[secdir] secdir review of draft-ietf-bfd-seamless-use-case-04
Tobias Gondrom <tobias.gondrom@gondrom.org> Tue, 12 April 2016 16:49 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C31E012D5F8; Tue, 12 Apr 2016 09:49:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.045
X-Spam-Level:
X-Spam-Status: No, score=-101.045 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_DYNAMIC_IPADDR=1.951, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=tobias.gondrom@gondrom.org header.d=gondrom.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29KGgNh8538p; Tue, 12 Apr 2016 09:49:49 -0700 (PDT)
Received: from lvps5-35-241-16.dedicated.hosteurope.de (www.gondrom.org [5.35.241.16]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BE9B12DAFB; Tue, 12 Apr 2016 09:49:49 -0700 (PDT)
Received: from [192.168.43.211] (ip-109-43-3-20.web.vodafone.de [109.43.3.20]) by lvps5-35-241-16.dedicated.hosteurope.de (Postfix) with ESMTPSA id 5428063380; Tue, 12 Apr 2016 18:49:47 +0200 (CEST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=SHnkcsiVX7VxaglXwVs9xuRR2jKXTEI7W7mIRtSNyPiKQ65lNp8ILfiYuzKxUS0+zQPfqiuNEQWjEKOZ2lFOkjFpmMeK6nFB+y0g55mCcY4ctmR9LqhqPS8yp7LBJVLhia5HgvoejwekKn03t1VP0L8oigbOu8WBwM23a4DlIU0=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:Content-Type;
Message-ID: <570D272A.8090105@gondrom.org>
Date: Tue, 12 Apr 2016 18:49:46 +0200
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: secdir@ietf.org, iesg@ietf.org
Content-Type: multipart/alternative; boundary="------------090808070701090403000001"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/F4uILEqeeQkMJH27ODEwGQ6KWPs>
Cc: draft-ietf-bfd-seamless-use-case.all@ietf.org
Subject: [secdir] secdir review of draft-ietf-bfd-seamless-use-case-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2016 16:49:51 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The draft aims for informational and is about various use cases for Bidirectional Forwarding Detection (BFD) and various requirements. Note: Solutions to the identified uses cases and protocol specific enhancements are outside the scope of this document. If this document is seen as use case document only, it appears in good shape. However, it also includes a section 4 about requirements and it seems security requirements have not been considered among them. Maybe that is not intended or not necessary. I will leave that question up for the judgement by the WG. One main comment: 1. section 5: Security Considerations is empty as it states not to introduce any new protocols. In principle that is ok, as long as it is understood that the following proposed protocols for these use cases will need to answer to security considerations. However, as the document also speaks about requirements, it would have been nice to spell out specific security requirements that are to be considered from these use cases. Security requirements (from protection against malicious actors) should have been considered in section 4. Also the various use cases should be explored for whether they may expose a system to abuse. E.g. several requirements are stated as "MUST" (which btw. I am not sure is the proper use of RFC2119 definition). The question would be if a system will follow these requirements whether it would be exposed to additional security risks. E.g. Req#2 "MUST be able to establish a unidirectional BFD session without the bidirectional handshake", #3 "BFD session MUST be able to be established without the need for session negotiation". Overall I can see the request for these requirements. I would also like to see a discussion of their security implications and risks. nitbits: some of the language seems not so clean. Not outright wrong, but very hard to understand. Maybe some native speakers or the RFC editor can help clean this up: e.g. section 3.2 "All it takes is for the network entities to know what the discriminator values to be used for the session." I read this sentence a few times and not quite sure which words to add to match the intended meaning of the authors. ;-) Thank you and best regards. Tobias
- [secdir] secdir review of draft-ietf-bfd-seamless… Tobias Gondrom