[secdir] security review of draft-ietf-pwe3-pw-typed-wc-fec-03.txt
"Hilarie Orman" <ho@alum.mit.edu> Mon, 12 March 2012 20:14 UTC
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2255321F8999; Mon, 12 Mar 2012 13:14:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BL0ihzXqavxG; Mon, 12 Mar 2012 13:13:59 -0700 (PDT)
Received: from out01.mta.xmission.com (out01.mta.xmission.com [166.70.13.231]) by ietfa.amsl.com (Postfix) with ESMTP id 5B12E21F8984; Mon, 12 Mar 2012 13:13:51 -0700 (PDT)
Received: from mx01.mta.xmission.com ([166.70.13.211]) by out01.mta.xmission.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <hilarie@purplestreak.com>) id 1S7Bct-0001tP-1w; Mon, 12 Mar 2012 14:13:51 -0600
Received: from 166-70-57-249.ip.xmission.com ([166.70.57.249] helo=sylvester.rhmr.com) by mx01.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1S7Bcp-0007eK-FL; Mon, 12 Mar 2012 14:13:50 -0600
Received: from sylvester.rhmr.com (localhost [127.0.0.1]) by sylvester.rhmr.com (8.14.4/8.14.3/Debian-9.1ubuntu1) with ESMTP id q2CKDOgq005119; Mon, 12 Mar 2012 14:13:24 -0600
Received: (from hilarie@localhost) by sylvester.rhmr.com (8.14.4/8.14.4/Submit) id q2CKDOe9005117; Mon, 12 Mar 2012 14:13:24 -0600
Date: Mon, 12 Mar 2012 14:13:24 -0600
Message-Id: <201203122013.q2CKDOe9005117@sylvester.rhmr.com>
From: Hilarie Orman <ho@alum.mit.edu>
To: secdir@ietf.org, iesg@ietf.org
X-XM-SPF: eid=; ; ; mid=; ; ; hst=mx01.mta.xmission.com; ; ; ip=166.70.57.249; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-DomainKey: sender_domain=alum.mit.edu; ; ; sender=ho@alum.mit.edu; ; ; status=error
X-SA-Exim-Connect-IP: 166.70.57.249
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa05 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: **;secdir@ietf.org, iesg@ietf.org
X-Spam-Relay-Country:
X-SA-Exim-Version: 4.2.1 (built Fri, 06 Aug 2010 16:31:04 -0600)
X-SA-Exim-Scanned: Yes (on mx01.mta.xmission.com)
Subject: [secdir] security review of draft-ietf-pwe3-pw-typed-wc-fec-03.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Hilarie Orman <ho@alum.mit.edu>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2012 20:14:00 -0000
Security review of draft-ietf-pwe3-pw-typed-wc-fec-03.txt Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The abstract: The "Typed Wildcard Forwarding Equivalence Class (FEC) Element" defines an extension to the Label Distribution Protocol (LDP) that can be used when it is desired to request or withdraw or release all label bindings for a given FEC Element type. However, a typed wildcard FEC element must be individually defined for each FEC element type. This specification defines the typed wildcard FEC elements for the PWid (0x80) and Generalized PWid (0x81) FEC element types. In doing an SR for a WC semantic one has to be mindful of the overall ops SC. The TM might be insider MW or external DDoS. In this case, the chances for semantic ambiguity and resulting misconfiguration could be significant, or not. Users should invest in an RA before accepting these types. The sec5's of all predecessor documents have sufficient handwaving to cover the basic ideas of this draft. See my earlier review of draft-ietf-pwe3-segmented-pw-13.txt. Hilarie
- [secdir] security review of draft-ietf-pwe3-pw-ty… Hilarie Orman