[secdir] secdir review of draft-ietf-mpls-ldp-p2mp-14
Tom Yu <tlyu@MIT.EDU> Mon, 04 July 2011 07:46 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7848621F84D1; Mon, 4 Jul 2011 00:46:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jegZy7YVupP0; Mon, 4 Jul 2011 00:46:09 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (DMZ-MAILSEC-SCANNER-1.MIT.EDU [18.9.25.12]) by ietfa.amsl.com (Postfix) with ESMTP id C01D521F84CF; Mon, 4 Jul 2011 00:46:08 -0700 (PDT)
X-AuditID: 1209190c-b7c65ae00000117c-d3-4e116fc9961a
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id C8.86.04476.9CF611E4; Mon, 4 Jul 2011 03:46:17 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id p647k6BJ024061; Mon, 4 Jul 2011 03:46:08 -0400
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id p647k4Pd026841 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 4 Jul 2011 03:46:05 -0400 (EDT)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id p647k3I6017210; Mon, 4 Jul 2011 03:46:03 -0400 (EDT)
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-mpls-ldp-p2mp.all@tools.ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Mon, 04 Jul 2011 03:46:03 -0400
Message-ID: <ldv8vsesd38.fsf@cathode-dark-space.mit.edu>
Lines: 32
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDIsWRmVeSWpSXmKPExsUixG6nrnsyX9DPYP8mNovNS/IsZvyZyGzx YeFDFgdmjyVLfjJ5fLn8mS2AKYrLJiU1J7MstUjfLoEr48uFZ8wFHTwVt5+eYWpg/MfZxcjJ ISFgIjH5xz8mCFtM4sK99WxdjFwcQgL7GCVWXVjLAuGsZ5TY0DKJGcK5zCRxs62REcLpZJQ4 /6+JDaRfRCBCYuH+Y2C2sICpxLYva4CKODjYBKQlji4uAwmzCKhKTFo6kQkkzCtgIfGoyxkk zCPAKXF61mcWEJtXQFDi5MwnYDazgJbEjX8vmSYw8s1CkpqFJLWAkWkVo2xKbpVubmJmTnFq sm5xcmJeXmqRrqFebmaJXmpK6SZGUKBxSvLsYHxzUOkQowAHoxIPL+MkAT8h1sSy4srcQ4yS HExKorzn8wT9hPiS8lMqMxKLM+KLSnNSiw8xSnAwK4nwMngC5XhTEiurUovyYVLSHCxK4rzl 3v99hQTSE0tSs1NTC1KLYLIyHBxKErzCwIgSEixKTU+tSMvMKUFIM3FwggznARoeCLKYt7gg Mbc4Mx0if4pRUUqcVxakWQAkkVGaB9cLSwSvGMWBXhHm5Qep4gEmEbjuV0CDmYAGWyWCDS5J REhJNTDWclQ+vaEru7ZIxmmW1PIyVQ+up8ptxw/1M8Y21u+fd+iCwMXjZmy5J/Ka3N48y03+ drru28bMxPzAots7XI9q1Ude5pg1reVR7Y7s8LTUtX9U7FnSRESTE00MZbaHKMwTNc2Y+eXm zsyAG0tWXlxyT37SyW/vTa8fKN8Ud6shW+bS22L3Q25KLMUZiYZazEXFiQB4mg933wIAAA==
Subject: [secdir] secdir review of draft-ietf-mpls-ldp-p2mp-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2011 07:46:09 -0000
This document extends the Label Distribution Protocol to support the operation of Point-to-Multipoint and Multipoint-to-Multipoint Label-Switched Paths. The Security Considerations section states that the same security considerations in RFC 5036 apply. It also states that authorization mechanisms for controlling which LSRs join a given MP LSP are out of scope for this document. These seem reasonable to me. The protocol appears to be initiated by the receivers (egress nodes), which could make the design of authorization mechanisms challenging. The following comments are not directly security-related: Section 2.4.1.1 (Determining one's 'upstream LSR') recommends using an operation based on CRC32 for selecting among candidate upstream LSRs. How important is it for the selection to be uniformly distributed? CRC32 is known to have poor avalanche properties that might make it unsuitable as a hash function, even for non-cryptographic purposes. Also, there is often ambiguity when specifying the use of CRC32, even if the particular generator polynomial (e.g., the ISO/IEC 3309 32-bit FCS as specified in this document) is specified. Some common implementations omit the ones-preload and/or post-complement. The input bit ordering also needs to be specified when using CRC32 with a byte-oriented protocol. (as does the translation of the CRC remainder bit vector into an integer to perform modulo operations when used as a hash function) Editorial: * There is no normative reference for CRC32.