[secdir] Security review: draft-ietf-mpls-soft-preemption-18.txt
Adrian Farrel <Adrian.Farrel@huawei.com> Fri, 04 September 2009 11:06 UTC
Return-Path: <Adrian.Farrel@huawei.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4A943A67EE for <secdir@core3.amsl.com>; Fri, 4 Sep 2009 04:06:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.559
X-Spam-Level:
X-Spam-Status: No, score=-1.559 tagged_above=-999 required=5 tests=[AWL=-0.450, BAYES_05=-1.11, STOX_REPLY_TYPE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zK9gICM0WPs5 for <secdir@core3.amsl.com>; Fri, 4 Sep 2009 04:06:11 -0700 (PDT)
Received: from lhrga01-in.huawei.com (lhrga01-in.huawei.com [195.33.106.110]) by core3.amsl.com (Postfix) with ESMTP id C8DD83A67E2 for <secdir@ietf.org>; Fri, 4 Sep 2009 04:06:11 -0700 (PDT)
Received: from huawei.com (lhrml01-in [172.18.7.5]) by lhrga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KPG009IU1F70Z@lhrga01-in.huawei.com> for secdir@ietf.org; Fri, 04 Sep 2009 12:04:19 +0100 (BST)
Received: from your029b8cecfe (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) by lhrga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KPG001701EWQ3@lhrga01-in.huawei.com> for secdir@ietf.org; Fri, 04 Sep 2009 12:04:13 +0100 (BST)
Date: Fri, 04 Sep 2009 12:04:00 +0100
From: Adrian Farrel <Adrian.Farrel@huawei.com>
To: Stephen Kent <kent@bbn.com>
Message-id: <FED2184CF597405083AE68F9F2DFCE19@your029b8cecfe>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
Content-type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: <200909040212.n842CS3M028820@harbor.orleans.occnc.com>
Cc: mpls-chairs@tools.ietf.org, secdir <secdir@ietf.org>, draft-ietf-mpls-soft-preemption@tools.ietf.org
Subject: [secdir] Security review: draft-ietf-mpls-soft-preemption-18.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Adrian Farrel <Adrian.Farrel@huawei.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2009 11:06:12 -0000
Hi Stephen,
Thanks for your review. After discussion with the authors, I have added an
RFC Editor note as follows.
Thanks,
Adrian
Section 10
OLD
This document does not introduce new security issues. The security
considerations pertaining to the original RSVP protocol [RFC3209]
remain relevant.
NEW
This document does not introduce new security issues. The security
considerations pertaining to the original RSVP protocol [RFC3209]
remain relevant. Further details about MPLS security considerations
can be found in [I-D.ietf-mpls-mpls-and-gmpls-security].
As noted in Section 6.1, soft preemption may result in temporary link
under provisioning condition while the soft preempted TE LSPs are
rerouted by their respective head-end LSRs. Although this is a less
serious condition than false hard preemption, and despite the
mitigation procedures described in Section 6.1, network operators
should be aware of the risk to their network should the soft
preemption processes be subverted, and should apply the relevant MPLS
control plane security techniques to protect against attacks.
---
Section 13.2
ADD
[I-D.ietf-mpls-mpls-and-gmpls-security] Fang, L. Ed., "Security
Framework for MPLS and GMPLS Networks", draft-ietf-mpls-
mpls-and-gmpls-security-framework-06.txt, work in
progress.
- [secdir] Security review: draft-ietf-mpls-soft-pr… Adrian Farrel
- Re: [secdir] Security review: draft-ietf-mpls-sof… Stephen Kent