Re: [secdir] Secdir review of draft-ietf-mpls-ldp-igp-sync-bcast-04
Sriganesh Kini <sriganesh.kini@ericsson.com> Fri, 01 October 2010 20:09 UTC
Return-Path: <sriganesh.kini@ericsson.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 326613A6E04; Fri, 1 Oct 2010 13:09:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.42
X-Spam-Level:
X-Spam-Status: No, score=-2.42 tagged_above=-999 required=5 tests=[AWL=0.179, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OsKPYln8A3J6; Fri, 1 Oct 2010 13:09:18 -0700 (PDT)
Received: from imr3.ericy.com (imr3.ericy.com [198.24.6.13]) by core3.amsl.com (Postfix) with ESMTP id EE1CC3A6E26; Fri, 1 Oct 2010 13:08:00 -0700 (PDT)
Received: from eusaamw0711.eamcs.ericsson.se ([147.117.20.178]) by imr3.ericy.com (8.13.8/8.13.8) with ESMTP id o91K7sHi006247 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 1 Oct 2010 15:08:34 -0500
Received: from EUSAACMS0703.eamcs.ericsson.se ([169.254.1.219]) by eusaamw0711.eamcs.ericsson.se ([147.117.20.178]) with mapi; Fri, 1 Oct 2010 16:08:21 -0400
From: Sriganesh Kini <sriganesh.kini@ericsson.com>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Date: Fri, 01 Oct 2010 16:08:20 -0400
Thread-Topic: Secdir review of draft-ietf-mpls-ldp-igp-sync-bcast-04
Thread-Index: ActeOEH0nE1Z3sFDSQGL1ipD7jocMgDa/Icw
Message-ID: <5A5E55DF96F73844AF7DFB0F48721F0F56F5FDE903@EUSAACMS0703.eamcs.ericsson.se>
References: <4CA081F7.60304@gondrom.org>
In-Reply-To: <4CA081F7.60304@gondrom.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Mon, 04 Oct 2010 11:35:57 -0700
Cc: "swallow@cisco.com" <swallow@cisco.com>, Wenhu Lu <wenhu.lu@ericsson.com>, "draft-ietf-mpls-ldp-igp-sync-bcast.all@tools.ietf.org" <draft-ietf-mpls-ldp-igp-sync-bcast.all@tools.ietf.org>, "adrian.farrel@huawei.com" <adrian.farrel@huawei.com>, "martin.vigoureux@alcatel-lucent.com" <martin.vigoureux@alcatel-lucent.com>, "loa@pi.nu" <loa@pi.nu>
Subject: Re: [secdir] Secdir review of draft-ietf-mpls-ldp-igp-sync-bcast-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2010 20:09:20 -0000
X-List-Received-Date: Fri, 01 Oct 2010 20:09:20 -0000
Hello Tobias, Pls see inline at [Sri]. Thanks > -----Original Message----- > From: Tobias Gondrom [mailto:tobias.gondrom@gondrom.org] > Sent: Monday, September 27, 2010 4:37 AM > To: iesg@ietf.org; secdir@ietf.org > Cc: draft-ietf-mpls-ldp-igp-sync-bcast.all@tools.ietf.org; > Sriganesh Kini; Wenhu Lu; swallow@cisco.com; loa@pi.nu; > adrian.farrel@huawei.com; martin.vigoureux@alcatel-lucent.com > Subject: Secdir review of draft-ietf-mpls-ldp-igp-sync-bcast-04 > > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. > Document editors and WG chairs should treat these comments just like > any other last call comments. > > > draft-ietf-mpls-ldp-igp-sync-bcast-04 > LDP IGP Synchronization for broadcast networks > > the draft updates RFC 5443 (LDP IGP Synchronization) It basically > proposes the following mechanism: "If an interface is not a 'cut-edge' > then the updating of the LSA with that link to the pseudo-node is > postponed until LDP is operational." > > The document states that there would be no security considerations > beyond RFC5443. > I am not certain of that. Although the idea behind bcast is good, it > adds a new mechanism beyond 5443. > To make sure the security considerations are accurate, I'd like to > raise two questions for the authors/WG: > 1. Which security implications does the WG see for removing a coming > up link from the LSDB? [Sri] Since the link is only delayed from being added to the LSDB we don't believe there are any new/additional security implications. > 2. Can there be a gap between the algorithm to determine "cut-edge" > and TTL (e.g. may not qualify for "cut-edge" and thus be removed from > LSDB, but have a large number of links and effectively not be > reachable)? [Sri] This problem is not unique to this draft. Even in RFC 5443 when the link has high metric, an alternate path with num hops > 255 (but a lower path metric than the directly connected link's max metric) can result in unreachability. > > and three minor editorial comments: > - section 3, last paragraph: > s/Since A's cost to reach B not high/Since A's cost to reach B is not > high [Sri] Accepted > - Appendix A: Computation of 'cut-edge' > there should be an informative reference for mentioned "Dijkstra's > algorithm" [Sri] Accepted. Will refer to RFC 2328 sec 16.1 > - abbreviation "SPF" should list the its expanded term (Shortest Path > First) at first mentioning. [Sri] Accepted. > > Best regards, Tobias > > > > >
- [secdir] Secdir review of draft-ietf-mpls-ldp-igp… Tobias Gondrom
- Re: [secdir] Secdir review of draft-ietf-mpls-ldp… Tobias Gondrom
- Re: [secdir] Secdir review of draft-ietf-mpls-ldp… Sriganesh Kini
- Re: [secdir] Secdir review of draft-ietf-mpls-ldp… Sriganesh Kini
- Re: [secdir] Secdir review of draft-ietf-mpls-ldp… Tobias Gondrom