Re: [secdir] Secdir review of draft-ietf-bmwg-issu-meth-01

"MORTON, ALFRED C (AL)" <acmorton@att.com> Wed, 01 July 2015 12:08 UTC

Return-Path: <acmorton@att.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72301A1BEA; Wed, 1 Jul 2015 05:08:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WfhWiT37q7hQ; Wed, 1 Jul 2015 05:08:10 -0700 (PDT)
Received: from mail-pink.research.att.com (mail-pink.research.att.com [204.178.8.22]) by ietfa.amsl.com (Postfix) with ESMTP id F02B01A1BDB; Wed, 1 Jul 2015 05:08:06 -0700 (PDT)
Received: from mail-blue.research.att.com (unknown [135.207.178.11]) by mail-pink.research.att.com (Postfix) with ESMTP id AB07A1216C2; Wed, 1 Jul 2015 08:30:14 -0400 (EDT)
Received: from exchange.research.att.com (njmtcas1.research.att.com [135.207.255.99]) by mail-blue.research.att.com (Postfix) with ESMTP id 802CCF0478; Wed, 1 Jul 2015 08:08:02 -0400 (EDT)
Received: from NJFPSRVEXG0.research.att.com ([fe80::108a:1006:9f54:fd90]) by njmtcas1.research.att.com ([fe80::f1f7:6c06:d0d0:d48c%10]) with mapi; Wed, 1 Jul 2015 08:08:02 -0400
From: "MORTON, ALFRED C (AL)" <acmorton@att.com>
To: "Xialiang (Frank)" <frank.xialiang@huawei.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-bmwg-issu-meth.all@ietf.org" <draft-ietf-bmwg-issu-meth.all@ietf.org>
Date: Wed, 1 Jul 2015 08:08:01 -0400
Thread-Topic: Secdir review of draft-ietf-bmwg-issu-meth-01
Thread-Index: AdCznVhNjRYm7y6ZS9SgpDHakbeZ2QAWCOBA
Message-ID: <4AF73AA205019A4C8A1DDD32C034631D0662C6E4BD@NJFPSRVEXG0.research.att.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12ADE7046@SZXEMA502-MBS.china.huawei.com>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12ADE7046@SZXEMA502-MBS.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_4AF73AA205019A4C8A1DDD32C034631D0662C6E4BDNJFPSRVEXG0re_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/n5UcnHqUVwFDEjTQfGtcC5cc4Zk>
Subject: Re: [secdir] Secdir review of draft-ietf-bmwg-issu-meth-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2015 12:08:13 -0000

Hi Frank,
Thanks for your review and comments.

On #1, DoS attacks: since human control is involved here,
it seems unlikely that operators will begin an upgrade
during a DoS attack when they know it's in-progress, IMO.
Others should chime-in if they have other rationale or opinions.

On #4, That's the draft date, not the expiration date.
see below,
Al
doc shepherd

Benchmarking Working Group                                  Sarah Banks
Internet Draft                                           VSS Monitoring
Intended status: Informational                        Fernando Calabria
Expires: November 30, 2015                                Cisco Systems
                                                           Gery Czirjak
                                                          Ramdas Machat
                                                       Juniper Networks
                                                           May 30, 2015

ISSU Benchmarking Methodology
draft-ietf-bmwg-issu-meth-01

From: Xialiang (Frank) [mailto:frank.xialiang@huawei.com]
Sent: Tuesday, June 30, 2015 9:29 PM
To: secdir@ietf.org; iesg@ietf.org; draft-ietf-bmwg-issu-meth.all@ietf.org
Subject: Secdir review of draft-ietf-bmwg-issu-meth-01

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comment.

This draft specifies a set of common methodologies and procedures designed to characterize the overall behavior of a Device Under Test (DUT), subject to an ISSU event.

I have the following comments:

1.       Should the ISSU test methodology include the verification and test when the DUT is under network DDoS attacks?

2.       In the software download stage, in addition to compatibility checks and verification of checksums, we should also explicitly mention that the device should verify the authenticity and integrity of its download. I.e. verify signatures on signed code and OCSP/CRL for the used signature. And that a system must not load unverified code;

3.       even in a test environment all deployed software components must be verified (e.g. using signatures);

4.       Nits: this draft has expired on May-30, 2015

Recommendation:  Ready With Issues

B.R.
Frank