ietf
[Top] [All Lists]

secdir review of draft-ietf-tsvwg-ecn-mpls-02.txt

2007-10-18 19:56:53
This is a review of draft-ietf-tsvwg-ecn-mpls-02.txt.

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I am not very familiar with MPLS or Diffserv, but I did read some of
the cited MPLS and ECN references in order to understand this
document.

I mostly agree with the claim in the Security Considerations that this
proposal introduces no additional vulnerabilities.  However, although
this document indicates that using a RFC3540 ECN nonce to detect
misbehaving receivers continues to work under this proposal, a RFC3540
nonce can also be used to detect disruption of the end-to-end
continuity of ECN signaling.  This proposal can compromise the
detection of disruptions of end-to-end ECN signaling continuity which
occur within a given MPLS domain.  I lack the context to determine
whether this is a serious problem.

The procedure described in RFC3540 relies on the existence of two
distinct ECT indications to convey a single bit's worth of nonce data
to the receiving transport endpoint.  This proposal functionally uses
only a single bit to indicate a CM state.  If a malicious or
malfunctioning element within the MPLS domain clears a CM state set by
some LSR, the egress LSR will not set the CE state in the
unencapsulated IP packet.  Consequently, the receiving transport
endpoint acts as if the packet did not have a CE state marked at all,
and the sending transport endpoint receives no indication that a
problem exists with end-to-end ECN signaling.

In effect, the MPLS domain behaves as a single black box router from
the perspective of RFC3540, masking any ECN signaling anomalies
internal to the MPLS domain.  This may be an acceptable consequence of
this proposal, but it would be useful to know whether this consequence
has been considered.

---Tom

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>