[secdir] Secdir review of draft-ietf-pwe3-cam-msg-map-14.txt

Charlie Kaufman <charliek@microsoft.com> Fri, 07 January 2011 05:07 UTC

Return-Path: <charliek@microsoft.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id AEAB23A63C9; Thu, 6 Jan 2011 21:07:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id w03HGsAbX1lo; Thu, 6 Jan 2011 21:06:59 -0800 (PST)
Received: from smtp.microsoft.com (mail3.microsoft.com []) by core3.amsl.com (Postfix) with ESMTP id 700423A635F; Thu, 6 Jan 2011 21:06:59 -0800 (PST)
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com ( by TK5-EXGWY-E803.partners.extranet.microsoft.com ( with Microsoft SMTP Server (TLS) id; Thu, 6 Jan 2011 21:09:05 -0800
Received: from TK5EX14MBXC115.redmond.corp.microsoft.com ([]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([]) with mapi id 14.01.0255.003; Thu, 6 Jan 2011 21:09:05 -0800
From: Charlie Kaufman <charliek@microsoft.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-pwe3-cam-msg-map.all@tools.ietf.org" <draft-ietf-pwe3-cam-msg-map.all@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-pwe3-cam-msg-map-14.txt
Thread-Index: AcuuJEBicqVIAvhRTp6H828slDO0Ig==
Date: Fri, 7 Jan 2011 05:09:05 +0000
Message-ID: <D80EDFF2AD83E648BD1164257B9B09122C2F14BF@TK5EX14MBXC115.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_D80EDFF2AD83E648BD1164257B9B09122C2F14BFTK5EX14MBXC115r_"
MIME-Version: 1.0
Subject: [secdir] Secdir review of draft-ietf-pwe3-cam-msg-map-14.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2011 05:07:04 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document specifies a standardized way of translating error notification codes between several different protocols. The need comes up in the context of using Pseudowire (PW) protocol to replace a physical link in a network. Pseudowires replace physical wires imperfectly in that they can have more complex failure modes. These can interact in complex ways with the failure modes of the protocols running over the pseudowires.

There are no real security considerations in the code mappings. This document references the security considerations sections of other RFCs where the translated error codes are handled. This seems appropriate.

The only thing that came to my mind that relates to security that was not discussed was emergent errors, where the pseudowire could introduce an error not detectable at its endpoints that could nevertheless cause problems at a higher layer. Examples would be a pseudowire that duplicated, selectively lost, or reordered packets. There are also interesting problems to be had where the pseudowire capacity is variable and its carrying capacity falls below the higher layer protocol's ability to use it. An example would be a link between two routers that should be declared down when it gets slow enough so that higher layers will find better routes. Even so, any such discussion would belong in a different document.

I'd like to express my great appreciation for Section 4.1, which expands almost all of the acronyms used in the document. It made it possible for me - with almost no previous knowledge of the subject matter - to read and mostly understand most of the document. I wish such a thing could be made mandatory for all RFCs.