[secdir] Secdir review of draft-ietf-sfc-control-plane-02

Catherine Meadows <catherine.meadows@nrl.navy.mil> Thu, 03 December 2015 15:21 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0062C1A8A82; Thu, 3 Dec 2015 07:21:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id trus1aZyQlxc; Thu, 3 Dec 2015 07:21:54 -0800 (PST)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFD3E1A8A80; Thu, 3 Dec 2015 07:21:53 -0800 (PST)
Received: from vpn212036.nrl.navy.mil (vpn212036.nrl.navy.mil []) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id tB3FLpDs008255 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Thu, 3 Dec 2015 10:21:51 -0500
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_638E9AEC-6F07-4AED-BA73-DCC0EF94E332"
Date: Thu, 3 Dec 2015 10:21:51 -0500
Message-Id: <4B3DAAC7-2926-47AD-8E43-322DA7BA9F6A@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-sfc-control-plane.all@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/A3qdEnZPiraiuDDvLG1FdcneMR0>
Subject: [secdir] Secdir review of draft-ietf-sfc-control-plane-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 15:21:57 -0000

A Service Function Chain is a chain of different services (firewalls, load balancers, etc.) that are stitched together to provide a coordinated service.
This document describes requirements for conveying information between Service Function Chaining (SFC) control elements and SFC function elements,
and identifies a set of interfaces to interact with SFC-aware elements to establish, maintain or recover service function chains.  However, recommendations
and specifications of specific protocols are explicitly out of scope.

The Security Considerations section of this document identifies the various security threats and requirements.  It is very well-thought out and comprehensive.
  It stops short of recommending any particular techniques (except in the very broad sense, e.g. authentication), but this is very much in the spirit of the
rest of the document, whose purpose is to identify requirements rather than to recommend specific solutions.

I consider this document READY.

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil <mailto:catherine.meadows@nrl.navy.mil>