Re: [secdir] Review of draft-ietf-ccamp-gmpls-mln-extensions-11
Adrian Farrel <Adrian.Farrel@huawei.com> Wed, 03 March 2010 13:50 UTC
Return-Path: <Adrian.Farrel@huawei.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C2BA128C37F; Wed, 3 Mar 2010 05:50:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8fXyw3EfCz5; Wed, 3 Mar 2010 05:50:00 -0800 (PST)
Received: from usaga01-in.huawei.com (usaga01-in.huawei.com [206.16.17.211]) by core3.amsl.com (Postfix) with ESMTP id 126C53A8DD4; Wed, 3 Mar 2010 05:50:00 -0800 (PST)
Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KYP00CMDL3DS0@usaga01-in.huawei.com>; Wed, 03 Mar 2010 05:50:01 -0800 (PST)
Received: from your029b8cecfe (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KYP00M2NL39Q6@usaga01-in.huawei.com>; Wed, 03 Mar 2010 05:50:00 -0800 (PST)
Date: Wed, 03 Mar 2010 13:45:16 +0000
From: Adrian Farrel <Adrian.Farrel@huawei.com>
To: Shawn M Emery <Shawn.Emery@Sun.COM>, secdir@ietf.org
Message-id: <9108E055D0054EAB87380398B99442D4@your029b8cecfe>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
Content-type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="response"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: <4B8E085A.2060500@sun.com>
Cc: draft-ietf-ccamp-gmpls-mln-extensions.all@tools.ietf.org, iesg@ietf.org
Subject: Re: [secdir] Review of draft-ietf-ccamp-gmpls-mln-extensions-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Adrian Farrel <Adrian.Farrel@huawei.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2010 13:50:00 -0000
Thanks Shawn! Nit entered as RFC Editor note. Cheers, Adrian ----- Original Message ----- From: "Shawn M Emery" <Shawn.Emery@Sun.COM> To: <secdir@ietf.org> Cc: <draft-ietf-ccamp-gmpls-mln-extensions.all@tools.ietf.org>; <iesg@ietf.org> Sent: Wednesday, March 03, 2010 6:57 AM Subject: Review of draft-ietf-ccamp-gmpls-mln-extensions-11 > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > This draft describes protocol extensions for interfacing with Generalized > Multi Protocol Label Switching (GMPLS) Multi-Layer/Multi-Region Networks. > > The security considerations section does exist and references > draft-ietf-mpls-mpls-and-gmpls-security-framework for the various attacks > and their possible solutions regarding MPLS/GMPLS. The section then > discloses that a call controller should not be reachable from an external > Traffic Engineering domain. Then discusses that in order to prevent MITM > attacks that IKE MUST be used between edge nodes and terminating calls. > After reading this draft and the security-framework draft it seems that > they cover the threat models sufficiently. > > General comments: > > None. > > Editorial comments: > > Introduction: > > PSC and L2SC are expanded, therefore: > s/TDM/Time-Division Multiplexing (TDM)/ > > - - > Shawn. >
- [secdir] Review of draft-ietf-ccamp-gmpls-mln-ext… Shawn M Emery
- Re: [secdir] Review of draft-ietf-ccamp-gmpls-mln… Adrian Farrel