[secdir] review of draft-ietf-spring-problem-statement-06

"Klaas Wierenga (kwiereng)" <kwiereng@cisco.com> Mon, 04 January 2016 13:25 UTC

Return-Path: <kwiereng@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 2743F1A88B2; Mon, 4 Jan 2016 05:25:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id bjsskQCwnTfa; Mon, 4 Jan 2016 05:25:24 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3C831A88B1; Mon, 4 Jan 2016 05:25:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2424; q=dns/txt; s=iport; t=1451913924; x=1453123524; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=xGLiWQlTsAKZ/JUsv80fwK3q2I40G6DeZ7AMbOSSiJ4=; b=MbbVQqw+7cSIt+qSOE53b6yqiVc+GvBC98fwmE4d7s7q9YZM4Sxk/2ow 43M0c5tGQb7oyA6JvT8K/jBVvW09rvfNmH82EUfF3pUeVRILEAd/j7G/M ZCdhxDYliMrXR5VIhU1/VLSpFn+9nMKCZa5omUIs76GrSJ4uH1K9oZDVv A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D9AQAEcopW/5hdJa1egzqBRYhTs3UBD?= =?us-ascii?q?YFkhi19OBQBAQEBAQEBgQqEOyMRVwEaCAImAgQwFQIQBAGIQa9EkRkBAQEBAQE?= =?us-ascii?q?BAwEBAQEBAR2BAYVVgg8IgmiHcy6BGwWXBgGIMIUggVyERohZjjkBIAEBQoQKh?= =?us-ascii?q?HqBCAEBAQ?=
X-IronPort-AV: E=Sophos;i="5.20,520,1444694400"; d="scan'208";a="223873651"
Received: from rcdn-core-1.cisco.com ([]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Jan 2016 13:25:23 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com []) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u04DPNTk014858 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 4 Jan 2016 13:25:23 GMT
Received: from xch-aln-004.cisco.com ( by XCH-RCD-001.cisco.com ( with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 4 Jan 2016 07:25:22 -0600
Received: from xch-aln-004.cisco.com ([]) by XCH-ALN-004.cisco.com ([]) with mapi id 15.00.1104.009; Mon, 4 Jan 2016 07:25:23 -0600
From: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-spring-problem-statement.all@tools.ietf.org" <draft-ietf-spring-problem-statement.all@tools.ietf.org>
Thread-Topic: review of draft-ietf-spring-problem-statement-06
Thread-Index: AQHRRvNdX54wnez3UU6k7dgZ7LgM5g==
Date: Mon, 4 Jan 2016 13:25:23 +0000
Message-ID: <98C9C83C-68AF-4593-A441-48C6EE7A9DA7@cisco.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <0168C46CBB4ED8439E498AF5B5ED4321@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/lzl9NgIeIBZCMs8vB_FTjuoWUc4>
Subject: [secdir] review of draft-ietf-spring-problem-statement-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2016 13:25:26 -0000


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This document provides a problem statement for source based unicast routing architecture. The document examines a number of typical use cases in order to come up with the requirements for the target architecture.

I believe the document is clear and well-written and ready for publication, with one small nit, see below.

The Security Considerations section is a little bit light, but in line with the rest of the document, so I believe sufficient, provided that a more detailed analysis is done in forthcoming documents. I have one small nit, in the document it says:

There is an assumed trust model such that the source imposing an
   explicit route on a packet is assumed to be allowed to do so.  It is
   assumed that the default behavior is to strip any internal routing
   information from the packet before the packet is forwarded outside
   the domain.  In such context trust boundaries SHOULD strip explicit
   routes from a packet.

It is unclear to me whether the idea is that if that *only internal* info is stripped, or *all*, i.e. if the provided route is {internal host 1, internal host 2, internal host 3, external host 1, external host 2}, is the idea that at egress the whole specific route is tripped or that what remains is {external host 1, external host 2), with leaving up to the transit or destination network to apply “stripping policy” on the remainder. Please clarify.