[secdir] secdir review of draft-ietf-ccamp-gmpls-g709-framework-14
Stephen Hanna <shanna@juniper.net> Tue, 03 September 2013 01:46 UTC
Return-Path: <shanna@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA58521F9F88; Mon, 2 Sep 2013 18:46:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlz7jljed-lY; Mon, 2 Sep 2013 18:45:44 -0700 (PDT)
Received: from db9outboundpool.messaging.microsoft.com (mail-db9lp0249.outbound.messaging.microsoft.com [213.199.154.249]) by ietfa.amsl.com (Postfix) with ESMTP id 2A5AA21F9F77; Mon, 2 Sep 2013 18:45:41 -0700 (PDT)
Received: from mail87-db9-R.bigfish.com (10.174.16.238) by DB9EHSOBE017.bigfish.com (10.174.14.80) with Microsoft SMTP Server id 14.1.225.22; Tue, 3 Sep 2013 01:45:41 +0000
Received: from mail87-db9 (localhost [127.0.0.1]) by mail87-db9-R.bigfish.com (Postfix) with ESMTP id EA7981E00A8; Tue, 3 Sep 2013 01:45:40 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.240.101; KIP:(null); UIP:(null); IPV:NLI; H:BL2PRD0510HT002.namprd05.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: 1
X-BigFish: VPS1(zz4015Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzzz2fh2a8h839h944hd24hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1d07h1d0ch1d2eh1d3fh1dc1h1de9h1dfeh1dffh1e1dh1fe8h1ff5h9a9j1155h)
Received-SPF: pass (mail87-db9: domain of juniper.net designates 157.56.240.101 as permitted sender) client-ip=157.56.240.101; envelope-from=shanna@juniper.net; helo=BL2PRD0510HT002.namprd05.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(199002)(189002)(164054003)(83322001)(74366001)(81686001)(76576001)(49866001)(63696002)(81342001)(47736001)(4396001)(50986001)(47976001)(33646001)(76176001)(81542001)(46102001)(76796001)(76786001)(51856001)(74316001)(76482001)(54316002)(69226001)(56776001)(81816001)(74876001)(66066001)(80976001)(56816003)(77096001)(80022001)(53806001)(65816001)(54356001)(79102001)(74706001)(59766001)(77982001)(31966008)(83072001)(74502001)(47446002)(74662001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BLUPR05MB054; H:BLUPR05MB053.namprd05.prod.outlook.com; CLIP:66.129.232.2; RD:InfoNoRecords; A:1; MX:1; LANG:en;
Received: from mail87-db9 (localhost.localdomain [127.0.0.1]) by mail87-db9 (MessageSwitch) id 137817273833245_26119; Tue, 3 Sep 2013 01:45:38 +0000 (UTC)
Received: from DB9EHSMHS006.bigfish.com (unknown [10.174.16.247]) by mail87-db9.bigfish.com (Postfix) with ESMTP id EDA15100041; Tue, 3 Sep 2013 01:45:37 +0000 (UTC)
Received: from BL2PRD0510HT002.namprd05.prod.outlook.com (157.56.240.101) by DB9EHSMHS006.bigfish.com (10.174.14.16) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 3 Sep 2013 01:45:37 +0000
Received: from BLUPR05MB054.namprd05.prod.outlook.com (10.255.210.149) by BL2PRD0510HT002.namprd05.prod.outlook.com (10.255.100.37) with Microsoft SMTP Server (TLS) id 14.16.353.4; Tue, 3 Sep 2013 01:45:36 +0000
Received: from BLUPR05MB053.namprd05.prod.outlook.com (10.255.210.139) by BLUPR05MB054.namprd05.prod.outlook.com (10.255.210.149) with Microsoft SMTP Server (TLS) id 15.0.745.25; Tue, 3 Sep 2013 01:45:35 +0000
Received: from BLUPR05MB053.namprd05.prod.outlook.com ([169.254.3.120]) by BLUPR05MB053.namprd05.prod.outlook.com ([169.254.3.120]) with mapi id 15.00.0745.000; Tue, 3 Sep 2013 01:45:35 +0000
From: Stephen Hanna <shanna@juniper.net>
To: "secdir@ietf.org" <secdir@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-ccamp-gmpls-g709-framework.all@tools.ietf.org" <draft-ietf-ccamp-gmpls-g709-framework.all@tools.ietf.org>
Thread-Topic: secdir review of draft-ietf-ccamp-gmpls-g709-framework-14
Thread-Index: Ac6oR0docu720d3jTjWZQdbk5uqGwg==
Date: Tue, 03 Sep 2013 01:45:34 +0000
Message-ID: <72b0e920a53e4bb287960dd5df5f6f22@BLUPR05MB053.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.232.2]
x-forefront-prvs: 09583628E0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Subject: [secdir] secdir review of draft-ietf-ccamp-gmpls-g709-framework-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2013 01:46:02 -0000
I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document provides a framework to allow the development of protocol extensions to support Generalized Multi-Protocol Label Switching (GMPLS) and Path Computation Element (PCE) control of Optical Transport Networks (OTN) as specified in ITU-T Recommendation G.709. It's part of a group of four documents pertaining to G.709 that are all proceeding through the IESG. Because I know little about GMPLS, PCE, OTN, or G.709, I found this document to be a bit hard to understand. Probably if I read all the references, I might understand it better. I'm afraid that I don't have time for that. I did review the Security Considerations section and found it to be easy to understand. This section states that the threats posed by an enhanced OTN control plane are no greater than the threats posed by the existing, simpler OTN control plane. That seems reasonable. In addition, the Security Considerations section points to RFC 5920, which contains a thorough analysis of the threats that may be mounted against MPLS/GMPLS networks and the countermeasures that may be employed against these threats. The threats and countermeasures described in RFC 5920 seem to be broad enough to encompass any additional issues raised by this document. My conclusion is that, within my limited scope of understanding of this document, the Security Considerations section is adequate and there are no troubling issues from a security perspective. Thanks, Steve
- [secdir] secdir review of draft-ietf-ccamp-gmpls-… Stephen Hanna