Re: [secdir] Secdir review of draft-ietf-forces-packet-parallelization@tools.ietf.org
Joel Halpern <joel.halpern@ericsson.com> Wed, 01 October 2014 15:02 UTC
Return-Path: <joel.halpern@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E62B1ACE3B for <secdir@ietfa.amsl.com>; Wed, 1 Oct 2014 08:02:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.619
X-Spam-Level:
X-Spam-Status: No, score=-1.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LUJxXLsxC7c3 for <secdir@ietfa.amsl.com>; Wed, 1 Oct 2014 08:02:24 -0700 (PDT)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 512781ACE24 for <secdir@ietf.org>; Wed, 1 Oct 2014 08:02:24 -0700 (PDT)
X-AuditID: c6180641-f79916d00000623a-fa-542bbe842622
Received: from EUSAAHC002.ericsson.se (Unknown_Domain [147.117.188.78]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id 7E.25.25146.48EBB245; Wed, 1 Oct 2014 10:42:44 +0200 (CEST)
Received: from EUSAAMB101.ericsson.se ([147.117.188.118]) by EUSAAHC002.ericsson.se ([147.117.188.78]) with mapi id 14.03.0174.001; Wed, 1 Oct 2014 11:02:22 -0400
From: Joel Halpern <joel.halpern@ericsson.com>
To: "magnusn@gmail.com" <magnusn@gmail.com>, Haleplidis Evangelos <ehalep@ece.upatras.gr>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-forces-packet-parallelization@tools.ietf.org" <draft-ietf-forces-packet-parallelization@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-forces-packet-parallelization@tools.ietf.org
Thread-Index: AQHP3HeMQ+cS0T28ikeWYCUt3/wjxpwbXDqAgAA5ZoD//8LCkA==
Date: Wed, 01 Oct 2014 15:02:21 +0000
Message-ID: <6BCE198E4EAEFC4CAB45D75826EFB0760322B8FD@eusaamb101.ericsson.se>
References: <CADajj4Y2Po_JGmr2-V+U5RoaMALk8hD8M4rJ_VLQ4xTXj-pX4A@mail.gmail.com>, <007501cfdd69$0e9a94f0$2bcfbed0$@upatras.gr> <542c131a.6545440a.217e.361d@mx.google.com>
In-Reply-To: <542c131a.6545440a.217e.361d@mx.google.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.10]
Content-Type: multipart/alternative; boundary="_000_6BCE198E4EAEFC4CAB45D75826EFB0760322B8FDeusaamb101erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpgkeLIzCtJLcpLzFFi42KZXLrHT7dln3aIwcJ3ZhZ3Xk1jsehd+YrJ 4vjW5awWHxY+ZHFg8dg1fQWzx85Zd9k9liz5yeTx5fJntgCWKC6blNSczLLUIn27BK6Mu5O/ sBbMm8ZYcWP5d6YGxjmTGLsYOTkkBEwk1vfsZ4WwxSQu3FvPBmILCRxllFh+RA7CXsYoceJq MYjNJqAnsfb9YyYQW0TgJ6PE5A9WILawQLjE9a+vgeIcQPEIiQVT7SFKnCRuTVwNtopFQEVi 16k/YDavgK9E/7RtQDYX0PjVjBLXTixlAUlwClhI7G1ZBXYDI9A930+tAdvFLCAucevJfCaI OwUkluw5zwxhi0q8fPwP6n4liUlLz7FC1OdLbN68gglimaDEyZlPWCYwisxCMmoWkrJZSMpm Ab3ALKApsX6XPkSJosSU7ofsELaGROucuezI4gsY2VcxcpQWp5blphsZbmIERtkxCTbHHYwL PlkeYhTgYFTi4X2grh0ixJpYVlyZe4hRmoNFSZxXs3pesJBAemJJanZqakFqUXxRaU5q8SFG Jg5OqQZGQ/tlU97Oljttq1p+rKJpZq9F18bAtyEnTbxPLzvsty47RXeR+ZSuOVuPi3Ee+Xit 2+sZ4969t+edkVVhv3TlkKvyzzS1q1r5IVfXvo+9/nhFX8q0JLV/J9rq93pvV96ka7JS2Wzh 2YdnYjI6l91d1t/Qk/VWTO1BtL/Aef8J1YvvzpC/V6i0T4mlOCPRUIu5qDgRAJaGtoaTAgAA
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/xCWKJDgny2Mm4fSoXG8tjRzwTAc
Subject: Re: [secdir] Secdir review of draft-ietf-forces-packet-parallelization@tools.ietf.org
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 15:02:26 -0000
There are not any known issues of this sort. Yours, Joel ________________________________ From: magnusn@gmail.com [mailto:magnusn@gmail.com] Sent: Wednesday, October 01, 2014 10:41 AM To: Haleplidis Evangelos; secdir@ietf.org; draft-ietf-forces-packet-parallelization@tools.ietf.org Subject: Re: Secdir review of draft-ietf-forces-packet-parallelization@tools.ietf.org Thanks Evangelos, That sounds good with me as long as it is the case that ForCES packet parallelization in itself doesn’t present new security issues. If however there are known such issues then I think the draft should describe them. Best, Sent from Windows Mail From: Haleplidis Evangelos<mailto:ehalep@ece.upatras.gr> Sent: Wednesday, 1 October, 2014 04:15 To: Magnus Nyström<mailto:magnusn@gmail.com>, secdir@ietf.org<mailto:secdir@ietf.org>, draft-ietf-forces-packet-parallelization@tools.ietf.org<mailto:draft-ietf-forces-packet-parallelization@tools.ietf.org> Greetings Magnus, Having discussed the issue with Joel, in order to clarify the text you pointed out, we opted to replace the problematic sentence from: “However as parallezation tasks have security issues, a designer or an implementer must take into account any security considerations that regards packet parallelization.” To: “This document does not attempt to analyze the presence or possibility of security interactions created by allowing parallel operations on packets. Any such issues, if they exist, are for the designers of the particular data path, not the general mechanism.” This way, we clearly state (the previous sentence didn’t manage to convey that meaning) that security considerations are for implementers and not for the general mechanisms we specify in the draft. Does this resolve your comment? Regards, Evangelos. From: Magnus Nyström [mailto:magnusn@gmail.com] Sent: Tuesday, September 30, 2014 9:26 AM To: secdir@ietf.org; draft-ietf-forces-packet-parallelization@tools.ietf.org Subject: Secdir review of draft-ietf-forces-packet-parallelization@tools.ietf.org I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes how ForCES can model a network device's parallelization datapath to support parallel packet processing in the ForCES model. The document is intended to be published as an Experimental RFC. Since the document does not change the ForCES model or the ForCES protocol, I agree with the Security Consideration section's statement that there's no impact on the security considerations for them. However, the document then goes on to state "However as parallezation [sic] tasks have security issues, a designer or an implementer must take into account any security considerations that regards packet parallelization." I don't know specifically what such security issues are in the context of parallel ForCES packet processing, and it seems that it would be good to include at least some example of them and how implementers should take them into account. -- Magnus
- [secdir] Secdir review of draft-ietf-forces-packe… Magnus Nyström
- Re: [secdir] Secdir review of draft-ietf-forces-p… Haleplidis Evangelos
- Re: [secdir] Secdir review of draft-ietf-forces-p… magnusn
- Re: [secdir] Secdir review of draft-ietf-forces-p… Joel Halpern