Re: [secdir] SECDIR review of draft-ietf-pce-stateful-path-protection

Donald Eastlake <d3e3e3@gmail.com> Tue, 03 September 2019 18:17 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D088212023E; Tue, 3 Sep 2019 11:17:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.747
X-Spam-Level:
X-Spam-Status: No, score=-1.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c6pBnF08Nm-e; Tue, 3 Sep 2019 11:17:03 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BBC712013D; Tue, 3 Sep 2019 11:17:03 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id u185so34279841iod.10; Tue, 03 Sep 2019 11:17:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uGCAiz4TAWOhAFpH19Kj+PJYDPle7to29PcMTBcRwPI=; b=hrn5Lx0SPMm8wHNNVoVnF78CTWLXuzCcEBHF3q2XH26Xm247EQtR05GR9/uG5EVEXp /WMeA67y1ARnvmpCGAuQaW6SJAc3SkjBPAgPXdix5dJuLFHy24qEhj8rDkYddyF7iZuH S6VrZ/2eOuZjv9+OiQFh0+WgVoUnMDU/cJ6EPzT7Ij59w1HhKvOS2YVqu4yE1BdwyUAd WtUxTJzXUPPd2y0tAR6IB1WLOh6r4BmyvYiXZ87W4Rhk25LxksMGvBH08hj3zQ/1J6T/ IW27S1rdnV7bhlpqGWEOiQtoPUO8zff8neN9ScvoVux64vbPOAeoyuhx1E+wS7PQcew7 Pf4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uGCAiz4TAWOhAFpH19Kj+PJYDPle7to29PcMTBcRwPI=; b=s3z+RfssC1Xd2YdoTk5ZDoIDkkiesGXRiV6au5QipZy7wJOOfeLnWfkauHY9axqaYl LHC1/eH6XVDF5Tn63W9yprl7idS+sdy17Kz8lp3N6VVDME58nb4Zbo4W+kH2PsrAEPEy xHqO/IbC8yBNszxp31f7ZrKXfMr9medm3mbLPBaf1PZuCD6yVD3nZnIWovtOIwfUrfeN zPZS5yHY77JKDdAap2APTO/ntpc9aBPt6FIKsQBlOl0Ct8C07wGnxiMEXZ0WMJT3pS7l ZXbJ3jjEchR4n2wYXh9KIN0T2xoqAWFpgpzI0iOhe2oQN/DuuByD//bRRXg0l13d3ADe I9iA==
X-Gm-Message-State: APjAAAUvxdQeFTb9GxWr3YnUF+JZ/3ZCEcpYDjAfx9a902Sp7vY5bk1L DODbT234Up1IU0JzS3NQOGul708uMu0XOiS2cLM=
X-Google-Smtp-Source: APXvYqxh3bUaom6Nno9TddRePgOw4JS0A5j1dCDWp11mYW2mJi9YJfVsfl1EFIQToUx9XS2zOZ/cfJhA8+ShaavWN0U=
X-Received: by 2002:a6b:6a15:: with SMTP id x21mr22248735iog.40.1567534622252; Tue, 03 Sep 2019 11:17:02 -0700 (PDT)
MIME-Version: 1.0
References: <CAF4+nEENTRBsZzvwPtSfTjBS+msotyqtSXmogn97Z_fa8aNWLw@mail.gmail.com> <CAB75xn5S7jmS_f5jz=kxBWHQM6AK29a0O7vkFQ-=w=oSBxXzpw@mail.gmail.com>
In-Reply-To: <CAB75xn5S7jmS_f5jz=kxBWHQM6AK29a0O7vkFQ-=w=oSBxXzpw@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 03 Sep 2019 14:16:51 -0400
Message-ID: <CAF4+nEEwuMq8-JPgyEAPKdpUV2TJh-t0iRrAeVmQiNJkCArfPQ@mail.gmail.com>
To: Dhruv Dhody <dhruv.ietf@gmail.com>
Cc: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-pce-stateful-path-protection.all@ietf.org, secdir <secdir@ietf.org>, pce@ietf.org, Mahend Negi <mahend.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000005525570591aa18e9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/_7IMn4b0IKmVGK8jC9udwZUB5qE>
Subject: Re: [secdir] SECDIR review of draft-ietf-pce-stateful-path-protection
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2019 18:17:05 -0000

Hi,

That change looks good to me.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 1424 Pro Shop Court, Davenport, FL 33896 USA
 d3e3e3@gmail.com


On Tue, Sep 3, 2019 at 3:00 AM Dhruv Dhody <dhruv.ietf@gmail.com> wrote:

> Hi Donald,
>
> Thanks for your review.
>
> On Thu, Aug 29, 2019 at 8:21 PM Donald Eastlake <d3e3e3@gmail.com> wrote:
> >
> > I have reviewed this document as part of the Security Directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> Document editors and WG chairs should treat these comments just like any
> other last call comments.
> >
> > The summary of the review is Almost Ready.
> >
> > This document specifies an extension to the stateful Path Computation
> Element Communication Protocol to associate two or more Label Switched
> Paths for the purpose of setting up path protection.
> >
> > This is not at all my area of expertise. The Security Considerations
> section primarily refers to the Security Considerations in existing RFCs
> and one draft, draft-ietf-pce-association-group (which is already in the
> RFC Editor queue). I think these references are pretty thorough and provide
> good security coverage and advice with one possible exception. Given that
> this document specifies a new facility, it seems likely that a few narrow
> sentences would be in order about the damage an adversary could cause by
> specifically monkeying with that new facility.
> >
>
> I see that authors have posted a new revision (-10) that has this sentence
> -
>
>    Adding a spurious protection LSP
>    to the Path Protection Association group could give false sense of
>    network reliability, which leads to issues when the working LSP is
>    down and the protection LSP fails as well.
>
>
> https://tools.ietf.org/html/draft-ietf-pce-stateful-path-protection-10#section-7
>
> Does this work for you?
>
> Thanks!
> Dhruv
>
>
> > Tiny nits:
> > In abstract and other places when referring to what this standards track
> draft does: "describes" -> "specifies" or "defines"
> > Draft references draft-ietf-pce-association-diversity-08 when latest
> version is -09
> >
> > Thanks,
> > Donald
> > ===============================
> >  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
> >  1424 Pro Shop Court, Davenport, FL 33896 USA
> >  d3e3e3@gmail.com
>