Telechat Review of draft-ietf-opsawg-service-assurance-architecture-12
review-ietf-opsawg-service-assurance-architecture-12-secdir-telechat-huitema-2022-12-20-00
| Request | Review of | draft-ietf-opsawg-service-assurance-architecture |
|---|---|---|
| Requested revision | No specific revision (document currently at 13) | |
| Type | Telechat Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2022-12-13 | |
| Requested | 2022-11-30 | |
| Authors | Benoît Claise , Jean Quilbeuf , Diego Lopez , Daniel Voyer , Thangam Arumugam | |
| I-D last updated | 2022-12-20 | |
| Completed reviews |
Artart Last Call review of -11
by Bron Gondwana
(diff)
Tsvart Last Call review of -11 by Mirja Kühlewind (diff) Genart Last Call review of -11 by Paul Kyzivat (diff) Secdir Last Call review of -11 by Christian Huitema (diff) Secdir Telechat review of -12 by Christian Huitema (diff) |
|
| Assignment | Reviewer | Christian Huitema |
| State | Completed | |
| Request | Telechat review on draft-ietf-opsawg-service-assurance-architecture by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/4YX2Fcv_U8Y-HPjK8R17pvofJkA | |
| Reviewed revision | 12 (document currently at 13) | |
| Result | Ready | |
| Completed | 2022-12-20 |
review-ietf-opsawg-service-assurance-architecture-12-secdir-telechat-huitema-2022-12-20-00
My review of version 11 of this draft was making a number of suggestions. These suggestions have largely been addressed in the version 12 of the draft: * The risk caused by compromised agents are addressed by setting permissions according to [I-D.ietf-opsawg-service-assurance-yang]. * The security section now includes a more precise description of the permissions that should be granted to SAIN agents * The authors added recommendation that service administrators only obtain the information needed for building the assurance graph and no more, which somewhat mitigates the risk of attackers using configuration data. * The authors added a suggestion to compare reporting by multiple agents and detect potential anomalies such as compromised agent mishbehaving, and reasonably flag that as a point for further study. * The risks caused by loss of access to NTP service are documented. In addition to flagging the NTP risk, the authors could have suggested mitigation for temporary loss of access to the NTP service. There might be ways such as indicating the state of the clocks in the agents report, or estimating potential clock drift based on quality of local clocks and delay since the last NTP synchronization. However, this is speculative and it would be sufficient to flag it for further study.