[secdir] SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02

Stephen Kent <kent@bbn.com> Wed, 06 March 2013 15:40 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E04D521F86FF for <secdir@ietfa.amsl.com>; Wed, 6 Mar 2013 07:40:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.598
X-Spam-Status: No, score=-106.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ovcRyvXLgaP6 for <secdir@ietfa.amsl.com>; Wed, 6 Mar 2013 07:40:10 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com []) by ietfa.amsl.com (Postfix) with ESMTP id 634E721F89BF for <secdir@ietf.org>; Wed, 6 Mar 2013 07:40:10 -0800 (PST)
Received: from dhcp89-089-230.bbn.com ([]:51357) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1UDGRm-000K43-NJ; Wed, 06 Mar 2013 10:40:02 -0500
Message-ID: <51376352.5050802@bbn.com>
Date: Wed, 06 Mar 2013 10:40:02 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: secdir <secdir@ietf.org>, chris.dearlove@baesystems.com, T.Clausen@computer.org, philippe.jacquet@alcatel-lucent.com, macker@itd.nrl.navy.mil, sratliff@cisco.com, Stewart Bryant <stbryant@cisco.com>, Adrian Farrel <adrian@olddog.co.uk>
Content-Type: multipart/alternative; boundary="------------000303060604020406000009"
Subject: [secdir] SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2013 15:40:12 -0000

SECDIR review of draft-ietf-manet-olsrv2-metrics-rationale-02

I reviewed this document as part of the security directorate's ongoing 
effort to review all IETF documents being processed by the IESG.These 
comments were written primarily for the benefit of the security area 
directors.Document editors and WG chairs should treat these comments 
just like any other last call comments.

This document is targeted as an Informational RFC. It describes itself 
as "... an historic record of the rationale for, and design 
considerations behind, how link metrics were included in OLSRv2."

The Security Considerations section says simply "This document does not 
specify any security considerations." It's been a very long time (many 
years) since I've encountered that phrase in a candidate RFC. A 
rationale document itself probably does not entail security 
considerations, but the omission of any security discussion suggests 
that security did not play a role in the deign of this routing protocol. 
Is that true? If so, who thinks this is a good thing?

I looked at the I-D that defines OLSRv2. It contains a two-page Security 
Considerations section. From my perspective, this document ought to 
provide background info (rationale) for the security suggestions 
contained that document.