Re: [secdir] Security review of draft-ietf-mpls-tp-psc-itu-02.txt

"Ryoo, Jeong-dong" <ryoo@etri.re.kr> Mon, 24 February 2014 04:35 UTC

Return-Path: <ryoo@etri.re.kr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 720911A02D6; Sun, 23 Feb 2014 20:35:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.747
X-Spam-Level:
X-Spam-Status: No, score=-99.747 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-6Xzg2DXoDD; Sun, 23 Feb 2014 20:35:13 -0800 (PST)
Received: from smtpeg.etri.re.kr (smtpeg1.etri.re.kr [129.254.27.141]) by ietfa.amsl.com (Postfix) with ESMTP id 43B2C1A02D3; Sun, 23 Feb 2014 20:35:13 -0800 (PST)
Received: from SMTP1.etri.info (129.254.28.71) by SMTPEG1.etri.info (129.254.27.141) with Microsoft SMTP Server (TLS) id 14.1.355.2; Mon, 24 Feb 2014 13:35:11 +0900
Received: from SMTP2.etri.info ([169.254.2.161]) by SMTP1.etri.info ([10.2.6.30]) with mapi id 14.01.0355.002; Mon, 24 Feb 2014 13:35:09 +0900
From: "Ryoo, Jeong-dong" <ryoo@etri.re.kr>
To: Hilarie Orman <ho@alum.mit.edu>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Security review of draft-ietf-mpls-tp-psc-itu-02.txt
Thread-Index: AQHPMPhmcEPEmfgwVU+f2hJoAKx3MZrDz+c+
Date: Mon, 24 Feb 2014 04:35:08 +0000
Message-ID: <5B4A6CBE3924BB41A3BEE462A8E0B75A286BA563@SMTP2.etri.info>
References: <201402240035.s1O0ZRJl014980@sylvester.rhmr.com>
In-Reply-To: <201402240035.s1O0ZRJl014980@sylvester.rhmr.com>
Accept-Language: ko-KR, en-US
Content-Language: ko-KR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-new-displayname: UnlvbywgSmVvbmctZG9uZw==
x-originating-ip: [129.254.28.46]
Content-Type: multipart/alternative; boundary="_000_5B4A6CBE3924BB41A3BEE462A8E0B75A286BA563SMTP2etriinfo_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/iRIrbGQDKOlAXsB6FL1t8o0giBo
X-Mailman-Approved-At: Mon, 24 Feb 2014 06:14:21 -0800
Cc: "draft-ietf-mpls-tp-psc-itu@tools.ietf.org" <draft-ietf-mpls-tp-psc-itu@tools.ietf.org>
Subject: Re: [secdir] Security review of draft-ietf-mpls-tp-psc-itu-02.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 04:35:16 -0000

Dear Hilarie,

Thanks for your comment.

I am not sure about what text has actually to be put in the Section 13 to reflect your suggestion.
Do you have any text in mind?

Best regards,

Jeong-dong



________________________________
From : "Hilarie Orman" <ho@alum.mit.edu>
Sent : 2014-02-24 09:36:04 ( +09:00 )
To : iesg@ietf.org <iesg@ietf.org>, secdir@ietf.org <secdir@ietf.org>
Cc : draft-ietf-mpls-tp-psc-itu@tools.ietf.org <draft-ietf-mpls-tp-psc-itu@tools.ietf.org>
Subject : Security review of draft-ietf-mpls-tp-psc-itu-02.txt

Security review of draft-ietf-mpls-tp-psc-itu-02.txt
MPLS Transport Profile (MPLS-TP) Linear Protection to Match the
Operational Expectations of SDH, OTN and Ethernet Transport Network
Operators

Do not be alarmed. I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG. These comments were written primarily
for the benefit of the security area directors. Document editors and
WG chairs should treat these comments just like any other last call
comments.

The abstract for this document states:
This document describes alternate mechanisms to perform some of the
sub-functions of MPLS Transport Profile (MPLS-TP) linear protection
defined in RFC 6378, and also defines additional mechanisms. The
purpose of these alternate and additional mechanisms is to provide
operator control and experience that more closely models the behavior
of linear protection seen in other transport networks.

The security considerations are the timeworn statement that

No specific security issue is raised in addition to those ones
already documented in RFC 6378 [RFC6378]

In RFC 6378 we find:
MPLS networks make the assumption that it is very hard to inject
traffic into a network and equally hard to cause traffic to be
directed outside the network. The control-plane protocols utilize
hop-by-hop security and assume a "chain-of-trust" model such that
end-to-end control-plane security is not used. For more
information on the generic aspects of MPLS security, see [RFC5920].

To my great astonishment I found that "RFC5920 Security Framework for
MPLS and GMPLS Networks" is an excellent document, and it is my
suggestion that the current draft reference it directly in section 13
"Security Considerations".

Barring any surprises in the extensive state diagrams, I otherwise am
inclined to accept the "no new issues" handwave.

Hilarie