[secdir] SecDir review of draft-ietf-pce-gmpls-aps-req-08

Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 16 June 2013 20:10 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6563821F9CF8; Sun, 16 Jun 2013 13:10:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id epmzufvFNi4N; Sun, 16 Jun 2013 13:10:52 -0700 (PDT)
Received: from mail-ee0-x234.google.com (mail-ee0-x234.google.com [IPv6:2a00:1450:4013:c00::234]) by ietfa.amsl.com (Postfix) with ESMTP id 880AB21F9CB1; Sun, 16 Jun 2013 13:10:51 -0700 (PDT)
Received: by mail-ee0-f52.google.com with SMTP id c50so1368385eek.25 for <multiple recipients>; Sun, 16 Jun 2013 13:10:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=pLn/bg6mRRj7l2yJXtE2KCn+zDfb89pt6t3GAWjoEgw=; b=SSaSJ7fB0+6obMTWBvnBMStDrlR+XW7IiS75sBKuYWb/ZpaROsxqnfQsNNjuVZ0JNq d6qxwnwFoFCwG2l5I9gZflx5ORkRuW+ja7uJRIeQDpvCp1Xc0xgHAeNMMEXYlFfuP+sk B9SdsNMCMIEPHfVSuw4WDpIR5lCco2gE3KWVlF1VZAxS5g5B6yz94nFbdOvMVMG1nfZ8 Gj/mVXzUmE/vWXqD62o5ydgIu4NmC0B1VKMht8kuRTUSlt68hzhKXUQcUzPMDtpw7R4+ GJYyh0rQMs2pjE7nOQHZUeiS+IzwU8u9fZYA/RzQSINP2fpdiI60Vn17fEJ0/iEUPmt1 SyVw==
X-Received: by 10.15.44.10 with SMTP id y10mr13377777eev.5.1371413450623; Sun, 16 Jun 2013 13:10:50 -0700 (PDT)
Received: from [10.0.0.4] (bzq-79-181-121-100.red.bezeqint.net. [79.181.121.100]) by mx.google.com with ESMTPSA id bj46sm10038497eeb.13.2013.06.16.13.10.49 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 16 Jun 2013 13:10:49 -0700 (PDT)
Message-ID: <51BE1BC7.9080500@gmail.com>
Date: Sun, 16 Jun 2013 23:10:47 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: IETF Security Directorate <secdir@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-pce-gmpls-aps-req.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [secdir] SecDir review of draft-ietf-pce-gmpls-aps-req-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jun 2013 20:10:52 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

This document defines additional GMPLS-specific requirements on the PCE 
architecture.

It would be an understatement to characterize this reviewer as a 
non-expert on PCE and GMPLS. That being said, I believe the Security 
Considerations are correct in saying that this document does not add any 
additional security issues on top of PCE.

I would recommend to add a pointer to where such considerations are in 
fact listed, e.g. Sec. 10 of RFC 5440. Though security folks will cringe 
at TCP-MD5 being described as the most practical security solution in 
that section.

Thanks,
	Yaron