Return-Path: <huitema@huitema.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id CD09B1A1B5B
 for <secdir@ietfa.amsl.com>; Tue,  9 Jun 2015 14:33:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level: 
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5
 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_NONE=-0.0001]
 autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id K_GjeYO2M6Ws for <secdir@ietfa.amsl.com>;
 Tue,  9 Jun 2015 14:33:36 -0700 (PDT)
Received: from xsmtp04.mail2web.com (xsmtp04.mail2web.com [168.144.250.231])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 4DA041A1BA3
 for <secdir@ietf.org>; Tue,  9 Jun 2015 14:33:35 -0700 (PDT)
Received: from [10.5.2.35] (helo=xmail10.myhosting.com)
 by xsmtp04.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1Z2R9J-0002u5-8f
 for secdir@ietf.org; Tue, 09 Jun 2015 17:33:34 -0400
Received: (qmail 16111 invoked from network); 9 Jun 2015 21:33:32 -0000
Received: from unknown (HELO huitema1)
 (Authenticated-user:_huitema@huitema.net@[131.107.147.223])
 (envelope-sender <huitema@huitema.net>)
 by xmail10.myhosting.com (qmail-ldap-1.03) with ESMTPA
 for <draft-ietf-pcp-anycast.all@tools.ietf.org>; 9 Jun 2015 21:33:32 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: "'Yoav Nir'" <ynir.ietf@gmail.com>, "'secdir'" <secdir@ietf.org>,
 "'The IESG'" <iesg@ietf.org>, <draft-ietf-pcp-anycast.all@tools.ietf.org>
References: <06A85300-7DD9-4AC4-A5F5-EE9FE77F7466@gmail.com>
In-Reply-To: <06A85300-7DD9-4AC4-A5F5-EE9FE77F7466@gmail.com>
Date: Tue, 9 Jun 2015 14:33:30 -0700
Message-ID: <001801d0a2fb$ef31e560$cd95b020$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQM76S7OfzTHZVpZ8EJ9iD3mk4Q05prOIsqw
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/rq6z8yfpmqMVOkfSVGODOc9XIug>
Subject: Re: [secdir] SecDir Review of draft-ietf-pcp-anycast-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>,
 <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>,
 <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2015 21:33:38 -0000

> There are two specific concerns about this method (other than the =
usual
> anycast or pcp concerns). The first is that information about the =
internal
> network might leak to a PCP service outside the network.=20

In fact, it is almost guaranteed to leak outside of the network. In the =
initial deployments, first hop routers will not be aware of the anycast =
address...

> ... Whereas a failure of
> a service whose address is given in DHCP will result in black-holed =
packets,
> failure of a service with an anycast address will cause the packets to =
be
> forwarded to some random PCP server on the Internet. Section 5.1 =
discusses
> this and recommends filtering in perimeter gateways and reduced TTL. I
> believe this addresses that threat adequately.

I would find the TTL mitigation would be more convincing if the draft =
actually specified a recommended TTL value.

-- Christian Huitema