[secdir] Rewiew of draft-ietf-bess-mvpn-bidir
Simon Josefsson <simon@josefsson.org> Thu, 19 March 2015 05:53 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 967651A893B; Wed, 18 Mar 2015 22:53:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QtXGH7yba2o3; Wed, 18 Mar 2015 22:53:55 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF1D81A007D; Wed, 18 Mar 2015 22:53:54 -0700 (PDT)
Received: from latte.josefsson.org ([217.31.163.140]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t2J5rlQC028753 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 19 Mar 2015 06:53:51 +0100
Date: Thu, 19 Mar 2015 06:53:41 +0100
From: Simon Josefsson <simon@josefsson.org>
To: secdir@ietf.org, draft-ietf-bess-mvpn-bidir.all@ietf.org
Message-ID: <20150319065341.3d7d3f5b@latte.josefsson.org>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; boundary="Sig_/bTt_OT3mxL_ZAT0zZPCus.Y"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.6 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/EP-EuOBrqAYTYK2bY4MIRWU6epA>
Subject: [secdir] Rewiew of draft-ietf-bess-mvpn-bidir
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2015 05:53:56 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document follows up on earlier RFCs and describe how to do multicast in BGP/MPLS IP VPN/tunnels, which were underspecified earlier. I believe the document is ready. Multicast in tunnels can have security considerations, but this RFC does not introduce the concept. It refers to earlier RFCs that introduce the concept and contain the security considerations. I don't feel that this RFC introduce particular important new concepts to warrant a more extensive security considerations. I have a general security caveat with all things in the MPLS/routing world: the specifications are large (hence slight delay of this review as it interfered with skiing) and are dense to read due to the large amount of acronyms used. This is a real challenge for anyone who wants to analyze security properties of the protocols or deployments. /Simon
- [secdir] Rewiew of draft-ietf-bess-mvpn-bidir Simon Josefsson