Re: Secdir last call review of draft-ietf-mpls-flow-ident-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Daniel

Thank you for the review.


On 10/01/2018 21:36, Daniel Franke wrote:

Reviewer: Daniel Franke
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

I know next to nothing about MPLS. The proposed functionality seems reasonable
and persuasively justified, but it is possible that there are significant
issues I'm overlooking. I have a couple nitpicks about the Security
Considerations section.

The lowercased (i.e., non-RFC-2119) "must"s and "should"s are weasel words when
not connected with a statement of what objective is achieved by following those
recommendations. For example, the sentence "Propagation of identification
information outside the MPLS network imposing it must be disabled by default"
ought to be prefaced or suffixed with something along the lines of "In order to
preserve present assumptions about MPLS privacy properties".

This is a useful point and I have included it in the security section.

I see a lot of discussion about confidentiality concerns when flow information
is propagated across trust boundaries, but no discussion about the dual
integrity concerns.

I am not sure what a dual integrity concern is. Do you mean data integrity?

I suggest including some word of warning that flow
information received from an untrusted LSR cannot be assumed correct, so
caution is advised before relying on it, e.g., to determine for billing
purposes whether SLAs are being met.

In an MPLS network we would not have any exchange with an untrusted LSR.
It is a fundamental assumption that routers within the same domain are trustworthy. 
If a router was untrustworthy it could cause immense damage to the whole
network, for example, by sending false reachability information that would bring the 
whole network down.  So within an MPLS network we tend to trust that the
routers tell the truth.

- Stewart
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux