Re: Secdir last call review of draft-ietf-rtgwg-spf-uloop-pb-statement-09

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If the security considerations are addressed in a different document, this should be stated in the security considerations section. 

On Mon, Jan 7, 2019 at 12:05 PM Stewart Bryant <stewart.bryant@xxxxxxxxx> wrote:


On 07/01/2019 16:11, Phillip Hallam-Baker wrote:
Reviewer: Phillip Hallam-Baker
Review result: Has Issues

The document describes the problem and solution pretty clearly. Unfortunately,
there is no discussion of the security considerations which is not appropriate
for a document addressing an availability which is a security issue.

While microloops can form by chance, some consideration should be given to the
possibility that an attacker could induce a loop to perform a DoS attack.

In section 1 the text says:

[RFC8405] defines a solution that satisfies this problem statement
   and this document captures the reasoning of the provided solution.

It is safe to assume that the reader of this text would have read normative reference RFC8405 and thus would be fully aware of the security issues related to the solution being analysed.

An attacker that had access to a network such that they could induce microloops would have the ability to do many worse things to the network.

If they were able to attack in-band they could poison the routing system to take it down in far more interesting ways. Operators use security at the physical and network layer to prevent this.

If they were operating at the physical layer then they could take circuits down at will and cause microloops in the base protocol, traffic overloads and application malfunction.

Thus if the attacker could deploy either of those attacks in a network to induce micro-loops, then any security considerations in this draft would count for nothing.

The draft is an analysis, and thus I think that it correctly states that it introduces no additional matters for security consideration.

- Stewart



--

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux