[secdir] Security review of draft-ietf-tsvwg-behave-requirements-update-06
Ben Laurie <benl@google.com> Mon, 15 February 2016 12:37 UTC
Return-Path: <benl@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEC6C1B3232 for <secdir@ietfa.amsl.com>; Mon, 15 Feb 2016 04:37:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.384
X-Spam-Level:
X-Spam-Status: No, score=-1.384 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RI4FrRWiCUun for <secdir@ietfa.amsl.com>; Mon, 15 Feb 2016 04:37:53 -0800 (PST)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7996D1B321C for <secdir@ietf.org>; Mon, 15 Feb 2016 04:37:53 -0800 (PST)
Received: by mail-ig0-x235.google.com with SMTP id 5so54788196igt.0 for <secdir@ietf.org>; Mon, 15 Feb 2016 04:37:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=b0MSE2LHsNatFvnw8D6cnaemztD3+5V6JDz0pPSZhoQ=; b=HDRwlJcaf0hMfLf91MOMcBR2u3w/vxA+T5161UyfnHB1OribAWx/47uVrZ2d3R28O+ j4lU/8x/+EOKX0QliOvKGlGHg6IISOpHFVIR1/k2XRWP7rq6Mz+wXTKqMZKWiaDRHd8I W2hFrOYA5CCuWeoOKGyj8dmw6Fzl9AWUDvTygRGkTVPkZbpwm+wYzGZ2nhM2x2zLccER BLzLc8vvZL6VtWfKD8E6G4FcASvwKf26DUI2at46dTrXeTSrcVtkywOB5kP4HFnC+rqW cdFGmpqVemroy/3wrIFXbP0Sd0+gXoIg9hNPA0ssb+nCCXMWzKtGJaVZg2Y6gnsCBij3 2alg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=b0MSE2LHsNatFvnw8D6cnaemztD3+5V6JDz0pPSZhoQ=; b=AduD/seC9vbKRSfK6dO+jyHUBnh1AizOsggBIuI+IUaXOpFo1Azc/TrIDjw+exicgL JBN1HFsJ2yVDyej/9dVDWdk0XOsAJZwmvmyCVmQxSk7klCcekw76/TGiQnRoLiUvLQAK 4XqsgzxG6bhEfpMNbKRknWUYttjhNyg8W9wSCRDVUnUxRdA4YRYxA0lhB5VFWUJ6J2aZ nxUMOL9XEDp1jNbDQ+Sx5KVxwHeq6RLjUZ2svZLsBdnB1AHAeP4MPrzXTgBE9ONr5wc3 XJfTo5XpcJB1bZWFL978OIgIZej2PAt4R0C/NSJu5K2q9tvIHPdE5RK/6sJqV4wX+OMS z9JQ==
X-Gm-Message-State: AG10YOR3IskRog84yv0nCvPlhQoq0mEf0MeQz0nfsDNPH4wq4/5d3XMXPnLuE94pfV7joOLXj68zB8hInCiAMxET
MIME-Version: 1.0
X-Received: by 10.50.171.162 with SMTP id av2mr12689499igc.32.1455539872774; Mon, 15 Feb 2016 04:37:52 -0800 (PST)
Received: by 10.64.26.98 with HTTP; Mon, 15 Feb 2016 04:37:52 -0800 (PST)
Date: Mon, 15 Feb 2016 12:37:52 +0000
Message-ID: <CABrd9SRpKZhxufKAFd331r6t9DAHS7XPVKerUoUeHKZPJqh3JA@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-tsvwg-behave-requirements-update-all@tools.ietf.org
Content-Type: multipart/alternative; boundary="089e0118429e1328d7052bce49e3"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/h8o97ggGvWpar0pxVfKN01ADVNw>
Subject: [secdir] Security review of draft-ietf-tsvwg-behave-requirements-update-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2016 12:37:55 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: ready with issues This document updates the behavioural requirements for NAT, and as noted in the very comprehensive (thankyou!) security considerations section, introduces at least two requirements that might have security consequences. The ADs should probably consider whether these new requirements are worth the additional risk. Also, "Hosts which require a restricted filtering behavior should enable security-dedicated features (e.g., access control list (ACL)) either locally or by soliciting a dedicated security device (e.g., firewall)." is concerning - how will hosts know that they need to update their policies? "security-dedicate features" is not very informative - it would be helpful to explain what new behaviour may need to be counteracted. Looking at sections 5 and 6, to which this text refers, they appear to make NAT more restrictive, not less, so its unclear why there might be security impact. BTW, small typo: "only if packets are to be sen to distinct destination addresses." sen -> sent
- [secdir] Security review of draft-ietf-tsvwg-beha… Ben Laurie
- Re: [secdir] Security review of draft-ietf-tsvwg-… Ben Laurie
- Re: [secdir] Security review of draft-ietf-tsvwg-… mohamed.boucadair