Re: [secdir] secdir review of draft-ietf-dime-priority-avps-04
carlberg@g11.org.uk Tue, 26 July 2011 10:41 UTC
Return-Path: <carlberg@g11.org.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC2CD21F875E; Tue, 26 Jul 2011 03:41:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QlhIR3z7fwro; Tue, 26 Jul 2011 03:41:45 -0700 (PDT)
Received: from portland.eukhosting.net (portland.eukhosting.net [92.48.97.5]) by ietfa.amsl.com (Postfix) with ESMTP id 0B0A221F874A; Tue, 26 Jul 2011 03:41:45 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=g11.org.uk; h=Message-ID:Date:From:To:Cc:Subject:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent:X-Source:X-Source-Args:X-Source-Dir; b=M7WYrH+4la6mylmpqk131Wwp8hkzO1RBhy6oHNKkVc7sTkUqsZwMBU3BiCnqnhokwyF+5L9OTxAy6fwixh6iT1a6vBDxPedyQqFZHOeBmw4fuuW2NuHbYrIQpK/r7zrd;
Received: from localhost ([127.0.0.1]:38387) by portland.eukhosting.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <carlberg@g11.org.uk>) id 1Qlf4x-0003sR-Cj; Tue, 26 Jul 2011 10:41:35 +0000
Received: from 130.129.67.210 ([130.129.67.210]) by portland.eukhosting.net (Horde Framework) with HTTP; Tue, 26 Jul 2011 10:41:35 +0000
Message-ID: <20110726104135.13472eudbij0eaqs@portland.eukhosting.net>
Date: Tue, 26 Jul 2011 10:41:35 +0000
From: carlberg@g11.org.uk
To: shanna@juniper.net
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; DelSp="Yes"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - portland.eukhosting.net
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - g11.org.uk
X-Source:
X-Source-Args:
X-Source-Dir:
X-Mailman-Approved-At: Tue, 26 Jul 2011 04:29:07 -0700
Cc: lionel.morand@orange-ftgroup.com, draft-ietf-dime-priority-avps.all@tools.ietf.org, ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-dime-priority-avps-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 10:41:45 -0000
Hi Steve, Thanks for the review. <snip> > This standards track document defines Diameter AVPs that can be > used to convey a variety of priority parameters. While the Security > Considerations section of this document properly requires that > implementers review the Security Considerations section in the > Diameter protocol specification and consider the issues described > there, it does not include any analysis of the specific security > issues related to priority systems. The authors should review other > Security Considerations sections relating to priority systems > (e.g. the one in RFC 4412) and add text that describes the > special security issues that arise with priority systems and > the countermeasures that may be employed. You raise an interesting issue and we actually had a discussion about this on the DIME list <http://www.ietf.org/mail-archive/web/dime/current/msg04773.html> And just for the sake of completeness, here is the security considerations text of the dime-priority-avps draft in question: This document describes the extension of Diameter for conveying Quality of Service information. The security considerations of the Diameter protocol itself have been discussed in [I-D.ietf-dime-rfc3588bis]. Use of the AVPs defined in this document MUST take into consideration the security issues and requirements of the Diameter base protocol. The authors also recommend that readers should familiarize themselves with the security considerations of the various protocols listed in the Normative References listed below. In a nutshell, the authors and the chair disagreed with the need for extending the security considerations to include an analysis with other protocols (eg, rfc-4412) because these protocols operate outside of the DIAMETER protocol. The dime-priority-avps draft is an extension of I-D.ietf-dime-rfc3588bis, and thus is subject to the same security considerations to the bis draft. And its also important to keep in mind that the dime-priority-avps draft does not inject prioritization into the exchange of DIAMETER messages. It simply defines AVPs that correlate to some priority fields of other protocols. If it was the last sentence (above) in the dime-priority-avps security considerations that has triggered your comment about further analysis, then I'd prefer just removing that text. cheers, -ken
- Re: [secdir] secdir review of draft-ietf-dime-pri… Stephen Hanna
- Re: [secdir] secdir review of draft-ietf-dime-pri… carlberg
- Re: [secdir] secdir review of draft-ietf-dime-pri… carlberg
- Re: [secdir] secdir review of draft-ietf-dime-pri… Stephen Hanna
- Re: [secdir] secdir review of draft-ietf-dime-pri… lionel.morand
- Re: [secdir] secdir review of draft-ietf-dime-pri… lionel.morand
- Re: [secdir] secdir review of draft-ietf-dime-pri… David Harrington