[secdir] Security review: draft-ietf-mpls-soft-preemption-18.txt

Adrian Farrel <Adrian.Farrel@huawei.com> Fri, 04 September 2009 11:06 UTC

Return-Path: <Adrian.Farrel@huawei.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4A943A67EE for <secdir@core3.amsl.com>; Fri, 4 Sep 2009 04:06:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.559
X-Spam-Level:
X-Spam-Status: No, score=-1.559 tagged_above=-999 required=5 tests=[AWL=-0.450, BAYES_05=-1.11, STOX_REPLY_TYPE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zK9gICM0WPs5 for <secdir@core3.amsl.com>; Fri, 4 Sep 2009 04:06:11 -0700 (PDT)
Received: from lhrga01-in.huawei.com (lhrga01-in.huawei.com [195.33.106.110]) by core3.amsl.com (Postfix) with ESMTP id C8DD83A67E2 for <secdir@ietf.org>; Fri, 4 Sep 2009 04:06:11 -0700 (PDT)
Received: from huawei.com (lhrml01-in [172.18.7.5]) by lhrga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KPG009IU1F70Z@lhrga01-in.huawei.com> for secdir@ietf.org; Fri, 04 Sep 2009 12:04:19 +0100 (BST)
Received: from your029b8cecfe (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) by lhrga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KPG001701EWQ3@lhrga01-in.huawei.com> for secdir@ietf.org; Fri, 04 Sep 2009 12:04:13 +0100 (BST)
Date: Fri, 04 Sep 2009 12:04:00 +0100
From: Adrian Farrel <Adrian.Farrel@huawei.com>
To: Stephen Kent <kent@bbn.com>
Message-id: <FED2184CF597405083AE68F9F2DFCE19@your029b8cecfe>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
Content-type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: <200909040212.n842CS3M028820@harbor.orleans.occnc.com>
Cc: mpls-chairs@tools.ietf.org, secdir <secdir@ietf.org>, draft-ietf-mpls-soft-preemption@tools.ietf.org
Subject: [secdir] Security review: draft-ietf-mpls-soft-preemption-18.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Adrian Farrel <Adrian.Farrel@huawei.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2009 11:06:12 -0000

Hi Stephen,

Thanks for your review. After discussion with the authors, I have added an 
RFC Editor note as follows.

Thanks,
Adrian

Section 10
OLD
   This document does not introduce new security issues.  The security
   considerations pertaining to the original RSVP protocol [RFC3209]
   remain relevant.
NEW
   This document does not introduce new security issues.  The security
   considerations pertaining to the original RSVP protocol [RFC3209]
   remain relevant. Further details about MPLS security considerations
   can be found in [I-D.ietf-mpls-mpls-and-gmpls-security].

   As noted in Section 6.1, soft preemption may result in temporary link
   under provisioning condition while the soft preempted TE LSPs are
   rerouted by their respective head-end LSRs. Although this is a less
   serious condition than false hard preemption, and despite the
   mitigation procedures described in Section 6.1, network operators
   should be aware of the risk to their network should the soft
   preemption processes be subverted, and should apply the relevant MPLS
   control plane security techniques to protect against attacks.
---
Section 13.2
ADD
   [I-D.ietf-mpls-mpls-and-gmpls-security] Fang, L. Ed., "Security
              Framework for MPLS and GMPLS Networks", draft-ietf-mpls-
              mpls-and-gmpls-security-framework-06.txt, work in
              progress.