietfa.amsl.com>; Wed, 6 Mar 2013 09:02:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.598
X-Spam-Level:
X-Spam-Status: No, score=-106.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DJvVG1OSUo07 for <secdir@ietfa.amsl.com>; Wed, 6 Mar 2013 09:02:38 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 1AAE821F8C96 for <secdir@ietf.org>; Wed, 6 Mar 2013 09:02:38 -0800 (PST)
Received: from dhcp89-089-230.bbn.com ([128.89.89.230]:51634) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1UDHjd-000MEO-KJ; Wed, 06 Mar 2013 12:02:33 -0500
Message-ID: <513776A9.2040906@bbn.com>
Date: Wed, 06 Mar 2013 12:02:33 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
References: <51376352.5050802@bbn.com> <B31EEDDDB8ED7E4A93FDF12A4EECD30D2502C92B@GLKXM0002V.GREENLNK.net>
In-Reply-To: <B31EEDDDB8ED7E4A93FDF12A4EECD30D2502C92B@GLKXM0002V.GREENLNK.net>
Content-Type: multipart/alternative; boundary="------------080708070005050206070908"
Cc: "T.Clausen@computer.org" <T.Clausen@computer.org>, secdir <secdir@ietf.org>, "philippe.jacquet@alcatel-lucent.com" <philippe.jacquet@alcatel-lucent.com>, "sratliff@cisco.com" <sratliff@cisco.com>, Adrian Farrel <adrian@olddog.co.uk>, "macker@itd.nrl.navy.mil" <macker@itd.nrl.navy.mil>, Stewart Bryant <stbryant@cisco.com>
Subject: Re: [secdir] SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2013 17:02:42 -0000
Christopher, Sorry for my mischaracterization of the scope of this doc. So, you are saying that there are no security considerations relevant to the choice of metrics? Steve On 3/6/13 11:37 AM, Dearlove, Christopher (UK) wrote: > > Please note that this is not a rationale of OLSRv2. > > This is a rationale of how metrics were added to OLSRv2, a small > subset of the complete OLSRv2 functionality. > > There were of course security considerations in the design of OLSRv2, > but this is not that document. > > -- > > Christopher Dearlove > > Senior Principal Engineer, Communications Group > Communications, Networks and Image Analysis Capability > BAE Systems Advanced Technology Centre > West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK > Tel: +44 1245 242194 | Fax: +44 1245 242124 > > chris.dearlove@baesystems.com <mailto:chris.dearlove@baesystems.com> | > http://www.baesystems.com > > BAE Systems (Operations) Limited > Registered Office: Warwick House, PO Box 87, Farnborough Aerospace > Centre, Farnborough, Hants, GU14 6YU, UK > Registered in England & Wales No: 1996687 > > *From:*Stephen Kent [mailto:kent@bbn.com] > *Sent:* 06 March 2013 15:40 > *To:* secdir; Dearlove, Christopher (UK); T.Clausen@computer.org; > philippe.jacquet@alcatel-lucent.com; macker@itd.nrl.navy.mil; > sratliff@cisco.com; Stewart Bryant; Adrian Farrel > *Subject:* SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02 > > **** WARNING **** > > /This message originates from outside our organisation, either from an > external partner or the internet.// > /Keep this in mind if you answer this message./ > /Please see this process > <http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Dealing%20With%20Suspicious%20Emails.pdf> > on how to deal with suspicious emails.// > > SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02 > > I reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > This document is targeted as an Informational RFC. It describes itself > as "... an historic record of the rationale for, and design > considerations behind, how link metrics were included in OLSRv2." > > The Security Considerations section says simply "This document does > not specify any security considerations." It's been a very long time > (many years) since I've encountered that phrase in a candidate RFC. A > rationale document itself probably does not entail security > considerations, but the omission of any security discussion suggests > that security did not play a role in the deign of this routing > protocol. Is that true? If so, who thinks this is a good thing? > > I looked at the I-D that defines OLSRv2. It contains a two-page > Security Considerations section. From my perspective, this document > ought to provide background info (rationale) for the security > suggestions contained that document. > > > ******************************************************************** > This email and any attachments are confidential to the intended > recipient and may also be privileged. If you are not the intended > recipient please delete it from your system and notify the sender. > You should not copy it or use it for any purpose nor disclose or > distribute its contents to any other person. > ******************************************************************** >
- [secdir] SECDIR review of draft-ietf-manet-olsrv2… Stephen Kent
- Re: [secdir] SECDIR review of draft-ietf-manet-ol… Stephen Kent
- Re: [secdir] SECDIR review of draft-ietf-manet-ol… Dearlove, Christopher (UK)
- Re: [secdir] SECDIR review of draft-ietf-manet-ol… Stan Ratliff (sratliff)
- Re: [secdir] SECDIR review of draft-ietf-manet-ol… Adrian Farrel