Re: [secdir] Security review of draft-ietf-idr-rfd-usable-03

Randy Bush <randy@psg.com> Wed, 09 October 2013 22:47 UTC

Return-Path: <randy@psg.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F60F21E8220; Wed, 9 Oct 2013 15:47:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldo9ofDpijxa; Wed, 9 Oct 2013 15:47:08 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) by ietfa.amsl.com (Postfix) with ESMTP id 9E6FF21E81C2; Wed, 9 Oct 2013 15:47:08 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from <randy@psg.com>) id 1VU2X4-0006ox-Qt; Wed, 09 Oct 2013 22:47:07 +0000
Date: Thu, 10 Oct 2013 07:47:05 +0900
Message-ID: <m2vc162hau.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Ben Laurie <benl@google.com>
In-Reply-To: <CABrd9SQ3QppPDLydbb6kxw4PC=BDjKct+oiEThpcTT1YSxkZVw@mail.gmail.com>
References: <CABrd9SQ3QppPDLydbb6kxw4PC=BDjKct+oiEThpcTT1YSxkZVw@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-Mailman-Approved-At: Wed, 09 Oct 2013 15:55:03 -0700
Cc: draft-ietf-idr-rfd-usable.all@tools.ietf.org, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Security review of draft-ietf-idr-rfd-usable-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 22:47:10 -0000

> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> Summary: draft is ready.

thank you for the review

> Whilst I accept the authors' assertion that this I-D does not
> introduce any new security issues, the fact that an attacker can
> introduce fake flap suggests that the underlying protocols need more
> robust security mechanisms.

indeed.  and this is a serious problem with no progress in sight.

randy