IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-dime-priority-avps-04

<lionel.morand@orange-ftgroup.com> Tue, 26 July 2011 15:00 UTC

Return-Path: <lionel.morand@orange-ftgroup.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42AD721F8B72; Tue, 26 Jul 2011 08:00:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.249
X-Spam-Level:
X-Spam-Status: No, score=-103.249 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7APw9jzvZTr5; Tue, 26 Jul 2011 08:00:11 -0700 (PDT)
Received: from p-mail1.rd.francetelecom.com (p-mail1.rd.francetelecom.com [195.101.245.15]) by ietfa.amsl.com (Postfix) with ESMTP id 4B91121F855C; Tue, 26 Jul 2011 08:00:11 -0700 (PDT)
Received: from p-mail1.rd.francetelecom.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id C77688C0001; Tue, 26 Jul 2011 17:00:58 +0200 (CEST)
Received: from ftrdsmtp2.rd.francetelecom.fr (unknown [10.192.128.47]) by p-mail1.rd.francetelecom.com (Postfix) with ESMTP id AC1F78B8009; Tue, 26 Jul 2011 17:00:58 +0200 (CEST)
Received: from ftrdmel1.rd.francetelecom.fr ([10.192.128.40]) by ftrdsmtp2.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.4675); Tue, 26 Jul 2011 17:00:09 +0200
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 26 Jul 2011 17:00:08 +0200
Message-ID: <B11765B89737A7498AF63EA84EC9F577BB642A@ftrdmel1>
In-reply-to: <20110726112346.35893ibie0kwerqc@portland.eukhosting.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-topic: secdir review of draft-ietf-dime-priority-avps-04
Thread-index: AcxLho+V4YXq04I3QKSV0cnCnlyypgAGa8Kw
References: <20110726104135.13472eudbij0eaqs@portland.eukhosting.net> <AC6674AB7BC78549BB231821ABF7A9AEB674516F2B@EMBX01-WF.jnpr.net> <20110726112346.35893ibie0kwerqc@portland.eukhosting.net>
From: lionel.morand@orange-ftgroup.com
To: carlberg@g11.org.uk, shanna@juniper.net
X-OriginalArrivalTime: 26 Jul 2011 15:00:09.0713 (UTC) FILETIME=[B6996E10:01CC4BA4]
X-Mailman-Approved-At: Tue, 26 Jul 2011 11:17:52 -0700
Cc: draft-ietf-dime-priority-avps.all@tools.ietf.org, ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-dime-priority-avps-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 15:00:12 -0000

Hi Steve,

It should be maybe clarified (if required) that this document does not create a new protocol/solution. It only defines extensions to an existing protocol (Diameter QoS Application), completing a standard list of AVPs in order to support a set of parameters already defined in other specifications.

So, to be able to use this set of AVPs, you will have first to comply with the Diameter base protocol (RFC3588(bis)), the Diameter QoS application (RFC5866), the RFC 5624 defining the list of AVP, and all the different specifications defining these priority parameters. This document does not introduce new security issue. It just relies on existing solutions.

I understand therefore the concerns from Ken.

Regards,

Lionel


-----Message d'origine-----
De : carlberg@g11.org.uk [mailto:carlberg@g11.org.uk] 
Envoyé : mardi 26 juillet 2011 13:24
À : Stephen Hanna
Cc : ietf@ietf.org; secdir@ietf.org; draft-ietf-dime-priority-avps.all@tools.ietf.org; MORAND Lionel RD-CORE-ISS
Objet : RE: secdir review of draft-ietf-dime-priority-avps-04

Steve,


Quoting Stephen Hanna <shanna@juniper.net>:

> Thanks for your response, Ken.
>
> Removing the last sentence that you quoted would make things worse.
> Readers of this draft should definitely familiarize themselves with
> the security considerations related to priority. We should make that
> easier, not harder. The fact that those considerations also apply to
> other RFCs does not remove the fact that they apply to this one also.

but those considerations do not directly apply to DIAMETER.

> You cannot publish a document whose security considerations section
> says (as this one effectively does today), "There are lots of security
> considerations related to this document. To understand them, please
> dig through all the referenced documents and figure it out yourself."
> Doing that digging and analysis is the job of the document editors.

agreed, speaking in the general sense.  But again, the security  
considerations of these other protocols do not apply to the operation  
of Diameter.

> In order to ease the burden on you, I think a reasonable compromise
> would be for YOU to review the documents referenced and decide which
> have the most relevant security considerations. Then you could list
> those explicitly in the last paragraph of the Security Considerations.

I'm concerned about the implications of your recommendation.  If we  
extend this position to other work in the IETF, then efforts like  
defining MIBs would mean that each MIB draft would need to perform a  
security considerations analysis of each protocol that an objects  
refers to in the context of SNMP.  And one can extend the argument  
that each protocol operating on top of TCP (and/or UDP) and IP would  
need to perform an analysis on how TCP/UDP and IP may affect the upper  
layer protocol.  We don't do that today.

cheers,

-ken

v2.23.0 | Report a Bug | By Email