Re: [secdir] secdir review of draft-ietf-ccamp-gmpls-ethernet-pbb-te-06.txt

"Fedyk, Donald (Don)" <donald.fedyk@alcatel-lucent.com> Mon, 04 October 2010 15:29 UTC

Return-Path: <donald.fedyk@alcatel-lucent.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A7C353A6D1F; Mon, 4 Oct 2010 08:29:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bZ2J9pUOlHgj; Mon, 4 Oct 2010 08:29:46 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by core3.amsl.com (Postfix) with ESMTP id B30B53A6CCF; Mon, 4 Oct 2010 08:29:46 -0700 (PDT)
Received: from usnavsmail1.ndc.alcatel-lucent.com (usnavsmail1.ndc.alcatel-lucent.com [135.3.39.9]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id o94FUd0W022174 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 4 Oct 2010 10:30:40 -0500 (CDT)
Received: from USNAVSXCHHUB01.ndc.alcatel-lucent.com (usnavsxchhub01.ndc.alcatel-lucent.com [135.3.39.110]) by usnavsmail1.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id o94FUc5q020486 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 4 Oct 2010 10:30:39 -0500
Received: from USNAVSXCHMBSC2.ndc.alcatel-lucent.com ([135.3.39.139]) by USNAVSXCHHUB01.ndc.alcatel-lucent.com ([135.3.39.110]) with mapi; Mon, 4 Oct 2010 10:30:38 -0500
From: "Fedyk, Donald (Don)" <donald.fedyk@alcatel-lucent.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-ccamp-gmpls-ethernet-pbb-te.all@tools.ietf.org" <draft-ietf-ccamp-gmpls-ethernet-pbb-te.all@tools.ietf.org>
Date: Mon, 04 Oct 2010 10:30:36 -0500
Thread-Topic: secdir review of draft-ietf-ccamp-gmpls-ethernet-pbb-te-06.txt
Thread-Index: ActjPW+YZ7uXqIAuTFy/jHSeU+GqtgAk5P5w
Message-ID: <D3F33DCB7804274A890F9215F86616580AC958A70E@USNAVSXCHMBSC2.ndc.alcatel-lucent.com>
References: <20101003173341.GA16738@elstar.local>
In-Reply-To: <20101003173341.GA16738@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.9
X-Mailman-Approved-At: Mon, 04 Oct 2010 11:36:00 -0700
Subject: Re: [secdir] secdir review of draft-ietf-ccamp-gmpls-ethernet-pbb-te-06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Oct 2010 15:29:48 -0000

Hi Juergen

Sorry. When I updated I first consulted with the authors, chairs and ADs to address comments.  And then we agreed to post corrections. But it seems I missed the step where I close the loop with SecDir & GenArt.  My apologies. 

So to your comments, see [DF] inline

(All please feel free to correct me below if I miss speak.)



-----Original Message-----
From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de] 
Sent: Sunday, October 03, 2010 1:34 PM
To: iesg@ietf.org; secdir@ietf.org; draft-ietf-ccamp-gmpls-ethernet-pbb-te.all@tools.ietf.org
Subject: secdir review of draft-ietf-ccamp-gmpls-ethernet-pbb-te-06.txt

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

I have reviewed -05 and my editorial comments have been addressed in the -06 version. My other comments have apparently not been acted on nor did I receive any response from the authors. The comments were:

  Security wise, this document essentially refers to other documents,
  namely RFC 4872 amd RFC 4873. These documents again refer to other
  documents and ultimately to IPsec as a security solution. If this is
  correct, perhaps this could be made clearer so people like me do not
  have to recursively resolve security considerations to find out how
  things are protected.

[DF] This is correct. This is also the way we have documented for some time with many documents referring backwards.  Ultimately for control plane it comes down to some form restricted access/private networks or some mechanism such as IPSec to protect public exposed portions of signaling. 


  The security considerations of this document also refer to 802.1AE
  Media Access Control Security for the protection of "transport"
  Ethernet. It is not clear what "transport" Ethernet is, perhaps it is
  the Ethernet traffic carried over the paths. If my interpretation is
  correct, I would argue that this pointer does not really belong into
  the security considerations of this document since this specification
  deals with a part of the signaling plane, not the data plane.

[DF] transport Ethernet is a term that we use to describe Ethernet technologies that offer similar service typically associated with L1 transport networks (OAM (monitoring, tracing, integrity checking, fault signaling), protection switching). PBB-TE is one type of transport Ethernet. MACSEC can be used between the elements of the Ethernet network providing transport. If signaling is inland then MACSEC could be providing part of the security for the signaling. If the signaling is out of band over other technologies then IPSEC or other may ultimately be providing protection. 

  Section 5 states that "configuration should be consistent". What
  happens security wise if configuration is not consistent? This might
  deserve some discussion in the security considerations.

[DF]  When configuration is not consistent it is normal for the connection simply not to come up.  The dual ended nature of the configuration requires the source must match the destination.  This draft is currently is covering PBB-TE which is defined for a single administrative domain so the result of the misconnection is that the signaling will report some form of failure through the management plane.

[DF] In my opinion these items have been covered at a level that is consistent with GMPLS documents in the past but if there additional text or clarification we need on any of these points please indicate and I will work with the authors, chairs and ADs to correct.

Regards,
Don 


/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>