[secdir] SECDIR review of draft-ietf-soc-load-control-event-package-11.txt
Donald Eastlake <d3e3e3@gmail.com> Mon, 02 December 2013 22:32 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 937DF1ADED9; Mon, 2 Dec 2013 14:32:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bFFFPpoYb3mK; Mon, 2 Dec 2013 14:32:03 -0800 (PST)
Received: from mail-oa0-x22e.google.com (mail-oa0-x22e.google.com [IPv6:2607:f8b0:4003:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 43E3B1ADBCD; Mon, 2 Dec 2013 14:32:03 -0800 (PST)
Received: by mail-oa0-f46.google.com with SMTP id o6so13951664oag.19 for <multiple recipients>; Mon, 02 Dec 2013 14:32:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=YfQLvNKqJuf9FI4auSwVgPoBgD34QFUtvL10I5Qty4U=; b=Wk6eYzxyJZzRKIabUZgD6kaEjAvRhUk54sXc2OqjIzSleScLHR7MjWGLfBPkC9b7l1 fekIa484XjedSZ8je2ATuD9SBBA75/oSRuCOI48Nw0s72Dmzu8bszYbMk0Ch+hHEHaiA CN34pqeUJx7/BTt3+TWCjmvUkheBEkVvQeAF6UuLFcTwSr9I5Jh8HlxkZ8Vdzdx5T6VJ eBd66aXEnrPvQ63OtlFAt2/5hlMy39y8ZI9ivYy9EZRaVgzP67R+OfrOFiTQaJSvEzOw mLLzshsR5pfwZBskyagIAzYO6loyfADKM5Hc8OWinRS9oMQOp6bCNnT4CIooXCNQDu+t VA5g==
X-Received: by 10.182.142.229 with SMTP id rz5mr56659364obb.12.1386023519904; Mon, 02 Dec 2013 14:31:59 -0800 (PST)
MIME-Version: 1.0
Received: by 10.76.33.102 with HTTP; Mon, 2 Dec 2013 14:31:39 -0800 (PST)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Mon, 02 Dec 2013 17:31:39 -0500
Message-ID: <CAF4+nEFOwAk4Ei9vd3GgsywmpSdzKfUD5EyOXwYmUMzMRkrSxw@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-soc-load-control-event-package.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [secdir] SECDIR review of draft-ietf-soc-load-control-event-package-11.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2013 22:32:04 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. This draft provides SIP capabilities (a load control event package) for filtering calls with the intent of better handling overload conditions. As you might expect for an extension to an existing protocol, there are many references to existing SIP RFCs. The Security Considerations Section appears to be adequate. It references RFCs 6665 and other sections of the draft and seems to summarize relevant threats. Minor points: The introductions (Section 1) give examples of anticipatable and unanticipatable causes of overload. I find it curious that denial of service attacks are not listed as a possible cause of unanticipated overload. In Section 10, in answer to REQ 17, there is a reference to Section 10 that, I believe, should be to Section 11. Editorial: Section 4 begins with what is said to be a list of requirements. And I think almost all of them are. But the first item is just not worded as a requirement. It says "... we focus ...". To be a requirement on the solution it should talk about the solution, not the authors. I think, it should be more like "For simplicity, the solution should focus on a method of controlling SIP load, rather than a generic application layer mechanism." Misc: The document contains lots of XML that I did not run through any formal syntax check. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
- [secdir] SECDIR review of draft-ietf-soc-load-con… Donald Eastlake
- Re: [secdir] SECDIR review of draft-ietf-soc-load… Charles Shen
- Re: [secdir] SECDIR review of draft-ietf-soc-load… Volker Hilt