[Tsvwg] Fwd: I-D ACTION:draft-ietf-tsvwg-rsvp-proxy-proto-08.txt
Francois Le Faucheur IMAP <flefauch@cisco.com> Tue, 03 March 2009 12:30 UTC
Return-Path: <flefauch@cisco.com>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A3E1D28C263 for <tsvwg@core3.amsl.com>; Tue, 3 Mar 2009 04:30:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.598
X-Spam-Level:
X-Spam-Status: No, score=-8.598 tagged_above=-999 required=5 tests=[AWL=-2.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kXxqnxfXK3gQ for <tsvwg@core3.amsl.com>; Tue, 3 Mar 2009 04:30:55 -0800 (PST)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id D3EF53A6C3F for <tsvwg@ietf.org>; Tue, 3 Mar 2009 04:30:55 -0800 (PST)
X-IronPort-AV: E=Sophos; i="4.38,296,1233532800"; d="scan'208,217"; a="149792137"
Received: from ams-dkim-1.cisco.com ([144.254.224.138]) by sj-iport-1.cisco.com with ESMTP; 03 Mar 2009 12:31:21 +0000
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n23CVLQb014350; Tue, 3 Mar 2009 13:31:21 +0100
Received: from xbh-ams-332.emea.cisco.com (xbh-ams-332.cisco.com [144.254.231.87]) by ams-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n23CVLZt021459; Tue, 3 Mar 2009 12:31:21 GMT
Received: from xfe-ams-331.emea.cisco.com ([144.254.231.72]) by xbh-ams-332.emea.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 3 Mar 2009 13:31:21 +0100
Received: from [144.254.53.207] ([144.254.53.207]) by xfe-ams-331.emea.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 3 Mar 2009 13:31:20 +0100
Message-Id: <BD007332-94AE-49DA-833B-471DF1173D12@cisco.com>
From: Francois Le Faucheur IMAP <flefauch@cisco.com>
To: tsvwg IETF list <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="Apple-Mail-8-78240116"
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Tue, 03 Mar 2009 13:31:17 +0100
References: <20090302224501.EF3C228C284@core3.amsl.com>
X-Mailer: Apple Mail (2.930.3)
X-OriginalArrivalTime: 03 Mar 2009 12:31:20.0355 (UTC) FILETIME=[F4D64730:01C99BFB]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=17699; t=1236083481; x=1236947481; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=flefauch@cisco.com; z=From:=20Francois=20Le=20Faucheur=20IMAP=20<flefauch@cisco. com> |Subject:=20Fwd=3A=20[Tsvwg]=20I-D=20ACTION=3Adraft-ietf-ts vwg-rsvp-proxy-proto-08.txt |Sender:=20; bh=/yQgoNv8xsemlqr0AKQDr8lJm8oKokdm2zNovHyAMOk=; b=Il5H9fX3p5OXauGiYt2VBZLinbUaagn+eRnZ7imNpWoJkHzBTlX6nlIxqE 1/DfOx3jyjbHYndu5HE64Plj/r4WEN10TQunV3ZOpN/LJ3Yx9avFiSt7Xdvs TEWIy7v3Hh;
Authentication-Results: ams-dkim-1; header.From=flefauch@cisco.com; dkim=pass ( sig from cisco.com/amsdkim1002 verified; );
Cc: Stephen Kent <kent@bbn.com>
Subject: [Tsvwg] Fwd: I-D ACTION:draft-ietf-tsvwg-rsvp-proxy-proto-08.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2009 12:30:57 -0000
Hello, > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Area Working Group > Working Group of the IETF. > > Title : RSVP Extensions for Path-Triggered RSVP Receiver Proxy > Author(s) : F. Le Faucheur, J. Manner, A. Narayanan, A. Guillou, L. > Faucheur > Filename : draft-ietf-tsvwg-rsvp-proxy-proto-08.txt Version -08 addresses Steve Kent's security directorate's review comments. See the thread below for comments + proposed resolution. Francois Begin forwarded message: > From: Francois Le Faucheur IMAP <flefauch@cisco.com> > Date: 1 February 2009 18:00:57 CEST > To: Stephen Kent <kent@bbn.com> > Cc: Francois Le Faucheur IMAP <flefauch@cisco.com>, secdir@core3.amsl.com > , Pasi.Eronen@nokia.com, tim.polk@nist.gov, jmanner@cs.helsinki.fi, ashokn@cisco.com > , allan.guillou@neufcegetel.fr, magnus.westerlund@ericsson.com > Subject: Re: Comments on draft-ietf-tsvwg-rsvp-proxy-proto-07.txt > > Hello Steve, > > Thanks a lot for your comments. > > We will post a new rev shortly aiming at addressing your comments. > Let us know if you have comments/concerns on the proposed resolution > approaches as described embedded below: > > On 17 Dec 2008, at 03:29, Stephen Kent wrote: > >> I have reviewed this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the >> IESG. These comments were written primarily for the benefit of the >> security area directors. Document editors and WG chairs should >> treat these comments just like any other last call comments. >> >> This document defines extensions to RSVP to enable a router to act >> as an RSVP "Receiver Proxy," when a sender invokes the proxy >> through use of an RSVP Path message (so-called Path-triggered >> RSVP). (An RSVP Receiver Proxy is employed when the sender >> (reservation requestor) is more than one hop away from the first >> router that implements RSVP.). A companion document (ietf-tsvwg- >> rsvp-proxy-approaches) is cited as an informative reference, but >> given that this document makes extensive use of definitions from >> that document, I think it is more properly a normative reference. > > The companion document (draft-tsvwg-rsvp-proxy-approaches) is going > for Information Track while the present document is going for > Standards Track. We understand it is not appropriate to normative > downref an Informational doc from a Standards doc. If this is not > the case, we can certainly move the ref to the Normative Ref section. > >> >> >> The use of a receiver proxy for RSVP reverses the usual roles in >> the RSVP protocol, and this suggests that there may be new security >> concerns, distinct form those usually addressed by RSVP. I expected >> he security considerations section address this possible issue, and >> about 40% of the text in that section is devoted to this topic, and >> it is appropriately addressed. > > great. > >> >> On page 12 the authors note that certain error cases in multicast >> environments could result in transmission of a large number of >> PathErr messages to a sender by many receivers. This is cited as a >> possible "scalability issue," which I interpret as a euphemism for >> DDoS attacks. I also expected to see a mention of this in the >> security considerations section, but there was no further >> discussion of this DoS issue. > > The reason we see this case as a scalability issue rather than DDOS > is because the device that receives all the multiple PathErr > messages is actually the device that can trigger those in the first > place (by sending a Path). So we just pointed out that a well- > behaved sender may (in some large scale multicast environment) get > more PathErr than he'd like. A mis-behaved sender would primarily > trigger a self-DDOS than real DDOS. > > Of course, there is the general security concern about a node > sending many RSVP messages to an RSVP neighbor thereby DOSing it (or > potentially DDOSing other RSVP nodes since some RSVP messages may in > turn trigger multiple RSVP messages). But that is not really > specific to PathErr messages and is addressed generically in teh > security considerations section when discussing use of RSVP > Authentication mechanisms. > >> >> Page 12 also notes that the mandated behavior described in "this >> section" (but presumably subsequent sections, i.e., 3.1.1-3.1.4) >> does not apply in the case of wildcard filtered reservations. That >> seems a bit ambiguous; does this mean that the routers SHOULD/MUST >> do nothing in the error cases described later, or that they MAY do >> anything that implementors please? > > Yes, the current text is ambiguous. > > The right behavior would be that the receiver proxy sends a PathErr > message to all the senders. > > So text will be changed to something like: > " > For Wildcard-Filter (WF) style reservations, it is not always > possible for the Receiver Proxy to reliably know which sender caused > the reservation failure. Therefore, the Receiver Proxy SHOULD send > a PathErr towards each sender. This means that all the senders will > receive a notification that the reservation is not established, > including senders that did not cause the reservation failure. > Therefore, the method of sender notification via PathErr message is > somewhat over-conservative (i.e. in some cases rejecting > reservations from some senders when those could have actually been > established) when used in combination with Wildcard-Filter style > (and when there is more than one sender). > " > > Your comment also made us realize that: > * we didn't use 2119 terminology when discussing the FF and SE > styles. so we will : > s/the Receiver Proxy sends/the Receiver Proxy MUST send/ > * we did not include the equivalent discussion on applicability to > multicast and WF/SE/FF in section 3.2. So we will add that discussion. > >> >> >> I have attached copy of the document, with numerous proposed edits >> that I believe will improve readability. >> > > I included your suggestions (and addressed the few comments > embedded) in teh new rev that will be posted soon.. > Thanks for this very thorough review. > > Francois > >> Steve<draft-ietf-tsvwg-rsvp-proxy-proto-07.pdf> > >
- [Tsvwg] I-D ACTION:draft-ietf-tsvwg-rsvp-proxy-pr… Internet-Drafts
- [Tsvwg] Fwd: I-D ACTION:draft-ietf-tsvwg-rsvp-pro… Francois Le Faucheur IMAP