Dhruv, On Wed, Sep 14, 2016 at 1:41 PM, Dhruv Dhody <[email protected]> wrote:
> Will add. Thanks for the text. Now that you have feedback from at least one SEC AD, I wanted to add that I thought your text was very helpful (and even more helpful with Kathleen's addition, of course). Thanks, Spencer, who isn't speaking for Mirja, either, of course! > > Dhruv > > > On Thursday 15 September 2016, Kathleen Moriarty < > [email protected]> wrote: > >> Hello, >> >> Thanks for the quick response. inline. >> >> On Wed, Sep 14, 2016 at 1:57 PM, Dhruv Dhody <[email protected]> >> wrote: >> > Hi Kathleen, >> > >> > Thanks for your review. >> > I am posting the updated security consideration text (same as in the >> reply to Stephen), see inline. >> > >> >> -----Original Message----- >> >> From: Pce [mailto:[email protected]] On Behalf Of Kathleen Moriarty >> >> Sent: 14 September 2016 22:27 >> >> To: The IESG <[email protected]> >> >> Cc: [email protected]; [email protected]; >> >> [email protected] >> >> Subject: [Pce] Kathleen Moriarty's No Objection on >> >> draft-ietf-pce-pcep-service-aware-12: (with COMMENT) >> >> >> >> Kathleen Moriarty has entered the following ballot position for >> >> draft-ietf-pce-pcep-service-aware-12: No Objection >> >> >> >> When responding, please keep the subject line intact and reply to all >> email >> >> addresses included in the To and CC lines. (Feel free to cut this >> introductory >> >> paragraph, however.) >> >> >> >> >> >> Please refer to >> >> https://www.ietf.org/iesg/statement/discuss-criteria.html >> >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> >> >> >> The document, along with other ballot positions, can be found here: >> >> https://datatracker.ietf.org/doc/draft-ietf-pce-pcep-service-aware/ >> >> >> >> >> >> >> >> ---------------------------------------------------------------------- >> >> COMMENT: >> >> ---------------------------------------------------------------------- >> >> >> >> The security sections of the referenced documents look very good. The >> one >> >> thing I don't see mentioned is use of these metrics to perform network >> >> reconnaissance to perform other attacks. I'm also interested to see >> the >> >> responses to Stephen's questions. >> >> >> >> Thanks. >> > >> > >> > [Dhruv] Updated security consideration section reads - >> > OLD >> > This document defines new METRIC types, a new BU object, and new OF >> > codes which does not add any new security concerns beyond those >> > discussed in [RFC5440] and [RFC5541] in itself. Some deployments may >> > find the service aware information like delay and packet loss to be >> > extra sensitive and thus should employ suitable PCEP security >> > mechanisms like TCP-AO or [PCEPS]. >> > NEW >> > This document defines new METRIC types, a new BU object, and new OF >> > codes which does not add any new security concerns beyond those >> > discussed in [RFC5440] and [RFC5541] in itself. Some deployments may >> > find the service aware information like delay and packet loss to be >> > extra sensitive and could be used to influence path computation and >> > setup with adverse effect. Additionally snooping of PCEP messages >> > with such data may give an attacker sensitive information about the >> > operations of the network. Thus, such deployment should employ >> > suitable PCEP security mechanisms like TCP Authentication Option >> > (TCP-AO) [RFC5925] or [PCEPS]. The Transport Layer Security (TLS) >> > based procedure in [PCEPS] is considered as a security enhancement >> > and thus much better suited for the sensitive service aware >> > information. >> >> This looks good for Stephen's comment, could you add in something >> about reconnaissance as well? Maybe: >> >> current new: >> Additionally snooping of PCEP messages >> with such data may give an attacker sensitive information about the >> operations of the network. >> proposed new: >> Additionally snooping of PCEP messages >> with such data, or using PCEP messages for network >> reconnaissance, may give an attacker sensitive information about the >> operations of the network. >> >> Thanks, >> Kathleen >> >> > >> > >> > Let me know if you would like some change in wordings. >> > >> > Thanks! >> > Dhruv >> > >> >> >> >> >> >> _______________________________________________ >> >> Pce mailing list >> >> [email protected] >> >> https://www.ietf.org/mailman/listinfo/pce >> >> >> >> -- >> >> Best regards, >> Kathleen >> >
_______________________________________________ Pce mailing list [email protected] https://www.ietf.org/mailman/listinfo/pce
