[secdir] Secdir review of draft-ietf-forces-packet-parallelization@tools.ietf.org
Magnus Nyström <magnusn@gmail.com> Tue, 30 September 2014 06:26 UTC
Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E1471A0211 for <secdir@ietfa.amsl.com>; Mon, 29 Sep 2014 23:26:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SoLF6xyN7NkY for <secdir@ietfa.amsl.com>; Mon, 29 Sep 2014 23:26:02 -0700 (PDT)
Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FD4B1A020B for <secdir@ietf.org>; Mon, 29 Sep 2014 23:26:02 -0700 (PDT)
Received: by mail-wg0-f52.google.com with SMTP id n12so12750129wgh.23 for <secdir@ietf.org>; Mon, 29 Sep 2014 23:26:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=eqhQYPkbx9R2Y2I5XU3Q17zna4k6c4JZB8G8r/GiWOk=; b=wtXBfr0MlmUFY1rIOB+xqnv+/GBS0gKHfpvS84yxugLUfaCDhUbIa5q5nCIFW+KOHv 2e2+2ebENIefsp9EEAMmUU28PMYxXEl4Uj9P9FldsuFTiOVAVz3p+ck/IS4g/sZFDwnL 0fSgpbgO9skk8kbwqKba7+XkTCcHMgrLUBP8E4y4/7at1tIcaEKg0kdUY9TQCfw9s++4 VLOmt1pw2eE1LEQTqQHrENdpy4uA76zs29MDROSV634Aed6XrY3LpgnzoE1PqhMe233n K9bfb8+zfUDz4mcpvoNXHrUGPLOqXMZCSjkd4VWOMIggTxdRJMkTui2bnTWFMmUXdpoA xy7Q==
MIME-Version: 1.0
X-Received: by 10.180.198.10 with SMTP id iy10mr3230371wic.10.1412058360740; Mon, 29 Sep 2014 23:26:00 -0700 (PDT)
Received: by 10.180.188.65 with HTTP; Mon, 29 Sep 2014 23:26:00 -0700 (PDT)
Date: Mon, 29 Sep 2014 23:26:00 -0700
Message-ID: <CADajj4Y2Po_JGmr2-V+U5RoaMALk8hD8M4rJ_VLQ4xTXj-pX4A@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-forces-packet-parallelization@tools.ietf.org
Content-Type: multipart/alternative; boundary="047d7b6226d0fe7e490504427472"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/_4DXcj46EL_FgaoHD6kN4jPxmjw
Subject: [secdir] Secdir review of draft-ietf-forces-packet-parallelization@tools.ietf.org
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2014 06:26:03 -0000
I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > This document describes how ForCES can model a network device's > parallelization datapath to support parallel packet processing in the > ForCES model. The document is intended to be published as an Experimental > RFC. > Since the document does not change the ForCES model or the ForCES protocol, I agree with the Security Consideration section's statement that there's no impact on the security considerations for them. However, the document then goes on to state "However as parallezation [sic] tasks have security issues, a designer or an implementer must take into account any security considerations that regards packet parallelization." I don't know specifically what such security issues are in the context of parallel ForCES packet processing, and it seems that it would be good to include at least some example of them and how implementers should take them into account. -- Magnus
- [secdir] Secdir review of draft-ietf-forces-packe… Magnus Nyström
- Re: [secdir] Secdir review of draft-ietf-forces-p… Haleplidis Evangelos
- Re: [secdir] Secdir review of draft-ietf-forces-p… magnusn
- Re: [secdir] Secdir review of draft-ietf-forces-p… Joel Halpern