[secdir] Secdir review of draft-ietf-ippm-owamp-registry-03

Alan DeKok <aland@deployingradius.com> Wed, 16 September 2015 18:02 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9186C1B40CE for <secdir@ietfa.amsl.com>; Wed, 16 Sep 2015 11:02:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 34cBcKHnFh3l for <secdir@ietfa.amsl.com>; Wed, 16 Sep 2015 11:02:37 -0700 (PDT)
Received: from power.freeradius.org (power.freeradius.org [195.154.231.44]) by ietfa.amsl.com (Postfix) with ESMTP id 69D031B40B9 for <secdir@ietf.org>; Wed, 16 Sep 2015 11:02:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 8435122405FB; Wed, 16 Sep 2015 20:02:36 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at power.freeradius.org
Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6rsYsiFrzV1; Wed, 16 Sep 2015 20:02:36 +0200 (CEST)
Received: from [192.168.20.14] (69-196-165-104.dsl.teksavvy.com [69.196.165.104]) by power.freeradius.org (Postfix) with ESMTPSA id A30DF22404D9; Wed, 16 Sep 2015 20:02:35 +0200 (CEST)
From: Alan DeKok <aland@deployingradius.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Wed, 16 Sep 2015 14:02:33 -0400
Message-Id: <6FD706E2-FEAC-4EF2-BCE8-43D16095BB11@deployingradius.com>
To: secdir@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Orw-KeyGxX1zNltqY03UVGYEkIM>
Cc: draft-ietf-ippm-owamp-registry@tools.ietf.org
Subject: [secdir] Secdir review of draft-ietf-ippm-owamp-registry-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 18:02:39 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

  This document requests IANA allocation of registries for OWAMP.   As such, it has minimal security impact.

  One practical note is the request to assign an "Experimentation" OWAMP-Control Command Number.  Experience shows that such numbers are either never used, or used as experiments... which then get widely deployed before standards action catches up to practical needs.

  It may be good to add some discussion as to *how* experiments are done, and how experiments can transition from the "Experimentation" number to a standard number.

  One suggestion would be to change the label from "Experimentation" to "Site-Local".  That would still allow sites to experiment with OWAMP-Control commands, but would make it clearer that such experimentation is only for the local site, and MUST NOT be used in a  wider context.