Re: [secdir] secdir review of draft-ietf-tsvwg-diffserv-intercon-09
"Black, David" <David.Black@dell.com> Wed, 21 September 2016 14:28 UTC
Return-Path: <David.Black@dell.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5449B12B1A5; Wed, 21 Sep 2016 07:28:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=fail (1024-bit key) reason="fail (message has been altered)" header.from=David.Black@dell.com header.d=dell.com; dkim=pass (1024-bit key) header.d=dell.com header.b=JlGAbj2h; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=m0uwsFej
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xUy0IO62glqt; Wed, 21 Sep 2016 07:28:02 -0700 (PDT)
Received: from esa6.dell-outbound.iphmx.com (esa6.dell-outbound.iphmx.com [68.232.149.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5B8E12B1B7; Wed, 21 Sep 2016 07:28:01 -0700 (PDT)
DomainKey-Signature: s=smtpout; d=dell.com; c=simple; q=dns; h=Received:From:Cc:Received:Received:X-DKIM:DKIM-Signature: X-DKIM:Received:Received:Received:To:Subject:Thread-Topic: Thread-Index:Date:Message-ID:References:In-Reply-To: Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:x-originating-ip:Content-Type: Content-Transfer-Encoding:MIME-Version: X-Sentrion-Hostname:X-RSA-Classifications; b=bfqduTzOu2RL452XVXPXkheFDkXZJSyaGSM2FdS5/ufFysQrTLO18E6L J06J4lmrhE/CmR/J+Wn9AhLv/R2b73mvRQ9Sqlbk39lGFxX1j8CsKN0DI cXXz/1Wywih837NFq8helsoJM6o3FRSXQcQ3cAmgqnw1SLLs6ylYteU56 E=;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1474468081; x=1506004081; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=lf8cYKP4kwN4W/r/XaoDfuyARA3GC6OBqqX4a3ZhP7c=; b=JlGAbj2hs3/sSCO3B0sjI+vTBJ3kVJDMPbzvlFmq2zpGvLgamvaUImF3 4egqi+JJAOHOm19wezu775dfH6cSPpy/ugrOYeCO/fB/kD1K/qCchUOoU ACUIZkEEPpOfK8gMzo9qTcB9v5gkoP+KJG84Xd+JzsgWFjw52F2+x6b8i E=;
Received: from esa6.dell-outbound2.iphmx.com ([68.232.154.99]) by esa6.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2016 09:28:00 -0500
From: "Black, David" <David.Black@dell.com>
Received: from mailuogwhop.emc.com ([168.159.213.141]) by esa6.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2016 20:28:00 +0600
Received: from maildlpprd05.lss.emc.com (maildlpprd05.lss.emc.com [10.253.24.37]) by mailuogwprd04.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id u8LERwa8004387 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 21 Sep 2016 10:27:59 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com u8LERwa8004387
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1474468079; bh=6/x1isyn5RnTQ+Td9RxDGu1OEho=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=m0uwsFej+b7q0EpihReGBS4+g6oN9sCeLkiGSIIj/m8/b4Fihv9w6l3FD3KDgkYhq yPtBLHJwWtCIB5U6pmOq8Zp61pq8zvy6tXgrJcCctG9zYnHVrvWaegtEgrOBBqRq9L 3z6+fxPmLBK2mnqya7ESfDL3TtiOcVMcq01TEqTQ=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com u8LERwa8004387
Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd05.lss.emc.com (RSA Interceptor); Wed, 21 Sep 2016 10:27:43 -0400
Received: from MXHUB319.corp.emc.com (MXHUB319.corp.emc.com [10.146.3.97]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id u8LERgCv011624 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Wed, 21 Sep 2016 10:27:43 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB319.corp.emc.com ([10.146.3.97]) with mapi id 14.03.0266.001; Wed, 21 Sep 2016 10:27:42 -0400
To: Benjamin Kaduk <kaduk@MIT.EDU>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-tsvwg-diffserv-intercon@ietf.org" <draft-ietf-tsvwg-diffserv-intercon@ietf.org>
Thread-Topic: secdir review of draft-ietf-tsvwg-diffserv-intercon-09
Thread-Index: AQHSDjyajyKhOTPr40WZvsnPej2GaaCEA6aw
Date: Wed, 21 Sep 2016 14:27:42 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362F69D7C8@MX307CL04.corp.emc.com>
References: <alpine.GSO.1.10.1609132359590.5272@multics.mit.edu>
In-Reply-To: <alpine.GSO.1.10.1609132359590.5272@multics.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.252.39.235]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Jl6AogkAB3J-15cH8gSw8O-ovKM>
Cc: "Black, David" <David.Black@dell.com>
Subject: Re: [secdir] secdir review of draft-ietf-tsvwg-diffserv-intercon-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2016 14:28:04 -0000
Hi Ben,
Thanks for the review.
> However, I do think it's worth giving a little bit of new thought to the
> potential privacy considerations -- a new way of marking traffic, in
> abstract, has the potential to leak classification information about the
> traffic in question (e.g., is this IP address doing telephony?). That
> said, the classification added by this document is something that could be
> done by any party with access to the raw network traffic, so I don't think
> there are actually any new considerations in play; it's just something to
> keep in mind.
On balance, it seems like a good idea to add a sentence or two to point out
that additional traffic classification information is exposed at network
interconnections by comparison to DSCP remarking to zero - if that traffic
classification info is sensitive, remarking DSCPs to zero to hide the classification
is the countermeasure, at the cost of loss of QoS info and traffic handling
on the interconnect.
Also, here are a few comments on your editorial suggestions:
>
> Introduction, first paragraph, space between ')' and 'and'.
> Just a few words later, is it clearer to s/at/for use at/?
Yes, we'll make both changes.
> Top of page 3, last sentence of first paragraph ("This draft assumes that
> latter approach by defining additional DSCPs that are known and expected
> at network interconnection interfaces.") -- I think maybe "subsumes" is a
> better verb than "assumes", as it is true that unknown/unexpected DSCPs
> are remarked to zero, but there is additional functionality in the
> known/expected DSCPs that are preserved.
Well, "subsumes" isn't quite right either. Here's a longer rewrite that I hope
makes things clearer:
OLD
This draft assumes that latter approach by defining additional DSCPs
that are known and expected at network interconnection interfaces.
NEW
This draft is based on the latter approach, and defines additional DSCPs
that are known and expected at network interconnection interfaces in
order to reduce the amount of traffic whose DSCPs are remarked to zero.
> Across the page 3/page 4 boundary, the part after the semicolon is a
> sentence fragment ... I can't even tell what it's trying to say. Maybe,
> "remarking to zero is performed in the absence of [...]" (but put a comma
> before "for").
Yes, it's a fragment - here's a suggested rewrite:
OLD
remarking in the absence of
additional agreement(s) when the MPLS Short Pipe model is used for
reasons explained in this document.
NEW
use of the MPLS Short Pipe model favors remarking unexpected DSCPs
to zero in the absence of additional agreement(s), as explained further
in this document.
> Section 1.1, first paragraph, is this work really intended to *complement*
> RFC 5160? It seems to me that rather it is building upon 5160, or
> implementing its suggestions, or something like that.
The activities are independent, so "complement" is a reasonable summary.
> Section 4, Telephony Service Treatment Aggregate, it looks like the
> convention would have the DSCP be formatted as "101 100" with a space.
Yes, there's a missing space.
Thanks, --David
> -----Original Message-----
> From: Benjamin Kaduk [mailto:kaduk@MIT.EDU]
> Sent: Wednesday, September 14, 2016 12:01 AM
> To: iesg@ietf.org; secdir@ietf.org; draft-ietf-tsvwg-diffserv-intercon@ietf.org
> Subject: secdir review of draft-ietf-tsvwg-diffserv-intercon-09
>
> [re-sending with proper recipients list; sorry for the duplicate]
>
> Hi all,
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> This draft is Ready.
>
> I had to do some background reading (RFC 2475, mostly, and skimming some
> other references) to really understand what's going on here; I'll probably
> use some wrong terminology as a result. This draft describes a standard
> set of 4 Treatment Aggregates that can be used by MPLS networks using the
> Short-Pipe tunnel mode to preserve IP Differentiated Service code point
> markings and the corresponding per-hop behaviors as traffic traverses the
> network boundary. DSCP translation is expected to be done both at entry
> and exit from the network (as applicable; not all traffic is through
> traffic, of course) betwen the standard DSCPs and network-internal DSCPs
> used to apply PHBs, but the benfit of this scheme is the standardized
> interface, much as how it is easier for a user to accept a two-clause BSD
> software license that is well-known than it is for that user to accept a
> software EULA that was custom written by a company's lawyers. Otherwise,
> everything described in this document could be done already by two peered
> networks that negotiate an SLA. With this document, they still must
> negotiate an SLA, but there are standard terms to simplify the process.
>
> The security considerations accordingly note (correctly) that this
> document does not introduce new features; rather, it describes how to use
> existing ones. It refers to the security considerations in RFCs 2475 and
> 4594, which seem to be complete, noting that differentiated services
> introduce the possibility of fasely marked/prioritized traffic and the
> potential for denial of service. Only calling out IPsec as the example is
> a bit dated, but the general principles still seem fine -- the physical
> network has to be protected and traffic sanitized on entry.
>
> However, I do think it's worth giving a little bit of new thought to the
> potential privacy considerations -- a new way of marking traffic, in
> abstract, has the potential to leak classification information about the
> traffic in question (e.g., is this IP address doing telephony?). That
> said, the classification added by this document is something that could be
> done by any party with access to the raw network traffic, so I don't think
> there are actually any new considerations in play; it's just something to
> keep in mind.
>
>
> A few editorial comments follow:
>
> Please expand PHBs in the abstract, not just in the introduction
>
> Introduction, first paragraph, space between ')' and 'and'.
> Just a few words later, is it clearer to s/at/for use at/?
>
> Top of page 3, last sentence of first paragraph ("This draft assumes that
> latter approach by defining additional DSCPs that are known and expected
> at network interconnection interfaces.") -- I think maybe "subsumes" is a
> better verb than "assumes", as it is true that unknown/unexpected DSCPs
> are remarked to zero, but there is additional functionality in the
> known/expected DSCPs that are preserved.
>
> Across the page 3/page 4 boundary, the part after the semicolon is a
> sentence fragment ... I can't even tell what it's trying to say. Maybe,
> "remarking to zero is performed in the absence of [...]" (but put a comma
> before "for").
>
> Section 1.1, first paragraph, is this work really intended to *complement*
> RFC 5160? It seems to me that rather it is building upon 5160, or
> implementing its suggestions, or something like that.
>
> Section 4, Telephony Service Treatment Aggregate, it looks like the
> convention would have the DSCP be formatted as "101 100" with a space.
>
> -Ben
- [secdir] secdir review of draft-ietf-tsvwg-diffse… Benjamin Kaduk
- [secdir] secdir review of draft-ietf-tsvwg-diffse… Benjamin Kaduk
- Re: [secdir] secdir review of draft-ietf-tsvwg-di… Black, David
- Re: [secdir] secdir review of draft-ietf-tsvwg-di… Benjamin Kaduk