Will add. Thanks for the text. Dhruv
On Thursday 15 September 2016, Kathleen Moriarty < [email protected]> wrote: > Hello, > > Thanks for the quick response. inline. > > On Wed, Sep 14, 2016 at 1:57 PM, Dhruv Dhody <[email protected] > <javascript:;>> wrote: > > Hi Kathleen, > > > > Thanks for your review. > > I am posting the updated security consideration text (same as in the > reply to Stephen), see inline. > > > >> -----Original Message----- > >> From: Pce [mailto:[email protected] <javascript:;>] On Behalf Of > Kathleen Moriarty > >> Sent: 14 September 2016 22:27 > >> To: The IESG <[email protected] <javascript:;>> > >> Cc: [email protected] <javascript:;>; > [email protected] <javascript:;>; > >> [email protected] <javascript:;> > >> Subject: [Pce] Kathleen Moriarty's No Objection on > >> draft-ietf-pce-pcep-service-aware-12: (with COMMENT) > >> > >> Kathleen Moriarty has entered the following ballot position for > >> draft-ietf-pce-pcep-service-aware-12: No Objection > >> > >> When responding, please keep the subject line intact and reply to all > email > >> addresses included in the To and CC lines. (Feel free to cut this > introductory > >> paragraph, however.) > >> > >> > >> Please refer to > >> https://www.ietf.org/iesg/statement/discuss-criteria.html > >> for more information about IESG DISCUSS and COMMENT positions. > >> > >> > >> The document, along with other ballot positions, can be found here: > >> https://datatracker.ietf.org/doc/draft-ietf-pce-pcep-service-aware/ > >> > >> > >> > >> ---------------------------------------------------------------------- > >> COMMENT: > >> ---------------------------------------------------------------------- > >> > >> The security sections of the referenced documents look very good. The > one > >> thing I don't see mentioned is use of these metrics to perform network > >> reconnaissance to perform other attacks. I'm also interested to see the > >> responses to Stephen's questions. > >> > >> Thanks. > > > > > > [Dhruv] Updated security consideration section reads - > > OLD > > This document defines new METRIC types, a new BU object, and new OF > > codes which does not add any new security concerns beyond those > > discussed in [RFC5440] and [RFC5541] in itself. Some deployments may > > find the service aware information like delay and packet loss to be > > extra sensitive and thus should employ suitable PCEP security > > mechanisms like TCP-AO or [PCEPS]. > > NEW > > This document defines new METRIC types, a new BU object, and new OF > > codes which does not add any new security concerns beyond those > > discussed in [RFC5440] and [RFC5541] in itself. Some deployments may > > find the service aware information like delay and packet loss to be > > extra sensitive and could be used to influence path computation and > > setup with adverse effect. Additionally snooping of PCEP messages > > with such data may give an attacker sensitive information about the > > operations of the network. Thus, such deployment should employ > > suitable PCEP security mechanisms like TCP Authentication Option > > (TCP-AO) [RFC5925] or [PCEPS]. The Transport Layer Security (TLS) > > based procedure in [PCEPS] is considered as a security enhancement > > and thus much better suited for the sensitive service aware > > information. > > This looks good for Stephen's comment, could you add in something > about reconnaissance as well? Maybe: > > current new: > Additionally snooping of PCEP messages > with such data may give an attacker sensitive information about the > operations of the network. > proposed new: > Additionally snooping of PCEP messages > with such data, or using PCEP messages for network > reconnaissance, may give an attacker sensitive information about the > operations of the network. > > Thanks, > Kathleen > > > > > > > Let me know if you would like some change in wordings. > > > > Thanks! > > Dhruv > > > >> > >> > >> _______________________________________________ > >> Pce mailing list > >> [email protected] <javascript:;> > >> https://www.ietf.org/mailman/listinfo/pce > > > > -- > > Best regards, > Kathleen >
_______________________________________________ Pce mailing list [email protected] https://www.ietf.org/mailman/listinfo/pce
