[secdir] SECDIR review of draft-ietf-teas-mpls-tp-rsvpte-ext-associated-lsp-07
Stephen Kent <kent@bbn.com> Fri, 06 March 2015 20:13 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3700E1A7004 for <secdir@ietfa.amsl.com>; Fri, 6 Mar 2015 12:13:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NvABLJeWXbnZ for <secdir@ietfa.amsl.com>; Fri, 6 Mar 2015 12:13:24 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FF801A7002 for <secdir@ietf.org>; Fri, 6 Mar 2015 12:13:24 -0800 (PST)
Received: from ssh.bbn.com ([192.1.122.15]:60553 helo=COMSEC.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1YTycN-0006Dc-4K; Fri, 06 Mar 2015 15:13:07 -0500
Message-ID: <54FA0A51.9080406@bbn.com>
Date: Fri, 06 Mar 2015 15:13:05 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: secdir <secdir@ietf.org>, zhangfei7@huawei.com, jingrq@ctbri.com.cn, rgandhi@cisco.com, lberger@labn.net, db3546@att.com, akatlas@gmail.com, adrian@olddog.co.uk, mhartley@cisco.com
Content-Type: multipart/alternative; boundary="------------090900000005060101020601"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/lLzdRki0cOkb-PF0Q56ejQC-u-w>
Subject: [secdir] SECDIR review of draft-ietf-teas-mpls-tp-rsvpte-ext-associated-lsp-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 20:13:31 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.These comments were written with the intent of improving security requirements and considerations in IETF drafts.Comments not addressed in last call may be included in AD reviews during the IESG review.Document editors and WG chairs should treat these comments just like any other last call comments. As far as security is concerned, I see no problems with this document. Tracing back through the list of Security Consideration sections of cited documents in one case leads to a disappointing origin in RFC 2747. The other chain is shorter and more relevant, and it provides greater confidence that this document yields no new security concerns. This document describes extensions to RSVP to enable creating a bidirectional LSP from two p-t-p unidirectional LSPs. The security considerations section consists of just two paragraphs. The first cites the security considerations section of RFC 6780 (RSVP Association Objects) as encompassing any security issues that might arise in this context. (The assertion is that this document introduces no new signaling information, and thus no new security concerns.) The Security Considerations section of 6780 is also two paragraphs in length. That text states that no new security considerations have been introduced, because no new procedures have been defined. Hence it cites theSecurity Considerations sections of RFC 4872 and 4873. RFC 4872 cites RFC 4426 (RFC 4873 cites RFC 4872). The security considerations section of 4426 is almost a full page. It specifies security services that are required to protect the GMPLS recovery mechanisms defined in that document, but does not point to ANY security mechanisms that should be employed. RFC 4872 also establishes a few security-relevant requirements for RSVP signaling, and cites RFC 2747 as specifying the required security mechanisms. (4872 also notes that IPsec could be employed for hop-by-hop integrity and authentication, and cites RFC 3473. I note that 3473 is from 2003, and thus refers to IPsec and IKE RFCs that have been obsoleted!) RFC 2747 specifies crypto authentication mechanisms for RSVP, but dates from 2000. It anticipates that “ … the IETF will define a standard key management protocol” and thus omits specification of such in that document. (A fun walk down memory lane …) The second paragraph of the Security Considerations section of this I-D notes that additional information is conveyed in the REVERSE_LSP object, but that the information is not fundamentally different from what is carried in a bidirectional LSP message. Thus, the argument is that no fundamentally different information is being transmitted. This paragraph cites RFC 5920 (Security Framework for MPLS and GMPLS Networks) as relevant. I agree that 5920 seems to be most appropriate RFC in this context.
- [secdir] SECDIR review of draft-ietf-teas-mpls-tp… Stephen Kent