[secdir] secdir review of draft-ietf-mpls-tp-itu-t-identifiers

"Dan Harkins" <dharkins@lounge.org> Thu, 03 January 2013 19:04 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE96421F8D12; Thu, 3 Jan 2013 11:04:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqVOK15mwllL; Thu, 3 Jan 2013 11:04:56 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 95BDE21F85AB; Thu, 3 Jan 2013 11:04:51 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 6978610224052; Thu, 3 Jan 2013 11:04:51 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Thu, 3 Jan 2013 11:04:51 -0800 (PST)
Message-ID: <6398d2a9aea631a9b8b7224b48cdaa00.squirrel@www.trepanning.net>
Date: Thu, 3 Jan 2013 11:04:51 -0800 (PST)
From: "Dan Harkins" <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-mpls-tp-itu-t-identifiers.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: [secdir] secdir review of draft-ietf-mpls-tp-itu-t-identifiers
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jan 2013 19:04:57 -0000

  Hello, and happy new year,

  I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

  This draft creates a new globally unique identifier for the Transport
Profile of MPLS. RFC 6370, which created identifiers for MPLS-TP,
uses the operator's AS as a globally unique identifier but this draft
proposes an alternative: use the ITU-T Carrier Codes. It then goes
about changing the identifiers created by RFC 6370 by substituting
the ITU-T Carrier Code for the AS.

  The security considerations state that the draft merely extends an
information model and does not propose any protocol changes and
therefore it does not introduce any new security concerns. This seems
acceptable except that this extension relies on the global uniqueness
of the ITU-T Carrier Codes (as RFC 6370 relies on the AS to be
globally unique). Apparently "national regulatory authorities"
ensure that they are unique in their regulatory domain (which is an
ISO 3166-1 identified code) so as long as they don't screw up
anything all is well. I think it might be worth mentioning the
assumption that the "national regulatory authorities" will not make a
mistake and what happens if they do. RFC 6370 relied on IANA to
not make a mistake; this draft relies on all 249 entities that have an
official code in ISO 3166-1 to not make a mistake.

  Also, there is a normative reference to a "Corrigendum" of an ITU-T
recommendation on "OAM functions and mechanisms for Ethernet
based networks". I have never encountered such a document. Is it
a stable reference?

  regards,

  Dan.