[secdir] 答复: Secdir last call review of draft-ietf-pim-source-discovery-bsr-07
"Xialiang (Frank)" <frank.xialiang@huawei.com> Wed, 17 January 2018 07:56 UTC
Return-Path: <frank.xialiang@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9007812F4BD; Tue, 16 Jan 2018 23:56:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.23
X-Spam-Level:
X-Spam-Status: No, score=-4.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Du7PusTJk0YY; Tue, 16 Jan 2018 23:56:03 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B737012F3D0; Tue, 16 Jan 2018 23:56:03 -0800 (PST)
Received: from lhreml709-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id CAA404DB65A75; Wed, 17 Jan 2018 07:55:59 +0000 (GMT)
Received: from DGGEML422-HUB.china.huawei.com (10.1.199.39) by lhreml709-cah.china.huawei.com (10.201.108.32) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 17 Jan 2018 07:56:00 +0000
Received: from DGGEML502-MBS.china.huawei.com ([169.254.3.252]) by dggeml422-hub.china.huawei.com ([10.1.199.39]) with mapi id 14.03.0361.001; Wed, 17 Jan 2018 15:55:53 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: Stig Venaas <stig@venaas.com>
CC: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-pim-source-discovery-bsr.all@ietf.org" <draft-ietf-pim-source-discovery-bsr.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "pim@ietf.org" <pim@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-pim-source-discovery-bsr-07
Thread-Index: AQHTjvKnLy8vudAFbEqCEiSghPCF7aN3sw/g
Date: Wed, 17 Jan 2018 07:55:52 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12BCC1090@DGGEML502-MBS.china.huawei.com>
References: <151539253778.11305.7448095057192632663@ietfa.amsl.com> <CAHANBtL8TmOFn1bq5qgCqjaHxHCuSeTDTD_gdwM56R4sJ2yFsQ@mail.gmail.com>
In-Reply-To: <CAHANBtL8TmOFn1bq5qgCqjaHxHCuSeTDTD_gdwM56R4sJ2yFsQ@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.159.76]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Z7TKYZsNQpn6sfeHOFE-usXW1VA>
Subject: [secdir] 答复: Secdir last call review of draft-ietf-pim-source-discovery-bsr-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jan 2018 07:56:06 -0000
Hi Stig, Your feedback looks fine to me. Thanks ! B.R. Frank -----邮件原件----- 发件人: Stig Venaas [mailto:stig@venaas.com] 发送时间: 2018年1月17日 1:51 收件人: Xialiang (Frank) 抄送: secdir@ietf.org; draft-ietf-pim-source-discovery-bsr.all@ietf.org; ietf@ietf.org; pim@ietf.org; The IESG 主题: Re: Secdir last call review of draft-ietf-pim-source-discovery-bsr-07 Thanks for great feedback! I've tried to address all of your comments. I'm planning to add this paragraph to the security considerations. PIM-SM link-local messages can be authenticated using IPsec, see [RFC7761] section 6.3 and [RFC5796]. Since PFM messages are link-local messages sent hop by hop, a link-local PFM message can be authenticated using IPsec such that a router can verify that a message was sent by a trusted neighbor and has not been modified. However, to verify that a received message contains correct information announced by the originator specified in the message, one will have to trust every router on the path from the originator and that each router has authenticated the received message. Let me know if you have any comments on that paragraph. Thanks, Stig On Sun, Jan 7, 2018 at 10:22 PM, Liang Xia <frank.xialiang@huawei.com> wrote: > Reviewer: Liang Xia > Review result: Has Issues > > Nits: > 1. In Abstract, the abbreviation is missed when the Term are firstly > appeared, such as: Sparse-Mode, Rendezvous Point; 2. Every word in the > section titles should be in the capital form > > Issues: > 1. In Security Considerations section, should one sentence be "even > if the sources are actually not active"? 2. Generally, the peer > authentication (by certificate, shared key...) and the message > integration protection are always helpful to defend against the forged > routers and PEM messages, even the resulted resource consumption. But > in current Security Considerations section, there is nothing discussed > about these countermeasures, even in the general way. Suggest to consider this point personally. >
- [secdir] Secdir last call review of draft-ietf-pi… Liang Xia
- Re: [secdir] Secdir last call review of draft-iet… Stig Venaas
- [secdir] 答复: Secdir last call review of draft-iet… Xialiang (Frank)