[secdir] Secdir review of draft-ietf-ospf-segment-routing-msd-18
Vincent Roca <vincent.roca@inria.fr> Fri, 31 August 2018 10:09 UTC
Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FF5E130DCD; Fri, 31 Aug 2018 03:09:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oWlfPQdXLgFR; Fri, 31 Aug 2018 03:09:05 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2F901277BB; Fri, 31 Aug 2018 03:09:04 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.53,311,1531778400"; d="scan'208,217";a="344384483"
Received: from dom38-1-82-236-155-50.fbx.proxad.net (HELO [192.168.1.117]) ([82.236.155.50]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Aug 2018 12:09:02 +0200
From: Vincent Roca <vincent.roca@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_ADA480A0-2575-429B-9827-E4DF6BD8140B"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Message-Id: <C95A5ECD-3FF0-45CC-8115-1994F7C70F74@inria.fr>
Date: Fri, 31 Aug 2018 12:09:01 +0200
To: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-ospf-segment-routing-msd.all@ietf.org
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/gosrr9hzMEzKoCxqsCRhiz-MVwg>
Subject: [secdir] Secdir review of draft-ietf-ospf-segment-routing-msd-18
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2018 10:09:08 -0000
Hello,
I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
Summary: Ready with nits
The Security Considerations section refers to RFC7474 for "Security concerns for OSPF".
However, RFC7474 is limited to OSPFv2, not v3. This should be reflected here as the authors
previously explained that "OSPF means both OSPFv2 and OSPFv3" (Abstract).
I also think that a final "." is missing at the end of:
"Further security analysis for OSPF protocol is done in [RFC6863]"
Although a little bit old (2013), this Informational RFC6863 is a good reference that highlights
security issues and suggests work items to fix/mitigate them. In particular OSPFv3 security that
relies on IPsec raises deployment issues. There are other items. I don't know if the situation
has significantly changed since this RFC.
Then the authors refer to the Security Considerations sections of [RFC7770], [RFC7684] and [RFC8362].
Basically, RFC 7770 says that the Security Considerations "should be described as additional
capabilities are proposed for advertisement" and that's all.
RFC 7684 is limited to OSPFv2, and here also it is explained that:
"OSPFv2 applications utilizing these OSPFv2 extensions must define the security
considerations relating to those applications..."
Then there is a discussion on malformed information/TLV that should be ignored.
Finally, RFC 8362, dedicated to OSPFv3, refers to old RFCs, prior to the above RFC6863 reference.
These three RFCs are good references but they do not provide much insight unlike what the authors
suggest. I understand that: (1) security threats do exist, and (2) implementers should take care of
malformed received packets (e.g, bad TLV). This could be highlighted in this document and references
provided to support it.
Then the second paragraph quickly discusses the consequences of advertising incorrect MSD values.
The sentence is ambiguous. I understand:
"[...]: either in a path computation failing and the service (becoming?) unavailable,
or (in an) instantiation of a path that can't be supported by the head-end ([...])."
Am I correct? Please fix it.
Also I don't understand the definition of head-end (e.g., what does "imposition" mean?). The authors
should either be more explicit and/or refer to an architectural document.
Then, an "incorrect MSD" may refer either to a value that is either smaller or larger than it should.
What are the consequences in each case and how does it relate to the two consequences mentioned in
this paragraph?
Is there something else?
Is there a Denial of Service risk specific to this extension, or is it vulnerable to replay attacks?
I don't think so but it's worth clarifying.
Other comments:
** Intro: there's an mbiguous sentence
"In order for BGP-LS to signal MSD for all the nodes and links in the network MSD is relevant, [...]"
Do you mean "where MSD is relevant" or something else?
Regards,
Vincent
- [secdir] Secdir review of draft-ietf-ospf-segment… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-ospf-seg… Jeff Tantsura