[secdir] secdir review of draft-ietf-ippm-twamp-value-added-octets-03

Richard L. Barnes <rbarnes@bbn.com> Fri, 29 June 2012 20:17 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id F2EAD21F88EA; Fri, 29 Jun 2012 13:17:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.528
X-Spam-Status: No, score=-106.528 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id GE5bkSPDgQe6; Fri, 29 Jun 2012 13:17:02 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com []) by ietfa.amsl.com (Postfix) with ESMTP id 529E621F8857; Fri, 29 Jun 2012 13:17:02 -0700 (PDT)
Received: from ros-dhcp192-1-51-6.bbn.com ([]:55457) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1Skhch-0004ne-OG; Fri, 29 Jun 2012 16:16:59 -0400
From: Richard L. Barnes <rbarnes@bbn.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Fri, 29 Jun 2012 16:16:59 -0400
Message-Id: <41B942F7-5BD0-46ED-9C47-748DB2A36308@bbn.com>
To: The IESG <iesg@ietf.org>, SECDIR <secdir@ietf.org>, draft-ietf-ippm-twamp-value-added-octets.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
Subject: [secdir] secdir review of draft-ietf-ippm-twamp-value-added-octets-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2012 20:17:04 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document defines "value-added" octets that can cause TWAMP peers to enable some additional services, for example, multiplexing multiple TWAMP measurements into a single session.  These value-added octets are inserted into the packet as padding octets, so that an unaware host will simply ignore them.  Thus, the major new risk (relative to TWAMP) is that some of the additional features require more buffering than normal TWAMP, and can thus lead to DOS if not constrained. The Security Considerations section correctly notes this risk; it would be helpful if it included a little more detail on how the DOS conditions could arise.