Re: secdir review of draft-ietf-mpls-lsp-ping-relay-reply

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Sean Turner
Thank you for the review. I am so sorry to reply after a long time. We need to update the document according to George's comments.
Now we have post v7, URL: http://www.ietf.org/internet-drafts/draft-ietf-mpls-lsp-ping-relay-reply-07.txt
The change lists are as below:
1. add a destination point in stack TLV to avoid potential loop.
2. add a source address in stack TLV, then the initiator could get the replying node address.
I also reply inline to your questions as below. Thank you.


Regards
Lizhong
 
From: Sean Turner
Date: 2014-12-14 03:29
To: draft-ietf-mpls-lsp-ping-relay-reply; secdir; The IESG; ietf
Subject: secdir review of draft-ietf-mpls-lsp-ping-relay-reply
Do not be alarmed.  I have reviewed this document as part of the
security directorate’s ongoing effort to review all IETF documents being
processed by the IESG.  These comments were written with the intent
of improving security requirements and considerations in IETF drafts.
Comments not addressed in last call may be included in AD reviews
during the IESG review.  Document editors and WG chairs should treat
these comments just like any other last call comments.
 
Version: 06
Summary: Ready with some non-security/non-privacy nits.
 
Ping mechanisms always give me the heebie-jeebies [1]
because of the security concerns associated with them (i.e., DoS,
spoofing/hijacking/etc., and unauthorized disclosure).  This document
specifies an extension to the existing ECHO mechanism in RFC 4379
and it does nothing to address these concerns in fact it increases the
concerns wrt DoS. *BUT* it rightly points this increase exposure out in
the security considerations section.  It provides remediation techniques
similar to those specified in RFC 4379: rate limit and validate source
against access list.  This draft, unlike RFC 4379, does recommend that
operators wishing to not disclose their nodes blank the address out in
the TLV.  This draft also refers to RFC 4379 for additional security
considerations.
 
WARNING - questions and nits follow:
 
s3 - 1st paragraph: Relayed Echo Reply “replaces” Echo Reply - does this
mean you’re deprecating the use of “Echo Reply”?
[Lizhong] no. The reply message from any node to initiator will still be Echo Reply.
But the reply message from replying LSR to a relay node or from a relay node to 
another relay node will be Relayed Echo Reply.
 
s4.1: Is the outermost label allowed to be set to 255 to support the
“ping” mode or must it always be set to 1, 2, etc. to support “traceroute"
mode - as described in RFC 4379 s4.3?   I know s5 is just an example
but it really looks like this extension is just supposed to be for fault
isolation.
[Lizhong] It is possible to set 255. One implementation in my mind is to manually
generate the stack TLV list, and the replying LSR could still relay the message back
to the initiator according to the received stack TLV list. The case in the document is
for stack TLV list auto learning.
 
s4.1 - last paragraph: Does the next initiator put it’s address in the stack
before or after the previous initiator?  I assume it’s after, but I maybe
missed that part?  Would be good to state that explicitly.
[Lizhong] are you referring to section 4.2. There is some change in v7. Please help
to check again, to see if that is OK for you now.
 
Cheers,
spt
 
[1] http://en.wikipedia.org/wiki/Heebie-jeebies_(idiom)

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]