Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05

"Adrian Farrel" <adrian@olddog.co.uk> Wed, 14 May 2014 13:02 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26AAB1A0078; Wed, 14 May 2014 06:02:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IzBuzRgvPm6b; Wed, 14 May 2014 06:02:41 -0700 (PDT)
Received: from asmtp3.iomartmail.com (asmtp3.iomartmail.com [62.128.201.159]) by ietfa.amsl.com (Postfix) with ESMTP id EE48C1A006D; Wed, 14 May 2014 06:02:40 -0700 (PDT)
Received: from asmtp3.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id s4ED2WcO011176; Wed, 14 May 2014 14:02:32 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id s4ED2Vsn011137 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 14 May 2014 14:02:31 +0100
From: "Adrian Farrel" <adrian@olddog.co.uk>
To: "'Eric Osborne'" <eric@notcom.com>
References: <EA9D0543-BF2E-40B9-BA7A-76F145E64CA7@inria.fr> <08c801cf6e05$0d200d90$276028b0$@olddog.co.uk> <CA+97oKPfUSyTOWYqut1dyhGWjU4Stto9-EkErjCN7x1M7RD+Eg@mail.gmail.com>
In-Reply-To: <CA+97oKPfUSyTOWYqut1dyhGWjU4Stto9-EkErjCN7x1M7RD+Eg@mail.gmail.com>
Date: Wed, 14 May 2014 14:02:31 +0100
Message-ID: <007701cf6f74$c4b46580$4e1d3080$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI6M7cVzudwVfHp4TQTqZGHxKuFAgIamy5jAfT1W/GaSgRqYA==
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1017-20692.007
X-TM-AS-Result: No--20.313-10.0-31-10
X-imss-scan-details: No--20.313-10.0-31-10
X-TMASE-MatchedRID: QfHZjzml1E+nykMun0J1wvHkpkyUphL9t7k6BDMlB1ghX1DXcpnJgB49 TW0ImlxY7+ykLzh4xShQph5GSAC7DQ7AfikPXgOwmlaAItiONP21k3bRIdXVNLrfxlRjqBJ3Ffu 9xZgL7lcaGJ6hc5LcchQd7vVtOefEMJN0pBC3oqcUEm127/0kJnJrB0Cu3DDn6DfA0qKLWvmLc3 vJNq/cTE5lMrwcgrvrZDtwWXYnS21GlhjnipkGEEJlJsbPxdeD0Wobj8GkNVp9Q5/gynnG1vO+m s5efpt74vM1YF6AJbZFi+KwZZttL42j49Ftap9EkGUtrowrXLg=
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/eg644vj0aX0B455JJ90_3pgwBcA
Cc: draft-ietf-mpls-psc-updates@tools.ietf.org, 'IESG' <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 13:02:43 -0000

Yes, thanks.
A

> -----Original Message-----
> From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Eric Osborne
> Sent: 14 May 2014 13:49
> To: Adrian Farrel
> Cc: Vincent Roca; secdir@ietf.org; IESG; draft-ietf-mpls-psc-
> updates@tools.ietf.org
> Subject: Re: Secdir review of draft-ietf-mpls-psc-updates-05
> 
> Does 6941 go down as normative or informative?  My guess is informative.
> 
> 
> 
> 
> eric
> 
> On Mon, May 12, 2014 at 1:10 PM, Adrian Farrel <adrian@olddog.co.uk> wrote:
> > Hi Vincent,
> >
> >
> >
> > Good points, but s/6378/6941/
> >
> >
> >
> > Adrian
> >
> >
> >
> > From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Vincent Roca
> > Sent: 12 May 2014 18:03
> > To: IESG; draft-ietf-mpls-psc-updates@tools.ietf.org; secdir@ietf.org
> > Cc: Vincent Roca
> > Subject: Secdir review of draft-ietf-mpls-psc-updates-05
> >
> >
> >
> > Hello,
> >
> > I have reviewed this document as part of the security directorate's
> > ongoing effort to review all IETF documents being processed by the
> > IESG.  These comments were written primarily for the benefit of the
> > security area directors. Document editors and WG chairs should treat
> > these comments just like any other last call comments.
> >
> >
> >
> > IMHO, the document is Almost ready.
> >
> >
> >
> >
> >
> > The author claims this document "raise[s] no new security concerns".
> >
> > I think the author is right, however I have two comments:
> >
> >
> >
> > - it's preferable to mention explicitely that RFC 6378 provides the baseline
> >
> >   security discussion and that it also applies to the present document.
> >
> >
> >
> > - Making sure an implementation behaves correctly in front of malformed
> >
> >   messages is typically something that should be mentioned/discussed in the
> >
> >   Security Section. This is the case in section 2.3 "Error handling".
> >
> >   Can an attacker through malformed/unexpected messages (e.g., with fuzzing)
> >
> >   launch a DoS?
> >
> >   I don't suggest to move section 2.3 in the Security Discussion section,
> > but
> >
> >   rather to add a sentence in the Security Section explaining that this
> > document
> >
> >   in section 2.3 also clarifies how to react in front of
> > malformed/unexpected
> >
> >   messages (which is essential from a security point of view).
> >
> >
> >
> > Cheers,
> >
> >
> >
> >     Vincent