[secdir] Secdir early review of draft-ietf-manet-dlep-traffic-classification-12
Shawn Emery via Datatracker <noreply@ietf.org> Sun, 11 August 2024 05:52 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from [10.244.2.52] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 3882AC14F6E8; Sat, 10 Aug 2024 22:52:37 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.22.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <172335555684.555777.8455571388418360599@dt-datatracker-6df4c9dcf5-t2x2k>
Date: Sat, 10 Aug 2024 22:52:36 -0700
Message-ID-Hash: FWAMOUZJPLSNQ4GGVS6LGWTHOTGXJXBH
X-Message-ID-Hash: FWAMOUZJPLSNQ4GGVS6LGWTHOTGXJXBH
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-manet-dlep-traffic-classification.all@ietf.org, manet@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Shawn Emery <shawn.emery@gmail.com>
Subject: [secdir] Secdir early review of draft-ietf-manet-dlep-traffic-classification-12
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/YmUZiOaEfvWasXe0OprjCk_O1NU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Reviewer: Shawn Emery Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This standards track draft specifies a protocol for identifying various link control messages utilized by the Dynamic Link Exchange Protocol (DLEP). The security considerations sections does exist and discloses that the protocol opens up vulnerabilities for DoS by modifying or injecting protocol messages (e.g., decrease the max window size to a unrealistically small value). The mitigation of said vulnerabilities is deferred to RFC 8175's security considerations, which prescribes TLS for transport security and provides IEEE-802.1AE and IEEE-802.1X as examples to protect Layer 2 from injecting or altering messages. I believe this to be an accurate assertion. General comments: In order to help me fully understand the concepts of this protocol I think it would be nice to have examples for DSCP and PCP Sub-Data Items. Editorial comments: s/DLPE/DLEP/
- [secdir] Secdir early review of draft-ietf-manet-… Shawn Emery via Datatracker
- [secdir] Re: Secdir early review of draft-ietf-ma… Shawn M Emery