Re: [spring] Secdir telechat review of draft-ietf-spring-oam-usecase-09

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Wed, 13 December 2017 13:46 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4986C120227; Wed, 13 Dec 2017 05:46:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CvLE7GdY2jyU; Wed, 13 Dec 2017 05:46:16 -0800 (PST)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87BAD124B09; Wed, 13 Dec 2017 05:46:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18960; q=dns/txt; s=iport; t=1513172774; x=1514382374; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=J7jhIXwJtnEv9keJW/q6ecHnq7y7sCf0BRWgRFOWA9E=; b=IpXu1vWsQSZSPh2ankQ71/P76NwrkTUqAUBi+TA7JcrewtYntICkndKN +qJ3d4/1gnm8qUbbe+AsdPB0YWIkM4FkmmF7erGCb5zQ51JqBsMdvEPwA piziSeXlL9LVYa2mdxpJ8UxqEC55GlQQbGE49bQb4YVA38kkaTqLhYaHN U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BeAgDqLjFa/5JdJa1dGQEBAQEBAQEBAQEBAQcBAQEBAYM+gVonB4N7mSaTQYVhggEKhTsCGoR5QhUBAQEBAQEBAQFrKIUkBiNIDhACAQg/AwICAjAUEQIEDgWJRGSoc4InilwBAQEBAQEBAQEBAQEBAQEBAQEBAQEdg2CCC4FWgWkpgXSBDoMvgTYSgzsxgjIFikqPCIlNAotqiTuTaJY5AhEZAYE6ATUjgU5vFWQBgX6EVXiHfoEygRUBAQE
X-IronPort-AV: E=Sophos; i="5.45,397,1508803200"; d="scan'208,217"; a="43529184"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Dec 2017 13:45:54 +0000
Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id vBDDjrbn001951 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 13 Dec 2017 13:45:54 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 13 Dec 2017 08:45:53 -0500
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 13 Dec 2017 08:45:53 -0500
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
CC: "secdir@ietf.org" <secdir@ietf.org>, "spring@ietf.org" <spring@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-spring-oam-usecase.all@ietf.org" <draft-ietf-spring-oam-usecase.all@ietf.org>
Thread-Topic: Secdir telechat review of draft-ietf-spring-oam-usecase-09
Thread-Index: AQHTcx4k3EKWUeYSf0GdAt9DucmAw6NBnvcA
Date: Wed, 13 Dec 2017 13:45:52 +0000
Message-ID: <2D6492DA-25BD-43A6-ABBB-76006F632055@cisco.com>
References: <151306513713.20438.3742368041842215985@ietfa.amsl.com>
In-Reply-To: <151306513713.20438.3742368041842215985@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.116.133]
Content-Type: multipart/alternative; boundary="_000_2D6492DA25BD43A6ABBB76006F632055ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/EWldTUbJ2vuH4ScR4dKIYhlSsRo>
Subject: Re: [spring] Secdir telechat review of draft-ietf-spring-oam-usecase-09
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2017 13:46:19 -0000

Dear Takeshi,

We have applied the following changes to the document’s working copy, in response to your review.

Thanks again.

Section 1., paragraph 3:
EXPLANATION: Spell out LDP.

OLD:

    The system applies to monitoring of non Segment Routing Label
|   Switched Paths (LSP's) like LDP as well as to monitoring of Segment
|   Routed LSP's (section 7 offers some more information).  As compared
|   to non Segment Routing approaches, Segment Routing is expected to
|   simplify such a monitoring system by enabling MPLS topology detection
|   based on IGP signaled segments.  The MPLS topology should be detected
|   and correlated with the IGP topology, which is too detected by IGP
|   signaling.  Thus a centralized and MPLS topology aware monitoring
|   unit can be realized in a Segment Routed domain.  This topology
|   awareness can be used for Operation, Administration, and Maintenance
|   (OAM) purposes as described by this document.

NEW:

    The system applies to monitoring of non Segment Routing Label
|   Switched Paths (LSP's) like Label Distribution Protocol (LDP) as well
|   as to monitoring of Segment Routed LSP's (section 7 offers some more
|   information).  As compared to non Segment Routing approaches, Segment
|   Routing is expected to simplify such a monitoring system by enabling
|   MPLS topology detection based on IGP signaled segments.  The MPLS
|   topology should be detected and correlated with the IGP topology,
|   which is too detected by IGP signaling.  Thus a centralized and MPLS
|   topology aware monitoring unit can be realized in a Segment Routed
|   domain.  This topology awareness can be used for Operation,
|   Administration, and Maintenance (OAM) purposes as described by this
|   document.


------------------------------------------------------------------------

Section 10., paragraph 2:
EXPLANATION: Clarify what is meant by “compromise security” in concrete terms.

OLD:

    The PMS allows to insert traffic into non-SR domains.  This may be
    required in the case of an LDP domain attached to the SR domain, but
|   it can be used to compromise security in the case of external IP
|   domains and MPLS based VPNs.

NEW:

    The PMS allows to insert traffic into non-SR domains.  This may be
    required in the case of an LDP domain attached to the SR domain, but
|   it can be used to maliciously insert traffic in the case of external
|   IP domains and MPLS based VPNs.


------------------------------------------------------------------------


Section 10., paragraph 4:
EXPLANATION: Typo.

OLD:

    To limit potential misuse, access to a PMS needs to be authorized and
|   should be logged.  OAM supported by a PMS requires skilled personal
    and hence only experts requiring PMS access should be allowed to
    access such a system.  It is recommended to directly attach a PMS to
    an SR domain.  Connecting a PMS to an SR domain is technically
    possible, but adds further security issues.  A tunnel based access of
    a PMS to an SR domain is not recommended.

NEW:

    To limit potential misuse, access to a PMS needs to be authorized and
|   should be logged.  OAM supported by a PMS requires skilled personnel
    and hence only experts requiring PMS access should be allowed to
    access such a system.  It is recommended to directly attach a PMS to
    an SR domain.  Connecting a PMS to an SR domain is technically
    possible, but adds further security issues.  A tunnel based access of
    a PMS to an SR domain is not recommended.


------------------------------------------------------------------------
:

Best regards,

—
Carlos Pignataro, carlos@cisco.com<mailto:carlos@cisco.com>

“Sometimes I use big words that I do not fully understand, to make myself sound more photosynthesis."

On Dec 12, 2017, at 2:52 AM, Takeshi Takahashi <takeshi_takahashi@nict.go.jp<mailto:takeshi_takahashi@nict.go.jp>> wrote:

Reviewer: Takeshi Takahashi
Review result: Has Nits

The issues I have here are very minor.
The security consideration section became better than the 06 version that I
have reviewed before, but I hope the editors could be kind enough to help
reader understand security situation better.

Minor comments:

Regarding this sentence "but it can be used to compromse security in the cse of
external IP domains", what do you mean by "compromise security"? It would be
nice if you could describe what kind of security compromise may happen in order
for the readers to understand the threats more vividly.

Editorial comments:

1. LDP had better be spelled out.
2. "skilled personal": could it be "skilled personnel"?
3. This sentence "As it is necessary to know that the information is
  stale is order to follow the instruction, as is the case with for
  example convergence events that may be ongoing at the time of
  diagnostic measurement." is not easy to understand ofr me. I see some typo
  in this sentence as well.