[secdir] Secdir Review of draft-ietf-tcpm-dctcp-07
Catherine Meadows <catherine.meadows@nrl.navy.mil> Tue, 13 June 2017 22:30 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C5FE127735; Tue, 13 Jun 2017 15:30:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f02mCqTJLJki; Tue, 13 Jun 2017 15:30:17 -0700 (PDT)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54F5A1270FC; Tue, 13 Jun 2017 15:30:16 -0700 (PDT)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id v5DMUDto027298 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Tue, 13 Jun 2017 18:30:14 -0400
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_44CA61B2-9FCD-426C-AD46-31D2C9685887"
Date: Tue, 13 Jun 2017 18:30:13 -0400
Message-Id: <5270D796-928E-466F-96D3-3F8A401FFE7D@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-tcpm-dctcp.all@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Y3Qzklge1wjlfsy4_iSP0CN9-6k>
Subject: [secdir] Secdir Review of draft-ietf-tcpm-dctcp-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jun 2017 22:30:21 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Almost Ready. This draft concerns a variant of TCP intended for datacenters: DCTCP. Much of this takes advantage of the fact that datacenters are controlled environments managed by a single authority. The chief new feature is that the Explicit Notification Congestion Field gives information about the amount of congestion present, instead of simply indicating whether there is congestion or not. The Security Considerations section notes that DCTCP inherits the security considerations of RFC3168, The only change that has a potential affect on security beyond those already mentioned in RFC3168 is a statement that ECT markings (used to indicate whether endpoints explicit congestion notification) markings SHOULD be applied to control packets. RFC3168 does not allow this, and RFC5562 does not allow this for SYN packets because of the possibility it such packets, since they would live longer, would facilitate SYN flooding attacks. However, it is argued here that in a controlled environment SYN flooding would not be an issue. The section ends as follows: The security concerns addressed by both these RFCs might not apply in controlled environments like datacenters, and it might not be necessary to account for the presence of non-ECN servers. Since most servers run virtualized in datacenters, additional security can be imposed in the physical servers to intercept and drop traffic resembling an attack. I wasn’t sure how to take this. The first sentence indicates uncertainty, but the second sentence gives a clear description of how security can be enforced on the perimeter in datacenters. It also contradicts the statement at the beginning, that DCTCP inherits the security considerations of RFC3168. I think that this needs to be stated more clearly. Perhaps, at the beginning you could say something like DCTCP enhances ECN and thus inherits the security considerations discussed in [RFC3168]. However, because most servers run virtualized in datacenters, additional security can be imposed in the physical servers to intercept and drop traffic resembling an attack. This makes it less likely that it will be necessary to account for the presence of non-ECN servers, thus mitigating the security considerations in RFC3168. Also, a nit: ECT is never defined in the document. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil <mailto:catherine.meadows@nrl.navy.mil>
- [secdir] Secdir Review of draft-ietf-tcpm-dctcp-07 Catherine Meadows
- Re: [secdir] Secdir Review of draft-ietf-tcpm-dct… Eggert, Lars