Re: [secdir] Secdir review of draft-ietf-spring-oam-usecase-06
Carlos Pignataro <cpignata@cisco.com> Sat, 01 July 2017 20:34 UTC
Return-Path: <cpignata@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78D98129AB7; Sat, 1 Jul 2017 13:34:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.398
X-Spam-Level:
X-Spam-Status: No, score=-2.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XeQaN3Np7lDe; Sat, 1 Jul 2017 13:34:11 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CBAD126BFD; Sat, 1 Jul 2017 13:34:11 -0700 (PDT)
Received: by mail-qk0-x22c.google.com with SMTP id p21so123306381qke.3; Sat, 01 Jul 2017 13:34:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:mime-version:subject:from:in-reply-to:date:cc:message-id :references:to; bh=YExZneN8UMCwHT9fCjQ3w099en3+pfW4HdXkhHcTsXc=; b=EPoJjgK6y5ZMlmMr2rJE4gqHNMCUbighlsygO4DwtojXCaAcpYJm+rs78196E8+7Ub VVv9CtFdVR6ZMtxbLL1BsHvR9kMFwWMcfz/bWOsbH8nMMyau12rvI8kVf7dpKRgU3BYT +NDvZ8FMFW/xRQTmJQ+86ahvAbeiSq4z+zUeEJR+t3O2C1UhlVmVREeOD/bY1BRCklC2 aKGwLC0LEkIj49YQjbvQpS5NrpuPrUPRSLnagNw6kSK4EnnjzEgMd1xbA4SpqgqtyIuo iDISOR6DGSPFT2XuWhVbxL4BRKzUlMREH+WzuRFKdN1A8LldC10F3WXKXrhRv/cZ5IUJ y2iw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:mime-version:subject:from:in-reply-to :date:cc:message-id:references:to; bh=YExZneN8UMCwHT9fCjQ3w099en3+pfW4HdXkhHcTsXc=; b=UfBajVIlmj3LDEjxRi2in6x+7B2yvPbE/HA858RWbEvPRBe7PKNJShFVvuMS+7+p94 DvNcOaUGqEhsL9XyaRGACfx4Bz7EVx4SRh6tF2Wo/c+Ee+Ox1me8HkIx5/t2SWopotqO IgmMa1RpkiSRQpwIgCMAr6+mnjchuZSdyJloW5Rpv0BdlU+5l5HKfNTUmv4z1dnM9k8o dZSmmkHaXKKNB/z8Dz2twtDyfGdo0or0o+Fb5BbJB/8OAMMDIKCTcaPdjMKEZfbWVhB5 6PWMMupuo40noWTJvi6TbTEReWgh5WcLQJO4JFptOesXz9a+dJsltPKRcIz3JiGPwda/ mA/w==
X-Gm-Message-State: AKS2vOxRv1VcnKQGTytKHYC0fWEk65WXLhfRTWEIOTEUk8KDQCju4Dhl IM8RLk1Z5kr7tg==
X-Received: by 10.55.23.197 with SMTP id 66mr33341228qkx.67.1498941250635; Sat, 01 Jul 2017 13:34:10 -0700 (PDT)
Received: from ?IPv6:2602:306:ccb0:73f9:cca:31e4:cb2c:2296? ([2602:306:ccb0:73f9:cca:31e4:cb2c:2296]) by smtp.gmail.com with ESMTPSA id i29sm9859202qkh.4.2017.07.01.13.34.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 01 Jul 2017 13:34:10 -0700 (PDT)
Sender: Carlos Pignataro <cpignata@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_08BB7F5F-9137-4891-BD64-4F78331962AD"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carlos Pignataro <cpignata@cisco.com>
In-Reply-To: <000a01d2f1a2$473494f0$d59dbed0$@nict.go.jp>
Date: Sat, 01 Jul 2017 16:34:07 -0400
Cc: draft-ietf-spring-oam-usecase.all@ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org
X-Mao-Original-Outgoing-Id: 520633312.807809-a71b715c279d5537f08aff8ab1d4ae16
Message-Id: <16E8E139-A11A-48CA-B126-ABAC18682242@cisco.com>
References: <000a01d2f1a2$473494f0$d59dbed0$@nict.go.jp>
To: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/gV1oa_6mvzttXerCGeGnwSb905I>
Subject: Re: [secdir] Secdir review of draft-ietf-spring-oam-usecase-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Jul 2017 20:34:13 -0000
Dear Take, Many thanks for your review! Agreed, elaboration was missing on the issues you list. Please note we significantly revamped the security considerations section in response to your as well as Alvaro’s review comments. Please check the forthcoming revision. Best, — Carlos. > On Jun 30, 2017, at 9:10 AM, Takeshi Takahashi <takeshi_takahashi@nict.go.jp <mailto:takeshi_takahashi@nict.go.jp>> wrote: > > I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area directors. > Document editors and WG chairs should treat these comments just like any other last call comments. > > [General summary] > This document has small nits. > > [Clarification Questions] > In the "Security Considerations" section, the draft says that "some fundamental MPLS security properties need to be discussed." > It would be nicer if you could elaborate more details of the "properties" in the section or put some reference that describes the details. > > The "Security Considerations" section in RFC 4379 says, "Overall, the security needs for LSP ping are similar to those of ICMP" and elaborates issues such as DoS attack and spoofing. > Is the proposed MPLS monitoring system free from these issues? > Since this draft discusses the path monitoring system in coparison with RFC 4379 from time to time, it would be nice if these security issues are also addressed. (Indeed, I could not find the term "denial" in this document at all.) > > Thank you. > Take — Carlos Pignataro, carlos@cisco.com <mailto:carlos@cisco.com> “Sometimes I use big words that I do not fully understand, to make myself sound more photosynthesis."
- [secdir] Secdir review of draft-ietf-spring-oam-u… Takeshi Takahashi
- Re: [secdir] Secdir review of draft-ietf-spring-o… Carlos Pignataro