ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

re: secdir review of draft-ietf-dime-priority-avps-04

2011-07-26 05:42:07
from [carlberg] [Permanent Link] 
Hi Steve,

Thanks for the review.

<snip>


This standards track document defines Diameter AVPs that can be
used to convey a variety of priority parameters. While the Security
Considerations section of this document properly requires that
implementers review the Security Considerations section in the
Diameter protocol specification and consider the issues described
there, it does not include any analysis of the specific security
issues related to priority systems. The authors should review other
Security Considerations sections relating to priority systems
(e.g. the one in RFC 4412) and add text that describes the
special security issues that arise with priority systems and
the countermeasures that may be employed.
You raise an interesting issue and we actually had a discussion about this on the DIME list <http://www.ietf.org/mail-archive/web/dime/current/msg04773.html>
And just for the sake of completeness, here is the security considerations text of the dime-priority-avps draft in question: 

   This document describes the extension of Diameter for conveying Quality
   of Service information.  The security considerations of the Diameter
   protocol itself have been discussed in [I-D.ietf-dime-rfc3588bis].  Use
   of the AVPs defined in this document MUST take into consideration the
   security issues and requirements of the Diameter base protocol.

   The authors also recommend that readers should familiarize themselves
   with the security considerations of the various protocols listed in
   the Normative References listed below.
In a nutshell, the authors and the chair disagreed with the need for extending the security considerations to include an analysis with other protocols (eg, rfc-4412) because these protocols operate outside of the DIAMETER protocol. The dime-priority-avps draft is an extension of I-D.ietf-dime-rfc3588bis, and thus is subject to the same security considerations to the bis draft. And its also important to keep in mind that the dime-priority-avps draft does not inject prioritization into the exchange of DIAMETER messages. It simply defines AVPs that correlate to some priority fields of other protocols.
If it was the last sentence (above) in the dime-priority-avps security considerations that has triggered your comment about further analysis, then I'd prefer just removing that text. 

cheers,

-ken


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: draft-ietf-v6ops-6to4-to-historic (yet again), Philip Homburg
Next by Date:  RE: secdir review of draft-ietf-dime-priority-avps-04, Stephen Hanna
Previous by Thread:  Secdir review of draft-ietf-dime-priority-avps-04, Stephen Hanna
Next by Thread:  RE: secdir review of draft-ietf-dime-priority-avps-04, Stephen Hanna
Indexes:  [Date] [Thread] [Top] [All Lists]