Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 14 May 2014 21:42 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C0801A0203; Wed, 14 May 2014 14:42:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HDuvQbRc-uqu; Wed, 14 May 2014 14:42:30 -0700 (PDT)
Received: from mail-lb0-x229.google.com (mail-lb0-x229.google.com [IPv6:2a00:1450:4010:c04::229]) by ietfa.amsl.com (Postfix) with ESMTP id 80FBC1A0201; Wed, 14 May 2014 14:42:29 -0700 (PDT)
Received: by mail-lb0-f169.google.com with SMTP id s7so134599lbd.0 for <multiple recipients>; Wed, 14 May 2014 14:42:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=luP5et14tjnOuujCY3oHNIDYnqloVbcTUYffCujzPT8=; b=y23FTAjhTdTa6uMIt1VYf4VDf4SCBeydZ/lrah2PoVdkLNLm5sSLmoeb6Fg4i7O7E5 QV7T4wZgbYoVrLNRI1vEuacJ6Yr8yAyW2XEVwFABs30/hTYbu8ZaiN2k6CPQmtVAbzOn ntandhTmxTZ/75SRErXX2iu9FoyGgybbTY/R8Ej2saW6aJxR2oBKtAU0Z8EcHp/xg71J uH6WzLHqVGFb4v3L/99OWiIyCvzCZ00EKjdiljJtOLAzIuGrtExTmSWbGJm5twMEHo1p dRLGpSTmIfNx1ymVhvZPQx7aa1UHmv7YRegeDA3O8qXVTH89ijVW5pgV0CpRDbekAo4k 9rHw==
MIME-Version: 1.0
X-Received: by 10.152.8.7 with SMTP id n7mr4340735laa.22.1400103742017; Wed, 14 May 2014 14:42:22 -0700 (PDT)
Received: by 10.112.26.142 with HTTP; Wed, 14 May 2014 14:42:21 -0700 (PDT)
In-Reply-To: <CA+97oKOkkgcDs2bJZO172nrVB8NqPM-=UkOOxNYODtc59PxQ9w@mail.gmail.com>
References: <EA9D0543-BF2E-40B9-BA7A-76F145E64CA7@inria.fr> <CA+97oKOkkgcDs2bJZO172nrVB8NqPM-=UkOOxNYODtc59PxQ9w@mail.gmail.com>
Date: Wed, 14 May 2014 17:42:21 -0400
Message-ID: <CAHbuEH5=tNh3qyK0mS_tq1V2x0aw9yw=Dh+5SkJHcw6=Z-hDcg@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Eric Osborne <eric@notcom.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/beInV-0Q7KWhFhUOOyTz1-v9sCo
X-Mailman-Approved-At: Wed, 14 May 2014 15:03:38 -0700
Cc: secdir@ietf.org, "draft-ietf-mpls-psc-updates@tools.ietf.org" <draft-ietf-mpls-psc-updates@tools.ietf.org>, IESG <iesg@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 21:42:31 -0000

Thanks for addressing Vincent's comments from the SecDir review.  I
just have one correction in-line.

On Wed, May 14, 2014 at 9:03 AM, Eric Osborne <eric@notcom.com> wrote:
> ...
>>
>> - Making sure an implementation behaves correctly in front of malformed
>>   messages is typically something that should be mentioned/discussed in the
>>   Security Section. This is the case in section 2.3 "Error handling".
>>   Can an attacker through malformed/unexpected messages (e.g., with fuzzing)
>>   launch a DoS?
>>   I don't suggest to move section 2.3 in the Security Discussion section,
>> but
>>   rather to add a sentence in the Security Section explaining that this
>> document
>>   in section 2.3 also clarifies how to react in front of
>> malformed/unexpected
>>   messages (which is essential from a security point of view).
>
>
> I have added this to the security section.  It now reads:
>
> ---
> 7.  Security Considerations
>
>    These changes and clarifications raise no new security concerns.  RFC
>    6941 [RFC6941] provides the baseline security discussion for MPLS-TP,
>    and PSC (both RFC 6378 and this document) fall under that umbrella.
>    Additionally, Section 2.2 clarifies how to react to malformed or
>    unexpected messages.
>
> ---
>
>
> Is that sufficient?
>
It should be 2.3, not 2.2 for the error handling section. It my be
helpful to note that this is a preventative security measure so it is
understood, something like:

Additionally, Section 2.3 clarifies how to react to malformed or
unexpected messages, also an important preventative security measure.


>
>
> eric
>
>
>>
>> Cheers,
>>
>>     Vincent
>



-- 

Best regards,
Kathleen