Skip to main content

Last Call Review of draft-ietf-alto-deployments-15
review-ietf-alto-deployments-15-secdir-lc-wierenga-2016-06-23-00

Request Review of draft-ietf-alto-deployments
Requested revision No specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-06-21
Requested 2016-06-09
Authors Martin Stiemerling , Sebastian Kiesel , Michael Scharf , Hans Seidel , Stefano Previdi
Draft last updated 2016-06-23
Completed reviews Genart Last Call review of -15 by Brian E. Carpenter (diff)
Genart Telechat review of -15 by Brian E. Carpenter (diff)
Opsdir Last Call review of -14 by Carlos Pignataro (diff)
Secdir Last Call review of -15 by Klaas Wierenga (diff)
Assignment Reviewer Klaas Wierenga
State Completed
Review review-ietf-alto-deployments-15-secdir-lc-wierenga-2016-06-23
Reviewed revision 15 (document currently at 16)
Result Has Nits
Completed 2016-06-23
review-ietf-alto-deployments-15-secdir-lc-wierenga-2016-06-23-00

Hi,

 have reviewed this document as part of the security directorate's ongoing
 effort to review all IETF documents being processed by the IESG. These
 comments were written primarily for the benefit of the security area
 directors. Document editors and WG chairs should treat these comments just
 like any other last call comments.

This document describes use cases when deploying ALTO (Application Layer
Traffic Optimization). It provides guidance for using and deploying ALTO
services.

The document reads well and is as far as I can tell pretty exhaustive (if
anything the

emphasis
 seems slightly on P2P rather than CDN, but that seems justified by the number
 of different P2P deployments as opposed to CDN).

I particularly like the extensive coverage of privacy and security issues
throughout the document, this was clearly not bolted on late in the process. I
have only a few comments
 and therefore believe the document is:

ready with nits

- A number of the comments throughout the document pertain to privacy, I think
the document would have benefited from a separate privacy considerations
paragraph, in addition
 to the security considerations.

- Not directly security related (apart from DoS), but I wonder in how far it is
a risk that clients have a relatively static view of the world (3.4.4), i.e. it
is assumed
 that the network characteristics don’t change rapidly. To use an analogy, is
 there a risk that when there is some holdup on the highway, that all cars will
 take the sand path for some extended period of time, thus clogging the sand
 path? If this is covered in other documents I apologise, but in the
 reviewed document that appears to be a risk.

- There is text around validation of the clients (7.3 ALTO server access), but
to my surprise there is no wording to authentication of the server. As a client
operator I
 would expect to be able to validate the server, after all the server
 is telling me where to go for the resources I need. The text explains what the
 risk of injecting wrong information is (7.4), but the authenticity of the
 server itself is not discussed. A simple server authentication seems to go a
 long way in preventing rogue ALTO servers.

Klaas

--

Klaas Wierenga

Identity Architect

Cisco Cloud Services