[secdir] secdir review of draft-ietf-pwe3-p2mp-pw-requirements-09

Tobias Gondrom <tobias.gondrom@gondrom.org> Sun, 25 May 2014 19:02 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 9A7A01A0367; Sun, 25 May 2014 12:02:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.752
X-Spam-Status: No, score=-100.752 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id V4d2ynfUTQhW; Sun, 25 May 2014 12:02:40 -0700 (PDT)
Received: from www.gondrom.org (www.gondrom.org []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4961E1A0362; Sun, 25 May 2014 12:02:40 -0700 (PDT)
X-No-Relay: not in my network
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=Ens6cR8OF2GU/MJbmDmd/1BnsSpRO/+mZzTiq4qH/x/6BMZWwGoess9MOO5bWRMyps4f1qiRE4iK0kPQ71Trbcv2uFfJQGP1dXiiItPy38BbuAegRQD8BCME4bVqFc5pm8QkNIHYWk0iMAmAlyTwChcA4YzFYhwiB7YDtPpMv/U=; h=X-No-Relay:X-No-Relay:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:X-Enigmail-Version:Content-Type;
X-No-Relay: not in my network
X-No-Relay: not in my network
Received: from [] (5ec20a52.skybroadband.com []) by www.gondrom.org (Postfix) with ESMTPSA id D95031539003B; Sun, 25 May 2014 21:02:35 +0200 (CEST)
Message-ID: <53823E4A.6080106@gondrom.org>
Date: Sun, 25 May 2014 20:02:34 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: draft-ietf-pwe3-p2mp-pw-requirements.all@tools.ietf.org
X-Enigmail-Version: 1.6
Content-Type: multipart/alternative; boundary="------------000600060101070800050009"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/N4vPOie1E5TZ1oV5ssSulxgsCBw
Cc: iesg@ietf.org, secdir@ietf.org
Subject: [secdir] secdir review of draft-ietf-pwe3-p2mp-pw-requirements-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 May 2014 19:02:42 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The draft is informational and about requirements and a framework for
Point-to-Multipoint Pseudowire (PW) over MPLS Packet Switched Networks.

The document appears ready for publication.

A couple of comments:
1. Even though this document is only about requirements, it uses in a
couple of places 2119 language.
In principle that could even been seen as improving "readability",
however, I am not sure whether that is appropriate usage for a
requirement document, as 2119 is intended to signal conformance with a
specification (which this ID is not).

2. The security consideration section is basically empty, only referring
to RFC3916 and P2P PW. Considering that this is only a requirements
document, this can be sufficient.
(Note: it could have been nice to think about whether or how a move from
P2P to P2MP PW might change or require additional security requirements
for the specification. However, as this is only the requirements
document and not the specification, this question can also be answered
in the following spec.)

3. Nits:
section 5 security considerations:
should have a reference for "initial P2P PW definition"

Thank you and best regards.