Hi Kathleen, Thanks for your review. I am posting the updated security consideration text (same as in the reply to Stephen), see inline.
> -----Original Message----- > From: Pce [mailto:[email protected]] On Behalf Of Kathleen Moriarty > Sent: 14 September 2016 22:27 > To: The IESG <[email protected]> > Cc: [email protected]; [email protected]; > [email protected] > Subject: [Pce] Kathleen Moriarty's No Objection on > draft-ietf-pce-pcep-service-aware-12: (with COMMENT) > > Kathleen Moriarty has entered the following ballot position for > draft-ietf-pce-pcep-service-aware-12: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-pce-pcep-service-aware/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > The security sections of the referenced documents look very good. The one > thing I don't see mentioned is use of these metrics to perform network > reconnaissance to perform other attacks. I'm also interested to see the > responses to Stephen's questions. > > Thanks. [Dhruv] Updated security consideration section reads - OLD This document defines new METRIC types, a new BU object, and new OF codes which does not add any new security concerns beyond those discussed in [RFC5440] and [RFC5541] in itself. Some deployments may find the service aware information like delay and packet loss to be extra sensitive and thus should employ suitable PCEP security mechanisms like TCP-AO or [PCEPS]. NEW This document defines new METRIC types, a new BU object, and new OF codes which does not add any new security concerns beyond those discussed in [RFC5440] and [RFC5541] in itself. Some deployments may find the service aware information like delay and packet loss to be extra sensitive and could be used to influence path computation and setup with adverse effect. Additionally snooping of PCEP messages with such data may give an attacker sensitive information about the operations of the network. Thus, such deployment should employ suitable PCEP security mechanisms like TCP Authentication Option (TCP-AO) [RFC5925] or [PCEPS]. The Transport Layer Security (TLS) based procedure in [PCEPS] is considered as a security enhancement and thus much better suited for the sensitive service aware information. Let me know if you would like some change in wordings. Thanks! Dhruv > > > _______________________________________________ > Pce mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/pce _______________________________________________ Pce mailing list [email protected] https://www.ietf.org/mailman/listinfo/pce
