[secdir] Review of draft-ietf-cdni-requirements-13

Shawn M Emery <shawn.emery@oracle.com> Sat, 30 November 2013 17:27 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0146B1AE477 for <secdir@ietfa.amsl.com>; Sat, 30 Nov 2013 09:27:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id OOeI8HMclEN9 for <secdir@ietfa.amsl.com>; Sat, 30 Nov 2013 09:27:48 -0800 (PST)
Received: from aserp1040.oracle.com (aserp1040.oracle.com []) by ietfa.amsl.com (Postfix) with ESMTP id 88C0E1AE046 for <secdir@ietf.org>; Sat, 30 Nov 2013 09:27:48 -0800 (PST)
Received: from acsinet21.oracle.com (acsinet21.oracle.com []) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id rAUHRj2l029343 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 30 Nov 2013 17:27:46 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com []) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rAUHRgOS011410 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 30 Nov 2013 17:27:45 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com []) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rAUHRgHw003498; Sat, 30 Nov 2013 17:27:42 GMT
Received: from [] (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sat, 30 Nov 2013 09:27:42 -0800
Message-ID: <529A2050.7090205@oracle.com>
Date: Sat, 30 Nov 2013 10:28:48 -0700
From: Shawn M Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20130718 Thunderbird/17.0.6
MIME-Version: 1.0
To: secdir@ietf.org
References: <52158CF5.4050001@oracle.com>
In-Reply-To: <52158CF5.4050001@oracle.com>
X-Forwarded-Message-Id: <52158CF5.4050001@oracle.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: acsinet21.oracle.com []
Cc: draft-ietf-cdni-requirements.all@tools.ietf.org
Subject: [secdir] Review of draft-ietf-cdni-requirements-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Nov 2013 17:27:50 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This informational internet-draft describes the requirements to integrate
multiple Content Delivery Networks (CDNs) for Content Service Providers (CSPs)
so that end users have a single point of access for content.

The security considerations section does exist and refers to a separate section
for the discussion on security requirements.  This section gives requirements
priorities from high to low on the various types of attacks.  The high level
priorities are for authentication, confidentiality, integrity protection,
protection against replay, spoofing, and DoS attacks.  Since it is a requirements
specification there is purposefully no discussion on how to mitigate against such

General comments:


Editorial comments: