[secdir] Secdir early review of draft-ietf-manet-dlep-traffic-classification-12

Shawn Emery via Datatracker <noreply@ietf.org> Sun, 11 August 2024 05:52 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from [10.244.2.52] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 3882AC14F6E8; Sat, 10 Aug 2024 22:52:37 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.22.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <172335555684.555777.8455571388418360599@dt-datatracker-6df4c9dcf5-t2x2k>
Date: Sat, 10 Aug 2024 22:52:36 -0700
Message-ID-Hash: FWAMOUZJPLSNQ4GGVS6LGWTHOTGXJXBH
X-Message-ID-Hash: FWAMOUZJPLSNQ4GGVS6LGWTHOTGXJXBH
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-manet-dlep-traffic-classification.all@ietf.org, manet@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Shawn Emery <shawn.emery@gmail.com>
Subject: [secdir] Secdir early review of draft-ietf-manet-dlep-traffic-classification-12
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/YmUZiOaEfvWasXe0OprjCk_O1NU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

Reviewer: Shawn Emery
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This standards track draft specifies a protocol for identifying various link
control messages utilized by the Dynamic Link Exchange Protocol (DLEP).

The security considerations sections does exist and discloses that the protocol
opens up vulnerabilities for DoS by modifying or injecting protocol messages
(e.g., decrease the max window size to a unrealistically small value).  The
mitigation of said vulnerabilities is deferred to RFC 8175's security
considerations, which prescribes TLS for transport security and provides
IEEE-802.1AE and IEEE-802.1X as examples to protect Layer 2 from injecting or
altering messages.  I believe this to be an accurate assertion.

General comments:

In order to help me fully understand the concepts of this protocol I think it
would be nice to have examples for DSCP and PCP Sub-Data Items.

Editorial comments:

s/DLPE/DLEP/