[Teas] Roman Danyliw's No Objection on draft-ietf-teas-rfc3272bis-26: (with COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Fri, 04 August 2023 18:46 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: teas@ietf.org
Delivered-To: teas@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A81EC14F75F; Fri, 4 Aug 2023 11:46:27 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-teas-rfc3272bis@ietf.org, teas-chairs@ietf.org, teas@ietf.org, vishnupavan@gmail.com, vishnupavan@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 11.5.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <169117478716.3141.3054966488138918502@ietfa.amsl.com>
Date: Fri, 04 Aug 2023 11:46:27 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/S2ZMWjRyKa88mdAfOfSwUnZiJK0>
Subject: [Teas] Roman Danyliw's No Objection on draft-ietf-teas-rfc3272bis-26: (with COMMENT)
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2023 18:46:27 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-teas-rfc3272bis-26: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-teas-rfc3272bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Shawn Emery for the SECDIR review. ** Section 6.6. With the context that I don’t have a clear sense of what was chosen to be included in this document on traffic engineering, it seemed liked a few common traffic engineering design patterns related to survivability were not included. I could also see discussion of these in the Security Considerations: -- traffic filtering/scrubbing of any/every kind at the edge to prevent attacks from entering the network or leaving (a very primitive form of traffic engineering) -- choosing optional security features in control plane protocols such as authentication to harden the control plan -- relying on external packet scrubbing services to mitigate DDoS attacks ** Section 9 In general, TE mechanisms are security-neutral: they may use tunnels which can slightly help protect traffic from inspection and which, in some cases, can be secured using encryption; they put traffic onto predictable paths within the network that may make it easier to find and attack; they increase the complexity or operation and management of the network; and they enable traffic to be steered onto more secure links or to more secure parts of the network. Saying that TE mechanisms are security neutral” seems incongruent to the rest of the text. For example, noting that a path “can be secured using encryption” doesn’t seem neutral at all and changes the security properties of the traffic carries. Poorly configured traffic engineering seems like it could have disastrous consequences on security or “survivability” as discussed in Section 6.
- [Teas] Roman Danyliw's No Objection on draft-ietf… Roman Danyliw via Datatracker
- Re: [Teas] Roman Danyliw's No Objection on draft-… Adrian Farrel