[secdir] review of draft-ietf-mpls-smp-requirements-06

Chris Inacio <inacio@cert.org> Mon, 23 June 2014 13:59 UTC

Return-Path: <inacio@cert.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 85EA01B2B06; Mon, 23 Jun 2014 06:59:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.601
X-Spam-Status: No, score=-1.601 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id W7ox9bnuNoRS; Mon, 23 Jun 2014 06:59:18 -0700 (PDT)
Received: from plainfield.sei.cmu.edu (plainfield.sei.cmu.edu []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6F851B2962; Mon, 23 Jun 2014 06:59:15 -0700 (PDT)
Received: from pawpaw.sei.cmu.edu (pawpaw.sei.cmu.edu []) by plainfield.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id s5NDxEhi027089; Mon, 23 Jun 2014 09:59:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1403531954; bh=qx11UOxN0kpyIplih31gK9R2/8UcHH9Nj7fJuEBiaAY=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:Content-ID: Content-Transfer-Encoding:MIME-Version:Sender:Reply-To:In-Reply-To: References; b=LXFjmNo24P0VHvdlopyjdfUWsK593zOPr9CYFqwXyiuyzZvfojlnHDj7jSkqkOLed Bgc21LwlZkRpy0hqiJDwN1ZsP1OlJyH/n1HBzyl4xQXdSYTE6ZTLkgwGVvjmepCwN5 3ekgnwmGs3hwA03KSDgz6og6iF2sv86H5Bt0+P6k=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu []) by pawpaw.sei.cmu.edu (8.14.4/8.14.4/1456) with ESMTP id s5NDxJWP032766; Mon, 23 Jun 2014 09:59:19 -0400
Received: from MARATHON.ad.sei.cmu.edu ([]) by CASCADE.ad.sei.cmu.edu ([]) with mapi id 14.02.0347.000; Mon, 23 Jun 2014 09:59:10 -0400
From: Chris Inacio <inacio@cert.org>
To: "<secdir@ietf.org>" <secdir@ietf.org>
Thread-Topic: review of draft-ietf-mpls-smp-requirements-06
Thread-Index: AQHPjutOvsydJA6Q1kiOlx9WmLKIAw==
Date: Mon, 23 Jun 2014 13:59:09 +0000
Message-ID: <4B67B93E-4E34-4A62-9B07-B0E3F1DCEDDA@cert.org>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <DEE3D0D35CC58047BB297EA2DD18526F@sei.cmu.edu>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/oW41CaYW1rv5HXPmYseIey3wYsg
Cc: "draft-ietf-mpls-smp-requirements-06.all@tools.ietf.org" <draft-ietf-mpls-smp-requirements-06.all@tools.ietf.org>, "<iesg@ietf.org> IESG" <iesg@ietf.org>
Subject: [secdir] review of draft-ietf-mpls-smp-requirements-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jun 2014 13:59:20 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Firstly, this document is a requirements document, and therefore doesn’t necessarily have a large need for security considerations, the resulting protocols can bear the burden.  Although I wouldn’t complain if the authors had put more into the security considerations in the requirements – like acknowledging the exhaustion of resources related to preemption, especially by a malicious actor.  Or a malicious actor attempting to cause a alternate path to force traffic by a sensor/device.

The security considerations section references the security considerations to 2 other RFCs, which in turn references multiple other RFCs which reference multiple standards.  My depth limit of reviewing the security considerations sections stopped at 1-level of reference.  It is assumed that the related RFCs have also gone through security review previous and that review is sufficient in this case.

Editorial NITS:

Section 4.1, last paragraph:
the commitment of the shared
   resources are be coordinated between the different working paths in
   the SMP network.

should be:

shared resources are to be coordinated

Section 5.5:

Referring the “former" and “later”, each with a complex combination of events and times is a bit difficult to read, even though the sentences are completely correctly structured.  It might be worth being a little more verbose to simplify the reading. I say this as a native english speaker.  I wouldn’t want to read that if English was my second language.

Chris Inacio