Last Call Review of draft-ietf-pce-gmpls-pcep-extensions-12
review-ietf-pce-gmpls-pcep-extensions-12-secdir-lc-roca-2018-11-29-00
| Request | Review of | draft-ietf-pce-gmpls-pcep-extensions |
|---|---|---|
| Requested revision | No specific revision (document currently at 16) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2018-10-29 | |
| Requested | 2018-10-15 | |
| Authors | Cyril Margaria , Oscar Gonzalez de Dios , Fatai Zhang | |
| I-D last updated | 2018-11-29 | |
| Completed reviews |
Rtgdir Last Call review of -12
by Dave Sinicrope
(diff)
Opsdir Last Call review of -12 by Tianran Zhou (diff) Secdir Last Call review of -12 by Vincent Roca (diff) Secdir Telechat review of -13 by Vincent Roca (diff) Genart Telechat review of -14 by Elwyn B. Davies (diff) |
|
| Assignment | Reviewer | Vincent Roca |
| State | Completed | |
| Request | Last Call review on draft-ietf-pce-gmpls-pcep-extensions by Security Area Directorate Assigned | |
| Reviewed revision | 12 (document currently at 16) | |
| Result | Has issues | |
| Completed | 2018-11-29 |
review-ietf-pce-gmpls-pcep-extensions-12-secdir-lc-roca-2018-11-29-00
Hello,
I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
Summary: Ready with issues
The Security Considerations section provides a good introduction to the risks.
However my main concern is the lack of discussion around security policies.
After reading this section, we have the feeling that TLS alone is sufficient to
secure the GMPLS PCE WRT the three attacks described.
With scenario 1, a fundamental part of the solution consists in setting
up security policies: what is acceptable or not in terms of path?
It may be discussed in the two references mentioned in the last paragraph,
but even in that case, the way the current section is written is misleading.
I have two additional comments:
** Ambiguous text: it is said
o Message deciphering: As in the previous case, knowledge of an
infrastructure can be obtained by sniffing PCEP messages.
Message deciphering suggests the message is encrypted but the attacker
has enough knowledge to decrypt it. I'm not sure it's what the authors mean.
I think there's a confusion in the use of "deciphering" which in security
explicitely refers to encryption (https://en.wikipedia.org/wiki/Cipher).
** Ambiguous text: it is said
"Authentication can provide origin verification, message integrity and
replay protection,..."
Àuthentication of the two peers on the one hand, and integrity/replay
protection on the other hand, are different services.
There's probably a package where these three services are bundled together,
but that's a design choice. I suggest changing a little bit the sentence
to avoid this confusion.
Typo:
** Section 6: "A legitimate PCC could requests" : s/requests/request/
Cheers,
Vincent