[secdir] Secdir review of draft-ietf-pals-ms-pw-protection-03

Vincent Roca <vincent.roca@inria.fr> Thu, 22 October 2015 12:17 UTC

Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6832F1B3657; Thu, 22 Oct 2015 05:17:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.559
X-Spam-Level:
X-Spam-Status: No, score=-6.559 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TSV9pOcLBW7J; Thu, 22 Oct 2015 05:17:32 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 888341B3655; Thu, 22 Oct 2015 05:17:31 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.20,182,1444687200"; d="asc'?scan'208,217";a="184010555"
Received: from geve.inrialpes.fr ([194.199.24.116]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 22 Oct 2015 14:17:29 +0200
From: Vincent Roca <vincent.roca@inria.fr>
X-Pgp-Agent: GPGMail 2.5.2
Content-Type: multipart/signed; boundary="Apple-Mail=_319D0A96-25DC-4119-BABE-2A912ACB035A"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Date: Thu, 22 Oct 2015 14:17:28 +0200
Message-Id: <4EA4F51C-8A76-43F6-B53A-0473023933FE@inria.fr>
To: IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-pals-ms-pw-protection@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/2SVM-NaCRvW-X3G8FdPMd2xqays>
Subject: [secdir] Secdir review of draft-ietf-pals-ms-pw-protection-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2015 12:17:34 -0000

Hello,

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.


IMHO, the document is ready.

This document refers to RFC 6478 and other RFCs for the security considerations.
Given that no new mechanism is defined this seems reasonable.


Additional comments:

- Introduction: the PSN acronym is not expanded nor introduced.

- Fig. 1 refers to T-PE1 and T-PE2, while the corresponding description mentions PE1 and PE2:
	« In this figure, CE1 is connected to PE1 and CE2 is connected to PE2."

- typo, p.4: s/describes/describe in:
	« Sections 6 <file:///Users/roca/Desktop/draft-ietf-pals-ms-pw-protection-03.html#section-6> and 7 <file:///Users/roca/Desktop/draft-ietf-pals-ms-pw-protection-03.html#section-7> of RFC 6870 <https://tools.ietf.org/html/rfc6870> describes… »
  Also the references to section 6 and 7 point to the current I-D rather than sections 6 and 7 of RFC 6870.

Cheers,


  Vincent