[secdir] Secdir review of draft-ietf-bess-ir

Magnus Nyström <magnusn@gmail.com> Wed, 03 August 2016 05:37 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2C9712D967; Tue, 2 Aug 2016 22:37:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RS9k2KRFRw7N; Tue, 2 Aug 2016 22:37:53 -0700 (PDT)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FB3412B020; Tue, 2 Aug 2016 22:37:53 -0700 (PDT)
Received: by mail-yw0-x22b.google.com with SMTP id r9so218590547ywg.0; Tue, 02 Aug 2016 22:37:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=Tyxv91Wk0pYu81hza6o9xeTRvWL2yEwBFcyLj8VxCzw=; b=m1ZdjlZfiQ9FlfUW457x7Ug/phTbVS0wHvFBPjaoh8iIxJ8vDfWMZIZwPJTM6HHEBP cYA48hd8vUrrPmMaNDdO6DON/PAZMM3Pkzc5nBvj3Wgdyeg3PL2nNXB3BLBc111uVgVg meDRrg/zzZZRLmNZW+dBs8Cr2cn+bOSLalDirL5Ak0Lo0OkCpxCLBRer+CChpeVv7Z9N vvLd4L4rwD9VlLFpS4J+xsTHlFz0hZIJpk+EgopW1PPFwjj1bORaYodKO/zdaNeYUAxe 7Fby4enXeEAxPi3qpT04g97v76VXuNJS31pR5d4i08kwIPKGGYtX14UrZrygq135puHw qcDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Tyxv91Wk0pYu81hza6o9xeTRvWL2yEwBFcyLj8VxCzw=; b=hnqPKASJ4pykwo/tjB4Lqrdsnenj9n4PCe0GduYac1OJ/vhG/7GEKbZVAgteMeUT8d 3ii/st9zDLZJwHe+VclLsjo5LCburf/JIpGHCN2UiJuV56DYLUXBuAjGPCRcL+2NmgAX QN2h9GjCx9YIW6IvLHKK2zTEYV7O528snOPxIfp/uyoeYg3hHf1PCtzXYbU96wYkGTYO tWz5y5c4Hrzpzx1vEQf9daOEvUIptZ1w3svkZrkaFVEB3IiKBPgjiZJ8dFjUAjVnD+Ra KQ4Uyg1IKs7gFD5qVPOoCK3ge+IvTU+Dazm4iVrn3AIxly/6TmL1DO6X+MMRaoqSFSJU ddNQ==
X-Gm-Message-State: AEkoouus0i7tpOfB5TSbPRyO/YO1aBw0GmRTRPqfxn62Tkv7DLVlGmfGVD/1zCFU1b0radRgHjjjt5X88OV5XA==
X-Received: by 10.37.109.86 with SMTP id i83mr4179905ybc.123.1470202672600; Tue, 02 Aug 2016 22:37:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.192.208 with HTTP; Tue, 2 Aug 2016 22:37:52 -0700 (PDT)
From: Magnus Nyström <magnusn@gmail.com>
Date: Tue, 02 Aug 2016 22:37:52 -0700
Message-ID: <CADajj4bnpw3qhcaFJnH7VoxDe_eUoT8X=6gmEUqCVCx-EEcRXw@mail.gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-bess-ir@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/2ZqEnDwDdAnt-zYj4AUKAeC5DtM>
Subject: [secdir] Secdir review of draft-ietf-bess-ir
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 05:37:55 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes the establishment and use of so-called
"ingress replication tunnels" in connection with multicast VPNs. As
such, the document, as I read it, merely provides further details on
the procedures already defined in RFC 6513 and RFC 6514.
Correspondingly, I would agree with the assertion in the Security
Considerations section that the Security Considerations sections in
those RFCs still apply.

-- Magnus