Re: [secdir] Review of draft-ietf-ccamp-gmpls-mln-extensions-11

Adrian Farrel <Adrian.Farrel@huawei.com> Wed, 03 March 2010 13:50 UTC

Return-Path: <Adrian.Farrel@huawei.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C2BA128C37F; Wed, 3 Mar 2010 05:50:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8fXyw3EfCz5; Wed, 3 Mar 2010 05:50:00 -0800 (PST)
Received: from usaga01-in.huawei.com (usaga01-in.huawei.com [206.16.17.211]) by core3.amsl.com (Postfix) with ESMTP id 126C53A8DD4; Wed, 3 Mar 2010 05:50:00 -0800 (PST)
Received: from huawei.com (usaga01-in [172.18.4.6]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KYP00CMDL3DS0@usaga01-in.huawei.com>; Wed, 03 Mar 2010 05:50:01 -0800 (PST)
Received: from your029b8cecfe (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) by usaga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KYP00M2NL39Q6@usaga01-in.huawei.com>; Wed, 03 Mar 2010 05:50:00 -0800 (PST)
Date: Wed, 03 Mar 2010 13:45:16 +0000
From: Adrian Farrel <Adrian.Farrel@huawei.com>
To: Shawn M Emery <Shawn.Emery@Sun.COM>, secdir@ietf.org
Message-id: <9108E055D0054EAB87380398B99442D4@your029b8cecfe>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
Content-type: text/plain; format=flowed; charset=iso-8859-1; reply-type=response
Content-transfer-encoding: 7BIT
X-Priority: 3
X-MSMail-priority: Normal
References: <4B8E085A.2060500@sun.com>
Cc: draft-ietf-ccamp-gmpls-mln-extensions.all@tools.ietf.org, iesg@ietf.org
Subject: Re: [secdir] Review of draft-ietf-ccamp-gmpls-mln-extensions-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Adrian Farrel <Adrian.Farrel@huawei.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2010 13:50:00 -0000

Thanks Shawn!

Nit entered as RFC Editor note.

Cheers,
Adrian
----- Original Message ----- 
From: "Shawn M Emery" <Shawn.Emery@Sun.COM>
To: <secdir@ietf.org>
Cc: <draft-ietf-ccamp-gmpls-mln-extensions.all@tools.ietf.org>rg>; 
<iesg@ietf.org>
Sent: Wednesday, March 03, 2010 6:57 AM
Subject: Review of draft-ietf-ccamp-gmpls-mln-extensions-11


>
> I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the IESG. 
> These comments were written primarily for the benefit of the security area 
> directors. Document editors and WG chairs should treat these comments just 
> like any other last call comments.
>
> This draft describes protocol extensions for interfacing with Generalized 
> Multi Protocol Label Switching (GMPLS) Multi-Layer/Multi-Region Networks.
>
> The security considerations section does exist and references 
> draft-ietf-mpls-mpls-and-gmpls-security-framework for the various attacks 
> and their possible solutions regarding MPLS/GMPLS.  The section then 
> discloses that a call controller should not be reachable from an external 
> Traffic Engineering domain.  Then discusses that in order to prevent MITM 
> attacks that IKE MUST be used between edge nodes and terminating calls. 
> After reading this draft and the security-framework draft it seems that 
> they cover the threat models sufficiently.
>
> General comments:
>
> None.
>
> Editorial comments:
>
> Introduction:
>
> PSC and L2SC are expanded, therefore:
> s/TDM/Time-Division Multiplexing (TDM)/
>
> - -
> Shawn.
>