[secdir] SECDIR review of draft-ietf-pce-stateful-path-protection
Donald Eastlake <d3e3e3@gmail.com> Thu, 29 August 2019 14:50 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AAD812085C; Thu, 29 Aug 2019 07:50:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aydrC6xs4-B2; Thu, 29 Aug 2019 07:50:57 -0700 (PDT)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6754120127; Thu, 29 Aug 2019 07:50:56 -0700 (PDT)
Received: by mail-io1-xd2c.google.com with SMTP id u185so3638546iod.10; Thu, 29 Aug 2019 07:50:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=72jdzGhiMlSJ6+tGzbPiBBaMaJD8zlgQjNASUR056Ec=; b=D5F2XDaSxR6TdYHCvy+o2F/EzbMtJ9OFI8D5yKmpVqHTdC8WLsVZD0V9ZfKoXv9Ehi 5qMh7HzYL+KcfKh/yjL8009ty+/YScHIkdkHzQPPDihN+XknseIsaIvcnpnIURCZhxWP FvuN5mmivGVeQEC8dr/Rk/Ac5hS2Z4Jf/+aX/PrvXsETYCFfH05EFqQO8iCfRKBQgO0p N6XR1hxpkdDSDHuak24jiCNtUJkDTL6sd8U8GocmoH+kKf3tOGT2fm015raL7SSpTnQU dhp7mc2ynUAhAbWF3YFNWUhJxgDQE1onrx151J6GalpcX0EKuQbrxwUT6A9HuaKeAo8s kwDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=72jdzGhiMlSJ6+tGzbPiBBaMaJD8zlgQjNASUR056Ec=; b=EE8BwNrRvQGb6D5d+HneQOAgzYSyIBqQXQPd9m/+kgBaRzPl3vZBYwrWFOuIZaqe22 xx23JnyMx1esA4+C6+JHYBq8xXmKhOrOm07z9FDyfx8/t7q0jAbzDrx2KUUC4BvVrX28 u6zvtrnkQ2IWmJNKVy3a/Ek+i3drAvAxkOHMC9v5xPErat5JDJAOyOuPGRpWEOSCgksQ Mf7dVOoE40NiacILDmt6vTbt7fSEfBkbNCiwgETgzQc5S6KJiLMBD0hrobxCmCmAmWD4 iakZbcgG1OddmVPzgEi2NhoppgjQCRmImkuvBse0l+I5WB+GUB6Lhg+/1FOTLbBwvYSu iyeg==
X-Gm-Message-State: APjAAAUuXbzU0Yi1Sc9lkg88RsybTzzen6WZXLJ8kd5oajqDU4HtEkm2 GkNIhIjDhnM1VDwSvk0DCyydqGn8LWpGtDK1Jbszcw==
X-Google-Smtp-Source: APXvYqz2N8jNmFUmkouIhts3/mO8kR/09mB7IyZoPw6575aK8a529ogEChwlP9IvV4eOmu4rKcygH8iQ+gbLWSuRZNw=
X-Received: by 2002:a5e:9741:: with SMTP id h1mr406585ioq.24.1567090255706; Thu, 29 Aug 2019 07:50:55 -0700 (PDT)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 29 Aug 2019 10:50:44 -0400
Message-ID: <CAF4+nEENTRBsZzvwPtSfTjBS+msotyqtSXmogn97Z_fa8aNWLw@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-pce-stateful-path-protection.all@ietf.org
Cc: secdir <secdir@ietf.org>, pce@ietf.org
Content-Type: multipart/alternative; boundary="00000000000005bd58059142a2ff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Z_kfkpbPYaSveNum1HFEioc0exI>
Subject: [secdir] SECDIR review of draft-ietf-pce-stateful-path-protection
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2019 14:51:01 -0000
I have reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Almost Ready. This document specifies an extension to the stateful Path Computation Element Communication Protocol to associate two or more Label Switched Paths for the purpose of setting up path protection. This is not at all my area of expertise. The Security Considerations section primarily refers to the Security Considerations in existing RFCs and one draft, draft-ietf-pce-association-group (which is already in the RFC Editor queue). I think these references are pretty thorough and provide good security coverage and advice with one possible exception. Given that this document specifies a new facility, it seems likely that a few narrow sentences would be in order about the damage an adversary could cause by specifically monkeying with that new facility. Tiny nits: In abstract and other places when referring to what this standards track draft does: "describes" -> "specifies" or "defines" Draft references draft-ietf-pce-association-diversity-08 when latest version is -09 Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 1424 Pro Shop Court, Davenport, FL 33896 USA d3e3e3@gmail.com
- [secdir] SECDIR review of draft-ietf-pce-stateful… Donald Eastlake
- Re: [secdir] SECDIR review of draft-ietf-pce-stat… Dhruv Dhody
- Re: [secdir] SECDIR review of draft-ietf-pce-stat… Donald Eastlake