[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ccamp-rsvp-restart-ext-06

To: "Derek Atkins" <derek@ihtfp.com>, <ccamp@ops.ietf.org>
Subject: Re: draft-ietf-ccamp-rsvp-restart-ext-06
From: "Adrian Farrel" <adrian@olddog.co.uk>
Date: Sat, 13 Jan 2007 11:39:21 -0000
Cc: <ccamp-chairs@tools.ietf.org>, <asatyana@cisco.com>, <rrahman@cisco.com>, <lberger@labn.net>, <dimitri.papadimitriou@alcatel.be>, <ancaz@cisco.com>, <jisrar@cisco.com>, <iesg@ietf.org>, <secdir@MIT.EDU>
Organization: Old Dog Consulting
References: <sjmac0n26no.fsf@cliodev.pgp.com>
Reply-to: "Adrian Farrel" <adrian@olddog.co.uk>

Hi Derek,

I think this is a good question so I am bringing it to the CCAMP list.

The bottom line would appear to be:
- The exchange between neighbors before restart was
  secured by normal RSVP-TE means
- The exchange after restart is secured by the same means.
- This provides a degree of protection that the restarting
  node is receiving information that it originally sent to
  its neighbor.

The obvious question is, should the restarting node have some (private) wayof authenticating that the information received on restart originated withit? This would presumably be some sort of cookie manufactured from a mock-upof the restart message that the restarting node expects to receive andhanded to the neighbor for use in the event of a restart.


Seems like overkill to me, but I'd appreciate views from the WG.

Adrian

----- Original Message -----From: "Derek Atkins" <derek@ihtfp.com>

To: <iesg@ietf.org>; <secdir@MIT.EDU>

Cc: <ccamp-chairs@tools.ietf.org>; <asatyana@cisco.com>;<rrahman@cisco.com>; <lberger@labn.net>; <dimitri.papadimitriou@alcatel.be>;<ancaz@cisco.com>; <jisrar@cisco.com>

Sent: Friday, January 12, 2007 10:59 PM
Subject: draft-ietf-ccamp-rsvp-restart-ext-06

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I don't see any issues in this document beyond those already stated
in the Security Considerations.

My only question to the authors would be how does a recovering node
verify that the data it gets from a peer node really came from the
recovering node?  Right now it just seems to have to trust that the
peer returns valid data.

-derek
--
      Derek Atkins                 617-623-3745
      derek@ihtfp.com             www.ihtfp.com
      Computer and Internet Security Consultant

Prev by Date: Re: [mpls] Re: CCAMP Last call on draft-deoliveira-diff-te-preemption-06.txt
Next by Date: Re: Progressing the three inter-domain I-Ds
Previous by thread: Re: [mpls] Re: CCAMP Last call on draft-deoliveira-diff-te-preemption-06.txt
Next by thread: Re: draft-ietf-ccamp-rsvp-restart-ext-06
Index(es):
- Date
- Thread