Re: [secdir] SECDIR review of draft-ietf-pce-stateful-path-protection
Donald Eastlake <d3e3e3@gmail.com> Tue, 03 September 2019 18:17 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D088212023E; Tue, 3 Sep 2019 11:17:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.747
X-Spam-Level:
X-Spam-Status: No, score=-1.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c6pBnF08Nm-e; Tue, 3 Sep 2019 11:17:03 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BBC712013D; Tue, 3 Sep 2019 11:17:03 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id u185so34279841iod.10; Tue, 03 Sep 2019 11:17:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uGCAiz4TAWOhAFpH19Kj+PJYDPle7to29PcMTBcRwPI=; b=hrn5Lx0SPMm8wHNNVoVnF78CTWLXuzCcEBHF3q2XH26Xm247EQtR05GR9/uG5EVEXp /WMeA67y1ARnvmpCGAuQaW6SJAc3SkjBPAgPXdix5dJuLFHy24qEhj8rDkYddyF7iZuH S6VrZ/2eOuZjv9+OiQFh0+WgVoUnMDU/cJ6EPzT7Ij59w1HhKvOS2YVqu4yE1BdwyUAd WtUxTJzXUPPd2y0tAR6IB1WLOh6r4BmyvYiXZ87W4Rhk25LxksMGvBH08hj3zQ/1J6T/ IW27S1rdnV7bhlpqGWEOiQtoPUO8zff8neN9ScvoVux64vbPOAeoyuhx1E+wS7PQcew7 Pf4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uGCAiz4TAWOhAFpH19Kj+PJYDPle7to29PcMTBcRwPI=; b=s3z+RfssC1Xd2YdoTk5ZDoIDkkiesGXRiV6au5QipZy7wJOOfeLnWfkauHY9axqaYl LHC1/eH6XVDF5Tn63W9yprl7idS+sdy17Kz8lp3N6VVDME58nb4Zbo4W+kH2PsrAEPEy xHqO/IbC8yBNszxp31f7ZrKXfMr9medm3mbLPBaf1PZuCD6yVD3nZnIWovtOIwfUrfeN zPZS5yHY77JKDdAap2APTO/ntpc9aBPt6FIKsQBlOl0Ct8C07wGnxiMEXZ0WMJT3pS7l ZXbJ3jjEchR4n2wYXh9KIN0T2xoqAWFpgpzI0iOhe2oQN/DuuByD//bRRXg0l13d3ADe I9iA==
X-Gm-Message-State: APjAAAUvxdQeFTb9GxWr3YnUF+JZ/3ZCEcpYDjAfx9a902Sp7vY5bk1L DODbT234Up1IU0JzS3NQOGul708uMu0XOiS2cLM=
X-Google-Smtp-Source: APXvYqxh3bUaom6Nno9TddRePgOw4JS0A5j1dCDWp11mYW2mJi9YJfVsfl1EFIQToUx9XS2zOZ/cfJhA8+ShaavWN0U=
X-Received: by 2002:a6b:6a15:: with SMTP id x21mr22248735iog.40.1567534622252; Tue, 03 Sep 2019 11:17:02 -0700 (PDT)
MIME-Version: 1.0
References: <CAF4+nEENTRBsZzvwPtSfTjBS+msotyqtSXmogn97Z_fa8aNWLw@mail.gmail.com> <CAB75xn5S7jmS_f5jz=kxBWHQM6AK29a0O7vkFQ-=w=oSBxXzpw@mail.gmail.com>
In-Reply-To: <CAB75xn5S7jmS_f5jz=kxBWHQM6AK29a0O7vkFQ-=w=oSBxXzpw@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 03 Sep 2019 14:16:51 -0400
Message-ID: <CAF4+nEEwuMq8-JPgyEAPKdpUV2TJh-t0iRrAeVmQiNJkCArfPQ@mail.gmail.com>
To: Dhruv Dhody <dhruv.ietf@gmail.com>
Cc: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-pce-stateful-path-protection.all@ietf.org, secdir <secdir@ietf.org>, pce@ietf.org, Mahend Negi <mahend.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000005525570591aa18e9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/_7IMn4b0IKmVGK8jC9udwZUB5qE>
Subject: Re: [secdir] SECDIR review of draft-ietf-pce-stateful-path-protection
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2019 18:17:05 -0000
Hi, That change looks good to me. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 1424 Pro Shop Court, Davenport, FL 33896 USA d3e3e3@gmail.com On Tue, Sep 3, 2019 at 3:00 AM Dhruv Dhody <dhruv.ietf@gmail.com> wrote: > Hi Donald, > > Thanks for your review. > > On Thu, Aug 29, 2019 at 8:21 PM Donald Eastlake <d3e3e3@gmail.com> wrote: > > > > I have reviewed this document as part of the Security Directorate's > ongoing effort to review all IETF documents being processed by the IESG. > Document editors and WG chairs should treat these comments just like any > other last call comments. > > > > The summary of the review is Almost Ready. > > > > This document specifies an extension to the stateful Path Computation > Element Communication Protocol to associate two or more Label Switched > Paths for the purpose of setting up path protection. > > > > This is not at all my area of expertise. The Security Considerations > section primarily refers to the Security Considerations in existing RFCs > and one draft, draft-ietf-pce-association-group (which is already in the > RFC Editor queue). I think these references are pretty thorough and provide > good security coverage and advice with one possible exception. Given that > this document specifies a new facility, it seems likely that a few narrow > sentences would be in order about the damage an adversary could cause by > specifically monkeying with that new facility. > > > > I see that authors have posted a new revision (-10) that has this sentence > - > > Adding a spurious protection LSP > to the Path Protection Association group could give false sense of > network reliability, which leads to issues when the working LSP is > down and the protection LSP fails as well. > > > https://tools.ietf.org/html/draft-ietf-pce-stateful-path-protection-10#section-7 > > Does this work for you? > > Thanks! > Dhruv > > > > Tiny nits: > > In abstract and other places when referring to what this standards track > draft does: "describes" -> "specifies" or "defines" > > Draft references draft-ietf-pce-association-diversity-08 when latest > version is -09 > > > > Thanks, > > Donald > > =============================== > > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > > 1424 Pro Shop Court, Davenport, FL 33896 USA > > d3e3e3@gmail.com >
- [secdir] SECDIR review of draft-ietf-pce-stateful… Donald Eastlake
- Re: [secdir] SECDIR review of draft-ietf-pce-stat… Dhruv Dhody
- Re: [secdir] SECDIR review of draft-ietf-pce-stat… Donald Eastlake