Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05
"Adrian Farrel" <adrian@olddog.co.uk> Mon, 12 May 2014 17:10 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AA521A072A; Mon, 12 May 2014 10:10:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.899
X-Spam-Level:
X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W6FOuLGwQieL; Mon, 12 May 2014 10:10:33 -0700 (PDT)
Received: from asmtp1.iomartmail.com (asmtp1.iomartmail.com [62.128.201.248]) by ietfa.amsl.com (Postfix) with ESMTP id 0F87A1A072E; Mon, 12 May 2014 10:10:32 -0700 (PDT)
Received: from asmtp1.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id s4CHAPK9006433; Mon, 12 May 2014 18:10:25 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id s4CHANuw006416 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 12 May 2014 18:10:23 +0100
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Vincent Roca' <vincent.roca@inria.fr>, 'IESG' <iesg@ietf.org>, draft-ietf-mpls-psc-updates@tools.ietf.org, secdir@ietf.org
References: <EA9D0543-BF2E-40B9-BA7A-76F145E64CA7@inria.fr>
In-Reply-To: <EA9D0543-BF2E-40B9-BA7A-76F145E64CA7@inria.fr>
Date: Mon, 12 May 2014 18:10:17 +0100
Message-ID: <08c801cf6e05$0d200d90$276028b0$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_08C9_01CF6E0D.6EE5FC30"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI6M7cVzudwVfHp4TQTqZGHxKuFAppnomyQ
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.0.0.1014-20690.000
X-TM-AS-Result: No--9.994-10.0-31-10
X-imss-scan-details: No--9.994-10.0-31-10
X-TMASE-MatchedRID: DuKherWvI/ttT4GgHZSu8wbts0Qkqy42GbJMFqqIm9w4YKAM3oRt9mn7 AlTb8W2xmbgtFJbseiaV2J8ChOmkcwEPJSU5uWO/e7MO8jvmPSygBWRVHG2+kXOMCXNrYTWi8G7 V1v8bvlGXjuvNBBfmDcF0uBJI7Ez3H5chC2o3feJc/msUC5wFQalLUhyBHY5VIbxYwbCxGTTA1/ n5ffsZh4jHmnSGNeOdSaVfaxxV94/trubt8TkL4cG0UNgaZpYqtF9GMNu1bqLkOOZ1bT6psa7BV PFMOQQusrZgdv+SJ0/88SAvS2rKrnRue7aQeqLEsyw+ZJnFumQTskidPjB12hON+Q7elv5YPSaw iBLK6fcf9nvUckM1oVpzKEH0vVqvEnerDpp3+WMAGGKG8CG8Akh41hM/w6ZM+TdKNkxxkWRSUGH 6RuK0z1HpYTzKlHj/xz045WRJC2uHFo7dvDc+MOOtrJejSjcwh+w9Wz/xXDoR8rMICe0qkDnuQW M5MjklgExzV+J9XRidawge4qsoYOv1ZyR66iMp5HDr20Bhc0ZxtWYlDuRQpbXvDHySC+eUlSBIv H74wfJrar1QOTCmjzl5+IQAcYVk8lEDYmoBkrPbH8WaUL9qjB2CTNIhL2HPmCNknSXswf8SkGdm Qt+XWWXljhnB0lba2m/AaKPfqGCPmsTSpXoLhA6w00GeWBFafS0Ip2eEHnyvXSmSdlcYmi57hWH 2lkqmfeZdJ1Xsorgv/gvfppVuD46HM5rqDwqtu3nKmXKCHRqE8o/17jf/qUijqIM5sGk6vupaMm GsfZ0HaIXMY7lplmpcBpvEK1YtsZ8UxTmSOFfU9JuoFlVA3XE2ZAlSkvxqH8FerAT0dJY=
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/u0Y1NCMWh_DeNRLRMvTLhIMzAr4
Subject: Re: [secdir] Secdir review of draft-ietf-mpls-psc-updates-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 17:10:36 -0000
Hi Vincent, Good points, but s/6378/6941/ Adrian From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Vincent Roca Sent: 12 May 2014 18:03 To: IESG; draft-ietf-mpls-psc-updates@tools.ietf.org; secdir@ietf.org Cc: Vincent Roca Subject: Secdir review of draft-ietf-mpls-psc-updates-05 Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. IMHO, the document is Almost ready. The author claims this document "raise[s] no new security concerns". I think the author is right, however I have two comments: - it's preferable to mention explicitely that RFC 6378 provides the baseline security discussion and that it also applies to the present document. - Making sure an implementation behaves correctly in front of malformed messages is typically something that should be mentioned/discussed in the Security Section. This is the case in section 2.3 "Error handling". Can an attacker through malformed/unexpected messages (e.g., with fuzzing) launch a DoS? I don't suggest to move section 2.3 in the Security Discussion section, but rather to add a sentence in the Security Section explaining that this document in section 2.3 also clarifies how to react in front of malformed/unexpected messages (which is essential from a security point of view). Cheers, Vincent
- [secdir] Secdir review of draft-ietf-mpls-psc-upd… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Adrian Farrel
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Eric Osborne
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Adrian Farrel
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Eric Osborne
- Re: [secdir] Secdir review of draft-ietf-mpls-psc… Kathleen Moriarty