[secdir] Security review of draft-ietf-idr-rfd-usable-03
Ben Laurie <benl@google.com> Thu, 03 October 2013 11:51 UTC
Return-Path: <benl@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3BD021F852A for <secdir@ietfa.amsl.com>; Thu, 3 Oct 2013 04:51:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gdvv1p+pt1t2 for <secdir@ietfa.amsl.com>; Thu, 3 Oct 2013 04:51:17 -0700 (PDT)
Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com [IPv6:2607:f8b0:4001:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 01EDF21F8613 for <secdir@ietf.org>; Thu, 3 Oct 2013 04:43:49 -0700 (PDT)
Received: by mail-ie0-f176.google.com with SMTP id as1so4859910iec.7 for <secdir@ietf.org>; Thu, 03 Oct 2013 04:43:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=IM7dIwCTATpPicmyzZim4RjUGZwsVOvqsEYLD9oA8ik=; b=MmbMVwVqMgRSWs0K/+AGkVR3wyn3uOyY7C7WIvGVEZL5+QjN+tcJHiHG2d/pt1m0/y pad8YnVJtYABbRyckg9B7YzAjMqcvDpX9kVQQ+eWsKOzASwA5D+lsKl93BeIE4wB8+EF lMhQNkc+/0vsyI1B3Ja6pq/AyEJE41wHAFIOY4JKjw6WBHDBLbTMz4eYp9/IAywTW4eX s/azICLKnBpLm2Ix/A9UA7jrOtEXCZ0BAPiao5UpOTK86t+aEzeEAOwBQwztDU6Iqsa6 WcoB+SGQtMLzMn2G2ol6nsoPEIW4Pb6MWLh+4TBmdHFNO/lRcyGaUYU5wjbYT/LIjpVs Cy2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=IM7dIwCTATpPicmyzZim4RjUGZwsVOvqsEYLD9oA8ik=; b=ODRulT15yhBwBhxWSKfoQTCEjWUkXouTuzhzUeWnCjVixa8TVX634L+84jEptW3xFL baSAxRLf16CDdi7HuDGdyrqANxZ35VNIdyobi7c1TdigOJlMkEwrV/65w+r3EGyTMiaX FPP/nl006vn0lEOskSOtixo59ppA5RFGYZ1C9lHH7B2wMZkm9QuVDWK5MyUDlpwWRsRA sflNPXpN2uPRTPwWqsjcSOevLnWYDWHdZA6v7fjsl1Aq1JXIUGVTkwMxX6wdQFUF1fc/ rAq+oGYdBWY1MnRT0BCsBembNCrdCZgn2AvLvfzYyHdySLVYDzi6TFDMqY5nvsT87VRY nhsg==
X-Gm-Message-State: ALoCoQnc7XSmXNYNJZlLfxxw7pVQ5b0OadBIekDgfdhR9njAnenide3WwGnTxs8VNQlqCCATQxZGOwCutS3ICpjpuu63xbtelWG5M09tt3yD9Y6BSEbYd3m1kPRNbdaAjbaM+bZIOXrshwBnXbrySaGTiBMQ6dp3o1ejAKI0AdG3GN83kNa/CaAOgDpb06nnMukNHvesyrAT
MIME-Version: 1.0
X-Received: by 10.43.60.139 with SMTP id ws11mr4730654icb.12.1380800629281; Thu, 03 Oct 2013 04:43:49 -0700 (PDT)
Received: by 10.64.31.100 with HTTP; Thu, 3 Oct 2013 04:43:49 -0700 (PDT)
Date: Thu, 03 Oct 2013 12:43:49 +0100
Message-ID: <CABrd9SQ3QppPDLydbb6kxw4PC=BDjKct+oiEThpcTT1YSxkZVw@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-idr-rfd-usable.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [secdir] Security review of draft-ietf-idr-rfd-usable-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2013 11:51:17 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: draft is ready. Whilst I accept the authors' assertion that this I-D does not introduce any new security issues, the fact that an attacker can introduce fake flap suggests that the underlying protocols need more robust security mechanisms.