Re: [secdir] secdir review of draft-ietf-tsvwg-admitted-realtime-dscp-05
Alexey Melnikov <alexey.melnikov@isode.com> Tue, 25 November 2008 19:35 UTC
Return-Path: <secdir-bounces@ietf.org>
X-Original-To: secdir-archive@ietf.org
Delivered-To: ietfarch-secdir-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BBC613A6AA7; Tue, 25 Nov 2008 11:35:31 -0800 (PST)
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5B33B3A6902 for <secdir@core3.amsl.com>; Tue, 25 Nov 2008 11:35:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bERV1X2YU6cl for <secdir@core3.amsl.com>; Tue, 25 Nov 2008 11:35:29 -0800 (PST)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id 261103A6C2F for <secdir@ietf.org>; Tue, 25 Nov 2008 11:35:29 -0800 (PST)
Received: from [172.16.2.190] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SSxTewBa-08t@rufus.isode.com>; Tue, 25 Nov 2008 19:35:25 +0000
Message-ID: <492C534E.5030300@isode.com>
Date: Tue, 25 Nov 2008 19:34:38 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: Fred Baker <fred@cisco.com>
References: <49279C4F.10909@isode.com> <D1920614-5B00-444E-9F75-70031D0706BB@cisco.com>
In-Reply-To: <D1920614-5B00-444E-9F75-70031D0706BB@cisco.com>
MIME-Version: 1.0
Cc: draft-ietf-tsvwg-admitted-realtime-dscp@tools.ietf.org, tsvwg-chairs@tools.ietf.org, iesg@iesg.org, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-tsvwg-admitted-realtime-dscp-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: secdir-bounces@ietf.org
Errors-To: secdir-bounces@ietf.org
Hi Fred, Fred Baker wrote: > On Nov 21, 2008, at 11:44 PM, Alexey Melnikov wrote: > >> I found the Security Consideration section to be insufficiently >> detailed >> about threats. While the list of threats seems to be adequate, >> it would be useful to have some pointers to documents describing >> possible >> remedies (for example how to achieve adequately strong proof of >> identity), >> or a clear statement that the protocol doesn't provide such facility. > > Would a reference to 4542 be sufficient? It looks like a reference to section 2.4 of RFC 4542 would be helpful. > My sense is that the threat model on a AAA service is likely to be > documented in something related to AAA services, and frankly you are > more likely to have a pointer to the document than I. Similarly, the > threat model regarding people getting capacity allocated to them that > shouldn't have been seems implicit in RFC 1633, the documentation of > RSVP, and the documentation of NSIS - protocols designed explicitly > to prevent that from happening. There is of course a threat model > for implementing such a protocol as well, which is mentioned in RFC > 4230. I think a reference to RFC 4230 would be helpful as well. > if I'm missing something and you want more, some idea of what kind of > threat model you are looking for would be helpful. I was reading your Security Considerations: A major requirement of this service is effective use of a signaling protocol such as RSVP, with the capabilities to identify its user either as an individual or as a member of some corporate entity, and assert a policy such as "routine" or "priority". This capability, one has to believe, will be abused by script kiddies and others if the proof of identity is not adequately strong My question after reading this part was "how one can make make proof of identity sufficiently strong?". So some pointers helping a reader to find this information would be useful here. or if policies are written or implemented improperly by the carriers. This goes without saying, but this section is here for it to be said... _______________________________________________ secdir mailing list secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir
- [secdir] secdir review of draft-ietf-tsvwg-admitt… Alexey Melnikov
- Re: [secdir] secdir review of draft-ietf-tsvwg-ad… Fred Baker
- Re: [secdir] secdir review of draft-ietf-tsvwg-ad… Alexey Melnikov