IETF Logo Mail Archive

[secdir] SECDIR review of draft-ietf-lisp-pubsub-06

Chris Lonvick <lonvick.ietf@gmail.com> Thu, 01 October 2020 12:34 UTC

Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AF363A0FF7; Thu, 1 Oct 2020 05:34:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lIChWyASIqDZ; Thu, 1 Oct 2020 05:34:50 -0700 (PDT)
Received: from mail-oi1-x244.google.com (mail-oi1-x244.google.com [IPv6:2607:f8b0:4864:20::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 038D73A0FF5; Thu, 1 Oct 2020 05:34:46 -0700 (PDT)
Received: by mail-oi1-x244.google.com with SMTP id x14so5356624oic.9; Thu, 01 Oct 2020 05:34:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=7TYw5l3NjOVYfCvB7HzCELnoSxw9kmUSSBytsaielDk=; b=XqFIMGzFB6+1/FggVbozKfUcX24sOOLCWjj2Y5KDWQ3UHKMcoHmdSSdM7bmi+tLisf DEH11gVRcBopGvFTXTyJbPysPiK/HN0x/kv/RVhT011HM2n706Gt5tUh2d9WQL8lN2HN K7IGfqFXHicyed5SgtYaOrLYoIWB7ogfuVGAPcn0CSvfaS8rCbHolIzfchREhegrrxoW 0T7iNRAh3Y/IVUWM8CtPy04V22heq8lJS1oW3sjd7hwRCadHC36MpP0SfJrqw/6jwxYv GEj7vZ8nUl7e1SeSvmr2Tq1zD88f4SzUehL8W4xoEruvAhHFYiLyn6OUnUBMmFm9xBW+ 96Rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=7TYw5l3NjOVYfCvB7HzCELnoSxw9kmUSSBytsaielDk=; b=sWuz5ydt5+QqaY8zjIHTCDblP7NvqmwYgb6Kuyzz6uWxyYmimO9y8MjUoP+Kk5Zeak pBAequamsjuzzHtucAkgQ0zEXuWiNM4gKxiDVQjhZ4YpNjbEV1pMk8NZK+oW6U49+uov GZY1V6sSQC7e6h5GZjEj4yUpHXJxrKi5k2MzOKJ3BoNVJ32FIP+MQIDiN3qgQU/YEtmS vS2CFDD7MqSnybiamQSzJzyStlZhLhx5TMneIziHPZcZtx6Q635AEsqCtoZMy8kPtS8b pNQh8Qga2NX46MIg06vD9f6G6+38vVDC7IOVj4j1/urQ684iXA8BeTnKGtBd0zfAeqtO Zgqw==
X-Gm-Message-State: AOAM530X6qwNT87R7O9yzACr7c/kdikpKaTce/YNquC1K+2zq05TQQcZ PkktFspmMs0v/9fG+wcMawMPVAc8cjI=
X-Google-Smtp-Source: ABdhPJzl5jA1mbTVXTA3M8Eb8YxKknunCbciqFcx62OG/IorTgTqEpNwKx6U+6ey9kkALlQKI7qQjw==
X-Received: by 2002:aca:843:: with SMTP id 64mr4121647oii.135.1601555685041; Thu, 01 Oct 2020 05:34:45 -0700 (PDT)
Received: from Chriss-Air.attlocal.net ([2602:306:8b74:aad0:4964:9254:8747:be5d]) by smtp.googlemail.com with ESMTPSA id r131sm419242oig.50.2020.10.01.05.34.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Oct 2020 05:34:44 -0700 (PDT)
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-lisp-pubsub.all@ietf.org
From: Chris Lonvick <lonvick.ietf@gmail.com>
Message-ID: <cee3ecb4-af25-289a-5a18-862142574f87@gmail.com>
Date: Thu, 01 Oct 2020 07:34:43 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/fXnbB89cexxqFqTEmaqVHV1wlgw>
Subject: [secdir] SECDIR review of draft-ietf-lisp-pubsub-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2020 12:34:51 -0000

Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments.

This is an "Early Review Request" so I'm going to mark the draft as 
READY WITH NITS.

It appears that there's a raft of drafts of LISP documents progressing 
together through the WG that cross-reference each other in that they all 
provide foundation and support for their collective features. (I'll 
admit that I haven't been keeping up.) So if my nits have been addressed 
in another document, that just means that I didn't dig far or deep 
enough so please consider giving a pointer in the Security 
Considerations of this document so others won't similarly be left adrift.

In this document, and the associated others that I peered into, the term 
"nonce" seems to be used more as a "token" than, well, what I consider 
to be a nonce. In one case it may be a random value, but in several 
others the value is stored, compared, and reused.  This is inconsistent 
with the IETF's Security Glossary RFC 4949.

Also, there is a reference to increasing the nonce for a particular use. 
However, I saw no discussion of what to do when the value exceeds the 
field space.

Other than that, the document appears to be well written and well 
thought out.

Best regards,

Chris

v2.23.0 | Report a Bug | By Email