[secdir] draft-ietf-teas-rsvp-auth-v2-00 early Secdir review
Shawn Emery via Datatracker <noreply@ietf.org> Tue, 11 November 2025 23:17 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@mail2.ietf.org
Received: from [10.244.8.124] (unknown [4.156.85.76]) by mail2.ietf.org (Postfix) with ESMTP id 3D8AC87C42B2; Tue, 11 Nov 2025 15:17:06 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.53.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <176290302615.2271753.5594569318748546287@dt-datatracker-5df8666cb-7l4w5>
Date: Tue, 11 Nov 2025 15:17:06 -0800
Message-ID-Hash: 5QDSOJWZECRY6VGZLZFYY35JGKHMPFEK
X-Message-ID-Hash: 5QDSOJWZECRY6VGZLZFYY35JGKHMPFEK
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-teas-rsvp-auth-v2.all@ietf.org, teas@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: Shawn Emery <shawn.emery@oracle.com>
Subject: [secdir] draft-ietf-teas-rsvp-auth-v2-00 early Secdir review
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/zEiPEAkykyz-a5C5OFQ1qAOCakg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Document: draft-ietf-teas-rsvp-auth-v2 Title: RSVP Cryptographic Authentication, Version 2 Reviewer: Shawn Emery Review result: Has Issues I have reviewed this document as part of the early review process. Document editors and WG chairs should treat these comments just like any other early review comments. This standards track draft specifies a mechanism for authentication and integrity protection of messages of the Resource ReSerVation Protocol (RSVP), where routers and hosts share state information of the underlying network. This security considerations section does exist and describes that this protocol is algorithm agnostic for the authentication of RSVP messages and therefore defers to the security properties to those of the utilized algorithm. They disclose that the messages are not confidential and subject to traffic analysis as designed, but defer to protocols, such as IEEE 802.1 MAC Security, to provide confidentiality for hop-to-hop connectivity. I agree with these assertions. HMAC-MD5 is the only initial registry entry specified in this draft. Fortunately, there is another draft, draft-ietf-teas-rsvp-hmac-sha2, that specifies HMAC-SHA2. For the pathological event, why does the RSVP Security Association (SA) have an infinite lifetime in this scenario? If it's to preserve backwards compatibility then why not provision an option where administrators can disable infinite lifetime SAs once the infrastructure deploys the new version of the protocol? It seems, in its current state, that triggering a pathological event would be considered as a high value attack. Why does a manually entered RSVP Security Association lifetime MAY be used forever? Again, this seems like a high value attack, if manually RSVP SAs can be created, including the RSVP Cryptographic Transform, RSVP Authentication Key, etc., then an attacker would always manually create an SA. If I'm misinterpreting the feasibility or scope of these elements of the specification then having text mitigating these concerns could be beneficial to the reader. General Comments: None. Editorial Comment: s/result are padding/result are padded/
- [secdir] draft-ietf-teas-rsvp-auth-v2-00 early Se… Shawn Emery via Datatracker