[secdir] Security review of draft-ietf-pce-questions-06

Ben Laurie <benl@google.com> Tue, 01 July 2014 14:45 UTC

Return-Path: <benl@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EDF21B27ED for <secdir@ietfa.amsl.com>; Tue, 1 Jul 2014 07:45:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.03
X-Spam-Level:
X-Spam-Status: No, score=-2.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fc6ZRlBoUffy for <secdir@ietfa.amsl.com>; Tue, 1 Jul 2014 07:45:36 -0700 (PDT)
Received: from mail-qa0-x230.google.com (mail-qa0-x230.google.com [IPv6:2607:f8b0:400d:c00::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A497B1A03EC for <secdir@ietf.org>; Tue, 1 Jul 2014 07:45:35 -0700 (PDT)
Received: by mail-qa0-f48.google.com with SMTP id x12so7845473qac.35 for <secdir@ietf.org>; Tue, 01 Jul 2014 07:45:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=EWw2HatA+uziywEzZ8BKfgOUbZmdvZd0fNMYr8dzTfg=; b=GbVX13Sih8VSFwChvi79VqtVz3qnIvJETdkIi/U6t4DwcbC3L1UicBXhR/fI2JF59g YxwMJMc+gRjbnWBuj9ivxyJq6LusFkoy0buBx5Jd9IX8ArQbtV3+HKJJyAyO7XHpOuMm 77s8SiHK/IkG/QjWnkXTCsLFHtDTw6IthN1s/PtoeZCC9McrysXEEtdsB0tkslc13qVR HYoyQWraxBF6OnVsvbLDH8zrSgxuSuNg8X2fVlM98M0obEtaJu2xsOqQ13XSrMj9MEkd LAIzBgj2BXe9wYpIY20zi5PH3WhSx9jUeUIoB+zJAJcYIZaUQOyjlR8/s/IkmonkQpC0 vfgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=EWw2HatA+uziywEzZ8BKfgOUbZmdvZd0fNMYr8dzTfg=; b=KvsPgutHr/MLgBIcAOVD9GmYOhGwFBzH6Hn57bRJuuEFwFwPiYaHL4v8v2TD1hwodx TJnNmpVxnXIe46YaeekamBkhCEle14XRQuKYmFwqsnJq5dWr/hUH0OFhNgnUTTMO799v A1ShEpWhU4CBV+KGVF7ousc7QL3NliCq1A2flh7K5ZS6PYvUZS4FYXkDYyOrqhrLK+l7 DnlY+fWVvQrnK3C6+EqFgyWO4TgKmSW1V0uaWH+DVxHipuSMXDur/ftHhDhngefulT3f /3V/xxgAyjjTJzHAftsmvjC56yCAlpqzfOjqFqNU60xv7pGgfCQny/HmkdG9k45HUryf fGpA==
X-Gm-Message-State: ALoCoQksk9ok9LUsRMH+6lLrIWK5rBJZVX0lpzcxOBNyvo/8S0WUqY9AKAe5zhRVhw3mRJDN0ePS
MIME-Version: 1.0
X-Received: by 10.224.134.201 with SMTP id k9mr73673415qat.59.1404225934739; Tue, 01 Jul 2014 07:45:34 -0700 (PDT)
Received: by 10.229.100.72 with HTTP; Tue, 1 Jul 2014 07:45:34 -0700 (PDT)
Date: Tue, 1 Jul 2014 15:45:34 +0100
Message-ID: <CABrd9SQi_MdO+utCNphgiSmPdzTyXiNprx3cC-BP8X=KFpN4Ew@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-pce-questions.all@tools.ietf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/ip4hx1L7FTM5XZRxU0Zg5tckheg
Subject: [secdir] Security review of draft-ietf-pce-questions-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 14:45:37 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Status: ready with issues.

The security considerations section makes this claim:

"This informational document does not define any new protocol elements
or mechanism.  As such, it does not introduce any new security
issues."

I agree with the premise, but not the conclusion: just because an RFC
does not introduce new security issues, that does not mean that there
are no security considerations.

Indeed, this RFC discusses many things that have quite serious
security considerations, without mentioning any of them. For example,
section 4 "How Do I Find My PCE?" (the very first question) advocates
a number of potentially completely insecure mechanisms with no mention
of their security properties (or otherwise). This is obviously
pervasive, given the stance taken in the security considerations.

The document does mention that RFC 6952 gives a security analysis for
PCEP, and perhaps this is sufficient but it seems to me that a
document intended to give useful background information to noobs
should include security directly in that information rather than defer
to another giant document (which mixes PCEP info with other
protocols).