Last Call Review of draft-ietf-tsvwg-diffserv-intercon-09
review-ietf-tsvwg-diffserv-intercon-09-secdir-lc-kaduk-2016-09-15-00

Request Review of draft-ietf-tsvwg-diffserv-intercon
Requested rev. no specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-09-08
Requested 2016-09-01
Draft last updated 2016-09-15
Completed reviews Genart Last Call review of -08 by Brian Carpenter (diff)
Genart Last Call review of -12 by Brian Carpenter (diff)
Secdir Last Call review of -09 by Benjamin Kaduk (diff)
Rtgdir Early review of -09 by Lou Berger (diff)
Assignment Reviewer Benjamin Kaduk
State Completed
Review review-ietf-tsvwg-diffserv-intercon-09-secdir-lc-kaduk-2016-09-15
Reviewed rev. 09 (document currently at 14)
Review result Ready
Review completed: 2016-09-15

Review
review-ietf-tsvwg-diffserv-intercon-09-secdir-lc-kaduk-2016-09-15

[re-sending with proper recipients list; sorry for the duplicate]

Hi all,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft is Ready.

I had to do some background reading (RFC 2475, mostly, and skimming some
other references) to really understand what's going on here; I'll probably
use some wrong terminology as a result. This draft describes a standard
set of 4 Treatment Aggregates that can be used by MPLS networks using the
Short-Pipe tunnel mode to preserve IP Differentiated Service code point
markings and the corresponding per-hop behaviors as traffic traverses the
network boundary.  DSCP translation is expected to be done both at entry
and exit from the network (as applicable; not all traffic is through
traffic, of course) betwen the standard DSCPs and network-internal DSCPs
used to apply PHBs, but the benfit of this scheme is the standardized
interface, much as how it is easier for a user to accept a two-clause BSD
software license that is well-known than it is for that user to accept a
software EULA that was custom written by a company's lawyers.  Otherwise,
everything described in this document could be done already by two peered
networks that negotiate an SLA.  With this document, they still must
negotiate an SLA, but there are standard terms to simplify the process.

The security considerations accordingly note (correctly) that this
document does not introduce new features; rather, it describes how to use
existing ones.  It refers to the security considerations in RFCs 2475 and
4594, which seem to be complete, noting that differentiated services
introduce the possibility of fasely marked/prioritized traffic and the
potential for denial of service.  Only calling out IPsec as the example is
a bit dated, but the general principles still seem fine -- the physical
network has to be protected and traffic sanitized on entry.

However, I do think it's worth giving a little bit of new thought to the
potential privacy considerations -- a new way of marking traffic, in
abstract, has the potential to leak classification information about the
traffic in question (e.g., is this IP address doing telephony?).  That
said, the classification added by this document is something that could be
done by any party with access to the raw network traffic, so I don't think
there are actually any new considerations in play; it's just something to
keep in mind.


A few editorial comments follow:

Please expand PHBs in the abstract, not just in the introduction

Introduction, first paragraph, space between ')' and 'and'.
Just a few words later, is it clearer to s/at/for use at/?

Top of page 3, last sentence of first paragraph ("This draft assumes that
latter approach by defining additional DSCPs that are known and expected
at network interconnection interfaces.") -- I think maybe "subsumes" is a
better verb than "assumes", as it is true that unknown/unexpected DSCPs
are remarked to zero, but there is additional functionality in the
known/expected DSCPs that are preserved.

Across the page 3/page 4 boundary, the part after the semicolon is a
sentence fragment ... I can't even tell what it's trying to say.  Maybe,
"remarking to zero is performed in the absence of [...]" (but put a comma
before "for").

Section 1.1, first paragraph, is this work really intended to *complement*
RFC 5160?  It seems to me that rather it is building upon 5160, or
implementing its suggestions, or something like that.

Section 4, Telephony Service Treatment Aggregate, it looks like the
convention would have the DSCP be formatted as "101 100" with a space.

-Ben