Re: [secdir] secdir review of draft-ietf-ccamp-gmpls-ethernet-arch-07
Lou Berger <lberger@labn.net> Fri, 18 December 2009 12:24 UTC
Return-Path: <lberger@labn.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 896B43A6A36 for <secdir@core3.amsl.com>; Fri, 18 Dec 2009 04:24:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aCpEaCkBsrCM for <secdir@core3.amsl.com>; Fri, 18 Dec 2009 04:24:08 -0800 (PST)
Received: from outbound-mail-121.bluehost.com (outbound-mail-121.bluehost.com [67.222.38.21]) by core3.amsl.com (Postfix) with SMTP id 5B9603A6A1C for <secdir@ietf.org>; Fri, 18 Dec 2009 04:24:08 -0800 (PST)
Received: (qmail 18788 invoked by uid 0); 18 Dec 2009 12:17:14 -0000
Received: from unknown (HELO box313.bluehost.com) (69.89.31.113) by outboundproxy4.bluehost.com with SMTP; 18 Dec 2009 12:17:14 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=labn.net; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding:X-Identified-User; b=ua2oS/fW7o5tdhSmu0ZGngOLIGvjcVKZzKsFo6WfzJhyLdXvsEmq6hvBjwedbcwjK7IeeqijYeRscI4K2BXAKloGUIvJer88MatwUWUO7yfwgggPUuvKU0mHxWy7hO2k;
Received: from box313.bluehost.com ([69.89.31.113] helo=[127.0.0.1]) by box313.bluehost.com with esmtpa (Exim 4.69) (envelope-from <lberger@labn.net>) id 1NLbli-0007lI-7v; Fri, 18 Dec 2009 05:17:14 -0700
Message-ID: <4B2B7316.4000103@labn.net>
Date: Fri, 18 Dec 2009 07:18:30 -0500
From: Lou Berger <lberger@labn.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1) Gecko/20090902 Eudora/3.0b3
MIME-Version: 1.0
To: David McGrew <mcgrew@cisco.com>
References: <86FD1A1E-AE10-4FAB-83D6-BC5042211490@cisco.com>
In-Reply-To: <86FD1A1E-AE10-4FAB-83D6-BC5042211490@cisco.com>
X-Enigmail-Version: 0.96a
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {1038:box313.bluehost.com:labnmobi:labn.net} {sentby:smtp auth 69.89.31.113 authed with lberger@labn.net}
Cc: loa.andersson@ericsson.com, donald.fedyk@alcatel-lucent.com, IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-ccamp-gmpls-ethernet-arch-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2009 12:24:08 -0000
Thank you for the comments! On 12/17/2009 6:54 PM, David McGrew wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > Section 9, Security Considerations. > "The architecture for GMPLS controlled "transport" Ethernet assumes > that the network consists of trusted devices" I believe what is > meant is "The architecture for GMPLS controlled "transport" Ethernet > assumes that the GMPLS core network consists of trusted devices". > This is fairly vague, and it would be useful to use the terms from > draft-ietf-mpls-mpls-and-gmpls-security-framework-07, and say > something like "A GMPLS controlled "transport" Ethernet system should > assume that users and devices attached to UNIs may behave maliciously, > negligently, or incorrectly. Providers are trusted to not be > malicious." > The document refers the reader to draft-ietf-mpls-mpls-and-gmpls- > security-framework-07 for most security considerations, which is a > fair thing to do. > draft-ietf-mpls-mpls-and-gmpls-security-framework-07 recommends > encryption, so I suggest adding a reference to IEEE 802.1AE Media > Access Control (MAC) Security, like this: "Cryptography can be used to > protect against many attacks described in [draft-ietf-mpls-mpls-and- > gmpls-security-framework-07]. One option for protecting "transport" > Ethernet is the use of 802.1AE Media Access Control Security, which > provides encryption and authentication." > Nit: Section 1. "SONET/SDH TDM" needs a comma > regards, > David > > >
- [secdir] secdir review of draft-ietf-ccamp-gmpls-… David McGrew
- Re: [secdir] secdir review of draft-ietf-ccamp-gm… Lou Berger