[secdir] Security review: draft-ietf-mpls-soft-preemption-18.txt
Adrian Farrel <Adrian.Farrel@huawei.com> Fri, 04 September 2009 11:06 UTC
Return-Path: <Adrian.Farrel@huawei.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4A943A67EE for <secdir@core3.amsl.com>; Fri, 4 Sep 2009 04:06:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.559
X-Spam-Level:
X-Spam-Status: No, score=-1.559 tagged_above=-999 required=5 tests=[AWL=-0.450, BAYES_05=-1.11, STOX_REPLY_TYPE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zK9gICM0WPs5 for <secdir@core3.amsl.com>; Fri, 4 Sep 2009 04:06:11 -0700 (PDT)
Received: from lhrga01-in.huawei.com (lhrga01-in.huawei.com [195.33.106.110]) by core3.amsl.com (Postfix) with ESMTP id C8DD83A67E2 for <secdir@ietf.org>; Fri, 4 Sep 2009 04:06:11 -0700 (PDT)
Received: from huawei.com (lhrml01-in [172.18.7.5]) by lhrga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KPG009IU1F70Z@lhrga01-in.huawei.com> for secdir@ietf.org; Fri, 04 Sep 2009 12:04:19 +0100 (BST)
Received: from your029b8cecfe (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) by lhrga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KPG001701EWQ3@lhrga01-in.huawei.com> for secdir@ietf.org; Fri, 04 Sep 2009 12:04:13 +0100 (BST)
Date: Fri, 04 Sep 2009 12:04:00 +0100
From: Adrian Farrel <Adrian.Farrel@huawei.com>
To: Stephen Kent <kent@bbn.com>
Message-id: <FED2184CF597405083AE68F9F2DFCE19@your029b8cecfe>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
Content-type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: <200909040212.n842CS3M028820@harbor.orleans.occnc.com>
Cc: mpls-chairs@tools.ietf.org, secdir <secdir@ietf.org>, draft-ietf-mpls-soft-preemption@tools.ietf.org
Subject: [secdir] Security review: draft-ietf-mpls-soft-preemption-18.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Adrian Farrel <Adrian.Farrel@huawei.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2009 11:06:12 -0000
Hi Stephen, Thanks for your review. After discussion with the authors, I have added an RFC Editor note as follows. Thanks, Adrian Section 10 OLD This document does not introduce new security issues. The security considerations pertaining to the original RSVP protocol [RFC3209] remain relevant. NEW This document does not introduce new security issues. The security considerations pertaining to the original RSVP protocol [RFC3209] remain relevant. Further details about MPLS security considerations can be found in [I-D.ietf-mpls-mpls-and-gmpls-security]. As noted in Section 6.1, soft preemption may result in temporary link under provisioning condition while the soft preempted TE LSPs are rerouted by their respective head-end LSRs. Although this is a less serious condition than false hard preemption, and despite the mitigation procedures described in Section 6.1, network operators should be aware of the risk to their network should the soft preemption processes be subverted, and should apply the relevant MPLS control plane security techniques to protect against attacks. --- Section 13.2 ADD [I-D.ietf-mpls-mpls-and-gmpls-security] Fang, L. Ed., "Security Framework for MPLS and GMPLS Networks", draft-ietf-mpls- mpls-and-gmpls-security-framework-06.txt, work in progress.
- [secdir] Security review: draft-ietf-mpls-soft-pr… Adrian Farrel
- Re: [secdir] Security review: draft-ietf-mpls-sof… Stephen Kent