[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Internal WG Review: Recharter of Next Steps in Signaling (nsis)

To: <kempf@docomolabs-usa.com>, <ietf-secretariat@ietf.org>, <iesg@ietf.org>, <iab@ietf.org>
Subject: RE: Internal WG Review: Recharter of Next Steps in Signaling (nsis)
From: john.loughney@nokia.com
Date: Wed, 28 May 2003 13:51:03 +0300
Date: Thu, 29 May 2003 18:03:30 +0000

Hi James,

> In general, this charter looks good, but I've got one question about
> the security section. In IAB discussions with Ran Atkinson last fall,
> it came up that one inhibitor for end to end Diffsrv is that it opens
> a potential DoS attack pathway on the receiving network, in that the
> attacker can label packets as EF and thereby enhance the effectiveness
> of the attack (and potentially overwhelm the EF forwarding capacity of
> the routers). According to Ran, this is a major barrier to QoS
> deployment among ISPs.
> 
> Would it be possible to insert some text into the security section
> that specifically mentions security as a barrier to deployment,
> something like:
> 
>     Security is a very important concern for NSIS. The working group will
>     study and analyze the threats and security requirements for signaling,
>     particularly using threats that are currently acting as barriers to deployment of
>     QoS as examples. Compatibility with authentication and authorization mechanisms
>     such as those of Diameter, COPS-PR, and RSVP-PR auth-session, will be
>     addressed.
> 
> Or would this be skewing the charter too much in the direction of the
> particular QoS application of NSIS?

It is somewhat too QoS specific, in my opinion.  I am generally of the opinion
that there are many things in networks today, like middleboxes (NATs, firewalls, etc), 
which greatly degrade service, which need signaling - so I view these as yet another
part of the QoS puzzle.  These boxes have very strong security & AA needs, so
I'd like to avoid QoS specific text in the charter, as much as is practical.

However, on a positive note, we already have 2 working group documents addressing
security:

http://www.ietf.org/internet-drafts/draft-ietf-nsis-threats-01.txt
http://www.ietf.org/internet-drafts/draft-ietf-nsis-rsvp-sec-properties-01.txt

as well as an individual draft (which I still am trying to figure out what
to do with) which addresses AAA:

http://www.ietf.org/internet-drafts/draft-ietf-nsis-rsvp-sec-properties-01.txt

However, if you have good suggestions on language in the proposed charter
to ensure that the WG is clear on this point, I'd be very happy to try
to incorporate it.

thanks,
John

Prev by Date: RE: Last Call: Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework to BCP
Next by Date: Re: Education BOF Request
Previous by thread: Re: Internal WG Review: Recharter of Next Steps in Signaling (nsis)
Next by thread: RE: Internal WG Review: Recharter of Next Steps in Signaling (nsis)
Index(es):
- Date
- Thread