[secdir] secdir review of draft-ietf-mpls-tp-itu-t-identifiers
"Dan Harkins" <dharkins@lounge.org> Thu, 03 January 2013 19:04 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE96421F8D12; Thu, 3 Jan 2013 11:04:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqVOK15mwllL; Thu, 3 Jan 2013 11:04:56 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 95BDE21F85AB; Thu, 3 Jan 2013 11:04:51 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 6978610224052; Thu, 3 Jan 2013 11:04:51 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Thu, 3 Jan 2013 11:04:51 -0800 (PST)
Message-ID: <6398d2a9aea631a9b8b7224b48cdaa00.squirrel@www.trepanning.net>
Date: Thu, 03 Jan 2013 11:04:51 -0800
From: Dan Harkins <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-mpls-tp-itu-t-identifiers.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: [secdir] secdir review of draft-ietf-mpls-tp-itu-t-identifiers
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jan 2013 19:04:57 -0000
Hello, and happy new year, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft creates a new globally unique identifier for the Transport Profile of MPLS. RFC 6370, which created identifiers for MPLS-TP, uses the operator's AS as a globally unique identifier but this draft proposes an alternative: use the ITU-T Carrier Codes. It then goes about changing the identifiers created by RFC 6370 by substituting the ITU-T Carrier Code for the AS. The security considerations state that the draft merely extends an information model and does not propose any protocol changes and therefore it does not introduce any new security concerns. This seems acceptable except that this extension relies on the global uniqueness of the ITU-T Carrier Codes (as RFC 6370 relies on the AS to be globally unique). Apparently "national regulatory authorities" ensure that they are unique in their regulatory domain (which is an ISO 3166-1 identified code) so as long as they don't screw up anything all is well. I think it might be worth mentioning the assumption that the "national regulatory authorities" will not make a mistake and what happens if they do. RFC 6370 relied on IANA to not make a mistake; this draft relies on all 249 entities that have an official code in ISO 3166-1 to not make a mistake. Also, there is a normative reference to a "Corrigendum" of an ITU-T recommendation on "OAM functions and mechanisms for Ethernet based networks". I have never encountered such a document. Is it a stable reference? regards, Dan.
- [secdir] secdir review of draft-ietf-mpls-tp-itu-… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-mpls-tp-… Adrian Farrel
- Re: [secdir] secdir review of draft-ietf-mpls-tp-… Huub helvoort