draft-ietf-ipo-framework

[Steve Bellovin <smb@research.att.com>]

Mumble.  They did the minimum to respond to my comments
from last time.  Not to put too fine a point on it, they
mostly took my text and incorporated it, without (as best
I can tell) even thinking about the issue.  For example, I said:

        There's another
        possible denial of service attack that might be worth thinking
        about:  could requests for improbable paths (i.e., paths for
        which the network wasn't heavily provisioned) consume all of
        the ports on internal OXCs?  If so, global co-ordination of
        service requests might be needed.

The I-D says this:

   Optical networks may also be subject to subtle forms of denial of 
   service attacks. An example of this would be requests for  optical 
   connections with explicit routes that induce a high degree of 
   blocking for subsequent requests. This aspect might require some 
   global coordination of resource allocation.  
    
Are there further implications?

I also noted this:

        Optical routing is strictly more dangerous than IP routing,
        since attacks on the former show up via traceroute and the
        like.  But optical elements are invisible (so to speak)
        to IP nodes.  Thus, the output of RPSEC should be considered
        in eventual protocols.

I see no new text that addresses this point.

I'm not sure it's worth holding the document up yet again just for 
these, but if it's going back, I'd sure like some more work on security.
As I said, mumble.


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)