Re: [secdir] SECDIR Review of draft-kumaki-murai-l3vpn-rsvp-te/

Peng JIANG <pe-jiang@kddi.com> Fri, 28 September 2012 00:14 UTC

Return-Path: <pe-jiang@kddi.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB4FE21F8522 for <secdir@ietfa.amsl.com>; Thu, 27 Sep 2012 17:14:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQEwyPt+LUdf for <secdir@ietfa.amsl.com>; Thu, 27 Sep 2012 17:14:56 -0700 (PDT)
Received: from UTMC1104.kddi.com (athena.kddi.com [210.141.112.39]) by ietfa.amsl.com (Postfix) with ESMTP id C359E21F8514 for <secdir@ietf.org>; Thu, 27 Sep 2012 17:14:55 -0700 (PDT)
Received: from UTMC1135 (unknown [10.5.16.204]) by UTMC1104.kddi.com (Postfix) with SMTP id 7DAE52B1F; Fri, 28 Sep 2012 09:14:53 +0900 (JST)
Received: from UTMC1122.kddi.com (localhost [127.0.0.1]) by localhost.kddi.com (Postfix) with ESMTP id D7E3723FD; Fri, 28 Sep 2012 09:14:46 +0900 (JST)
Received: from UTMC1115.kddi.com (unknown [10.5.16.21]) by UTMC1122.kddi.com (Postfix) with ESMTP id B9CA52400; Fri, 28 Sep 2012 09:14:46 +0900 (JST)
Received: from KDDI-0806PC0671 ([10.200.129.117] [10.200.129.117]) by post-ims.kddi.com with ESMTPA; Fri, 28 Sep 2012 09:14:46 +0900
To: hallam@gmail.com, secdir@ietf.org, ke-kumaki@kddi.com, murai@fnsc.co.jp, dean.cheng@huawei.com, satoru.matsushima@tm.softbank.co.jp, pe-jiang@kddi.com, draft-kumaki-murai-l3vpn-rsvp-te@tools.ietf.org
From: Peng JIANG <pe-jiang@kddi.com>
References: <CAMm+LwjU0g4YF2u56q9YpSTxMyGX9XY7gH_-jHNT4ResaU5fVQ@mail.gmail.com>
In-Reply-To: <CAMm+LwjU0g4YF2u56q9YpSTxMyGX9XY7gH_-jHNT4ResaU5fVQ@mail.gmail.com>
Message-Id: <201209280914.DIF26020.OJHQFtBK@kddi.com>
X-Mailer: Winbiff [Version 2.51 PL3]
X-Accept-Language: ja,en,zh
Date: Fri, 28 Sep 2012 09:14:46 +0900
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-WAuditID: 1209280914470000511745
X-Mailman-Approved-At: Fri, 28 Sep 2012 08:07:04 -0700
Cc: daniel@olddog.co.uk
Subject: Re: [secdir] SECDIR Review of draft-kumaki-murai-l3vpn-rsvp-te/
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2012 00:14:57 -0000

Dear Phillip, 

Thank you for your detailed Security review of our draft. We 
will endeavor to review and update our draft based on your 
recommendations, use cases and referral to RFC6437. Our plan is 
to address the Security aspect and any further IESG comments in 
a new version of draft after Last Call has completes. If ok I 
will contact you with our new Security text to confirm it is 
suitable for addressing the issues you raise. 

Thank you. 
Peng  

> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> 
> The specification describes a mechanism for exchanging RSVP routing
> information to support multi-site VPNs in the case that a connection
> supports multiple VPNs.
> 
> The document lacks a substantive security considerations section, instead
> referencing RFC3209 for security considerations. I do not think this is
> appropriate since that document was published in 2001 when security
> considerations were still insubstantial and in the case ofd RFC 3209
> consist of a reference to RFC 2205 which is also pro-forma.
> 
> rfc6437 has a much better presentation of the issues involved.
> 
> While people tend to use Security Considerations to list the problems with
> a protocol there is no real reason this should be the case. The SC should
> address all the considerations, positive and negative
> 
> Here we have a model where the VPN is providing authentication and
> integrity checking end to end. That only leaves service and traffic
> analysis as concerns with respect to routing level attacks. But there
> should be discussion of the possibility that a member of the VPN network
> might introduce malicious routing data to redirect traffic. Either to do
> traffic analysis or to perform a DoS attack.
> 
> While this is not something members of a VPN are likely to do
> intentionally, it is something an attacker might do if they own one site.
> The risk here is that when you join a VPN club you may be exposing yourself
> to the vulnerabilities/exploits of the weakest member of the club. And they
> may be able to clobber you through them. So large scale systems might well
> have rules about auditing and security policies they would need in place.
> They should also sanity check the routes advertised.
> 
> Using a VPN does have a penalty as well as it means that the packet
> contents are now opaque to the good guys as well as the bad. Port filtering
> is no longer possible, spam filtering is hard and so on.
> 
> 
> -- 
> Website: http://hallambaker.com/
> 
> 
>