Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05
"Adrian Farrel" <adrian@olddog.co.uk> Wed, 14 May 2014 13:02 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26AAB1A0078; Wed, 14 May 2014 06:02:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IzBuzRgvPm6b; Wed, 14 May 2014 06:02:41 -0700 (PDT)
Received: from asmtp3.iomartmail.com (asmtp3.iomartmail.com [62.128.201.159]) by ietfa.amsl.com (Postfix) with ESMTP id EE48C1A006D; Wed, 14 May 2014 06:02:40 -0700 (PDT)
Received: from asmtp3.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id s4ED2WcO011176; Wed, 14 May 2014 14:02:32 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id s4ED2Vsn011137 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 14 May 2014 14:02:31 +0100
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Eric Osborne' <eric@notcom.com>
References: <EA9D0543-BF2E-40B9-BA7A-76F145E64CA7@inria.fr> <08c801cf6e05$0d200d90$276028b0$@olddog.co.uk> <CA+97oKPfUSyTOWYqut1dyhGWjU4Stto9-EkErjCN7x1M7RD+Eg@mail.gmail.com>
In-Reply-To: <CA+97oKPfUSyTOWYqut1dyhGWjU4Stto9-EkErjCN7x1M7RD+Eg@mail.gmail.com>
Date: Wed, 14 May 2014 14:02:31 +0100
Message-ID: <007701cf6f74$c4b46580$4e1d3080$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI6M7cVzudwVfHp4TQTqZGHxKuFAgIamy5jAfT1W/GaSgRqYA==
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1017-20692.007
X-TM-AS-Result: No--20.313-10.0-31-10
X-imss-scan-details: No--20.313-10.0-31-10
X-TMASE-MatchedRID: QfHZjzml1E+nykMun0J1wvHkpkyUphL9t7k6BDMlB1ghX1DXcpnJgB49 TW0ImlxY7+ykLzh4xShQph5GSAC7DQ7AfikPXgOwmlaAItiONP21k3bRIdXVNLrfxlRjqBJ3Ffu 9xZgL7lcaGJ6hc5LcchQd7vVtOefEMJN0pBC3oqcUEm127/0kJnJrB0Cu3DDn6DfA0qKLWvmLc3 vJNq/cTE5lMrwcgrvrZDtwWXYnS21GlhjnipkGEEJlJsbPxdeD0Wobj8GkNVp9Q5/gynnG1vO+m s5efpt74vM1YF6AJbZFi+KwZZttL42j49Ftap9EkGUtrowrXLg=
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/eg644vj0aX0B455JJ90_3pgwBcA
Cc: draft-ietf-mpls-psc-updates@tools.ietf.org, 'IESG' <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 13:02:43 -0000
Yes, thanks. A > -----Original Message----- > From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Eric Osborne > Sent: 14 May 2014 13:49 > To: Adrian Farrel > Cc: Vincent Roca; secdir@ietf.org; IESG; draft-ietf-mpls-psc- > updates@tools.ietf.org > Subject: Re: Secdir review of draft-ietf-mpls-psc-updates-05 > > Does 6941 go down as normative or informative? My guess is informative. > > > > > eric > > On Mon, May 12, 2014 at 1:10 PM, Adrian Farrel <adrian@olddog.co.uk> wrote: > > Hi Vincent, > > > > > > > > Good points, but s/6378/6941/ > > > > > > > > Adrian > > > > > > > > From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Vincent Roca > > Sent: 12 May 2014 18:03 > > To: IESG; draft-ietf-mpls-psc-updates@tools.ietf.org; secdir@ietf.org > > Cc: Vincent Roca > > Subject: Secdir review of draft-ietf-mpls-psc-updates-05 > > > > > > > > Hello, > > > > I have reviewed this document as part of the security directorate's > > ongoing effort to review all IETF documents being processed by the > > IESG. These comments were written primarily for the benefit of the > > security area directors. Document editors and WG chairs should treat > > these comments just like any other last call comments. > > > > > > > > IMHO, the document is Almost ready. > > > > > > > > > > > > The author claims this document "raise[s] no new security concerns". > > > > I think the author is right, however I have two comments: > > > > > > > > - it's preferable to mention explicitely that RFC 6378 provides the baseline > > > > security discussion and that it also applies to the present document. > > > > > > > > - Making sure an implementation behaves correctly in front of malformed > > > > messages is typically something that should be mentioned/discussed in the > > > > Security Section. This is the case in section 2.3 "Error handling". > > > > Can an attacker through malformed/unexpected messages (e.g., with fuzzing) > > > > launch a DoS? > > > > I don't suggest to move section 2.3 in the Security Discussion section, > > but > > > > rather to add a sentence in the Security Section explaining that this > > document > > > > in section 2.3 also clarifies how to react in front of > > malformed/unexpected > > > > messages (which is essential from a security point of view). > > > > > > > > Cheers, > > > > > > > > Vincent
- [secdir] Secdir review of draft-ietf-mpls-psc-upd… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Adrian Farrel
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Eric Osborne
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Adrian Farrel
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Eric Osborne
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Kathleen Moriarty