[secdir] SecDir review of draft-ietf-ospf-af-alt-08
"Laganier, Julien" <julienl@qualcomm.com> Wed, 21 October 2009 01:08 UTC
Return-Path: <julienl@qualcomm.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 238F43A688F; Tue, 20 Oct 2009 18:08:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.725
X-Spam-Level:
X-Spam-Status: No, score=-103.725 tagged_above=-999 required=5 tests=[AWL=-1.126, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dNx1AqV3-IMo; Tue, 20 Oct 2009 18:08:47 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 438763A67A7; Tue, 20 Oct 2009 18:08:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1256087335; x=1287623335; h=from:to:date:subject:thread-topic:thread-index: message-id:accept-language:content-language: x-ms-has-attach:x-ms-tnef-correlator:acceptlanguage: content-type:content-transfer-encoding:mime-version: x-ironport-av; z=From:=20"Laganier,=20Julien"=20<julienl@qualcomm.com> |To:=20"secdir@ietf.org"=20<secdir@ietf.org>,=0D=0A=20=20 =20=20=20=20=20=20"draft-ietf-ospf-af-alt@tools.ietf.org" =0D=0A=09<draft-ietf-ospf-af-alt@tools.ietf.org>,=0D=0A =20=20=20=20=20=20=20=20"iesg@ietf.org"=20<iesg@ietf.org> ,=0D=0A=20=20=20=20=20=20=20=20"ospf-chairs@tools.ietf.or g"=20<ospf-chairs@tools.ietf.org>,=0D=0A=20=20=20=20=20 =20=20=20"ospf-ads@tools.ietf.org"=20<ospf-ads@tools.ietf .org>|Date:=20Tue,=2020=20Oct=202009=2018:07:09=20-0700 |Subject:=20SecDir=20review=20of=20draft-ietf-ospf-af-alt -08|Thread-Topic:=20SecDir=20review=20of=20draft-ietf-osp f-af-alt-08|Thread-Index:=20AcpR6tA/gpHqtZMTQK6E1jGiwjESN w=3D=3D|Message-ID:=20<BF345F63074F8040B58C00A186FCA57F1C 648CA051@NALASEXMB04.na.qualcomm.com>|Accept-Language:=20 en-US|Content-Language:=20en-US|X-MS-Has-Attach: |X-MS-TNEF-Correlator:|acceptlanguage:=20en-US |Content-Type:=20text/plain=3B=20charset=3D"us-ascii" |Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 300,2777,5777"=3B=20a=3D"25705592"; bh=lC+rmNG7NFogpfJcdxn2uWKcxSWAJHbjT4ofF7oqOV0=; b=kzITH58vefxp6ZE0SON6/r2t3STK7gG7rfSerqcaI+5DLmCopXLujoi0 7LNC93fkMrjZ2+Uu1nlE7MSNX11X0GaJgjq3qzkfA7vv81ZhJJWUG/vob nkLbAx6JZ+/t14YJFqKjf8XPjvOuWutXT0kq2+/vN6fuTUwg+z+aoV57d g=;
X-IronPort-AV: E=McAfee;i="5300,2777,5777"; a="25705592"
Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Oct 2009 18:08:40 -0700
Received: from msgtransport03.qualcomm.com (msgtransport03.qualcomm.com [129.46.61.154]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n9L18eSF024673 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 20 Oct 2009 18:08:40 -0700
Received: from nasanexhub01.na.qualcomm.com (nasanexhub01.na.qualcomm.com [10.46.93.121]) by msgtransport03.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n9L18dL9010366 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 20 Oct 2009 18:08:39 -0700
Received: from nalasexhc03.na.qualcomm.com (10.47.129.194) by nasanexhub01.na.qualcomm.com (10.46.93.121) with Microsoft SMTP Server (TLS) id 8.2.176.0; Tue, 20 Oct 2009 18:07:11 -0700
Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.114]) by nalasexhc03.na.qualcomm.com ([10.47.129.194]) with mapi; Tue, 20 Oct 2009 18:07:11 -0700
From: "Laganier, Julien" <julienl@qualcomm.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-ospf-af-alt@tools.ietf.org" <draft-ietf-ospf-af-alt@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "ospf-chairs@tools.ietf.org" <ospf-chairs@tools.ietf.org>, "ospf-ads@tools.ietf.org" <ospf-ads@tools.ietf.org>
Date: Tue, 20 Oct 2009 18:07:09 -0700
Thread-Topic: SecDir review of draft-ietf-ospf-af-alt-08
Thread-Index: AcpR6tA/gpHqtZMTQK6E1jGiwjESNw==
Message-ID: <BF345F63074F8040B58C00A186FCA57F1C648CA051@NALASEXMB04.na.qualcomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [secdir] SecDir review of draft-ietf-ospf-af-alt-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2009 01:08:48 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies a mechanism for supporting multiple address families (e.g., multicast IPv6, unicast IPv4, and multicast IPv4) in OSPFv3 using multiple instances of the protocol. An address family is mapped to an OSPFv3 instance via the Instance ID field included in the OSPFv3 header. The security considerations sections seems adequate in pointing to existing OSPFv3 specifications since this extension does not seem to introduce additional security issues compared to that of basic OSPFv3, and the fact that the multiple instances supporting different address families will have to share the same IPsec SAs when IPsec is used to protect OSPFv3 (due to the absence of a traffic selector operating on the Instance ID field of the OSPFv3 header) is acknowledged. Small typo in the sec-cons: s/IPsec [IPsec]. can/IPsec [IPsec] can/ --julien
- [secdir] SecDir review of draft-ietf-ospf-af-alt-… Laganier, Julien