Hi Dan, Thank you very much for your review and detailed comments, really appreciate your discussion and helpful suggestions.
I updated the document, addressed all your comments. It is reflected in the 08 version just posted. http://www.ietf.org/internet-drafts/draft-ietf-mpls-tp-security-framework-0 8.txt We acknowledged your help in the document. Please see in-line. -----Original Message----- From: <Romascanu>, "Dan (Dan)" <[email protected]> Date: Thursday, January 31, 2013 2:09 AM To: "[email protected]" <[email protected]> Cc: Luyuan Fang <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, Nabil Bitar <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Subject: Gen-ART Review of draft-ietf-mpls-tp-security-framework-07 >I am the assigned Gen-ART reviewer for this draft. For background on >Gen-ART, please see the FAQ at > ><http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > >Please resolve these comments along with any other Last Call comments you >may receive. > >Document: draft-ietf-mpls-tp-security-framework-07 >Reviewer: Dan Romascanu >Review Date: 1/31/13 >IETF LC End Date: 2/6/13 >IESG Telechat date: (if known) > >Summary: Ready with Issues > >This is a short, well-written and useful document that supplements RFC >5920 with information on reference models, security threats and defense >techniques specific to MPLS-TP. There is one major issue which I believe >should be fixed and is not too difficult to fix if the authors agree. > >Major issues: > >One of the major features of extending MPLS in MPLS-TP is rightly >identified in the words of the Abstract as the 'strong emphasis on static >provisioning supported by network management systems'. However Sections 3 >and 4 miss to describe accurately the threats introduced by provisioning >tools and the defensive techniques that need to be put in place in order >to address these threats. > >Section 3 speaks about 'attacks to NMS' but this is quite vague (what >kind of attacks?) and incomplete, as it is not only the NMS that can be >attacked but also the communication between the NMS and the routers that >are being provisioned, as well as the access of the users to the >provisioning tools. Threats like disclosure of information, masquerade >(as NMS) or access of unauthorized users to the provisioning information >and controls need to be clearly articulated here. [luyuan] Good points. In Section 3, the following text is added (after the paragraph talks "attacks to NMS"): Attacks to NMS may come from external attackers, or insiders. Outside attacks are initiated outside of the trusted zone by unauthorized user of the MPLS-TP network management systems. Insider attack is initiated from inside of the trusted zone by an entity with authorized access to the management systems, but performs unapproved harmful functions to the MPLS-TP networks. These attacks may be directly targeted to the NMS, or via the compromised communication channels between the NMS and the network devices that are being provisioned, or through the access of the users to the provisioning tools. The security threat may include disclosure of information, generating false OAM messages, taking down MPLS-TP LSPs, connecting to the wrong MPLS-TP tunnel end points, and DoS attacks to the MPLS-TP networks. > > >In Section 4 the corresponding defensive techniques need to be listed, or >at least make clear that techniques like entity authentication for >identity verification, encryption for confidentiality, message integrity >and replay detection to ensure the validity of message streams, as well >as users access control and events logging need to apply also for NMS >applications and provisioning traffic. > [luyuan] Agreed. The following paragraph is added at the end of the section 4, pretty much based on your suggestions. It is important to point out the following security defense techniques which are particularly critical for NMS due to the strong emphasis on static provisioning supported by NMS in MPLS-TP deployment. These techniques include: Entity authentication for identity verification, encryption for confidentiality, message integrity and replay detection to ensure the validity of message streams, as well as users access control and events logging which must be applied for NMS and provisioning applications. > >Minor issues: > >Nits/editorial comments: > >1. Several acronyms are not expanded at first occurrence: PE/T-PE, GAL [luyuan] Fixed. We initially had terminology section, it was taken out during the last call discussion. I added the section back with a new list of terms that are relevant to this document. > >2. Inconsistent abbreviation: T-PE in the text, TPE in figures 2-5 [luyuan] Fixed. > >3. The first sentence in Section 3 seems broken grammatically: > >> This section discuss various network security threats which are to > MPLS-TP and may endanger MPLS-TP networks. [luyuan] Fixed. New text: This section discusses various network security threats that are unique to MPLS-TP and may endanger MPLS-TP networks. > > Thanks, Luyuan _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
