[secdir] Secdir review of draft-ietf-l3vpn-2547bis-mcast-bgp-07
Stefan Santesson <stefan@aaa-sec.com> Fri, 18 September 2009 05:33 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 958203A68B3 for <secdir@core3.amsl.com>; Thu, 17 Sep 2009 22:33:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[AWL=0.152, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d64vNszKUdjt for <secdir@core3.amsl.com>; Thu, 17 Sep 2009 22:33:08 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.94.111]) by core3.amsl.com (Postfix) with ESMTP id 05ADC3A6801 for <secdir@ietf.org>; Thu, 17 Sep 2009 22:33:06 -0700 (PDT)
Received: from s128.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id DB6F128BEA3 for <secdir@ietf.org>; Fri, 18 Sep 2009 07:25:09 +0200 (CEST)
Received: (qmail 48341 invoked from network); 18 Sep 2009 05:25:09 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.3]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s128.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <iesg@ietf.org>; 18 Sep 2009 05:25:09 -0000
User-Agent: Microsoft-Entourage/12.20.0.090605
Date: Fri, 18 Sep 2009 07:25:08 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: iesg@ietf.org, secdir@ietf.org, rahul@juniper.net, erosen@cisco.com, thomas.morin@francetelecom.com, yakov@juniper.net, Danny McPherson <danny@arbor.net>, Marshall Eubanks <tme@multicasttech.com>, Ross Callon <rcallon@juniper.net>
Message-ID: <C6D8E654.4A77%stefan@aaa-sec.com>
Thread-Topic: Secdir review of draft-ietf-l3vpn-2547bis-mcast-bgp-07
Thread-Index: Aco4IGK6TR35B5v9cUiRZN9bnck0HA==
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: [secdir] Secdir review of draft-ietf-l3vpn-2547bis-mcast-bgp-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 05:33:08 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the BGP encodings and procedures for exchanging the information elements required by Multicast in MPLS/BGP IP VPNs, as specified in draft-ietf-l3vpn-2547bis-mcast. I would like to draw the Security AD's attention to consider whether the security considerations section of this draft contains adequate information. The security considerations section of this draft list a number of security requirements, but very few considerations. That is, the section list requirements but says very little, if anything at all, about the security threats that are addressed by these requirements or whether handling of these security threats falls inside or outside the scope of this document. It is hard to review these security requirements in absence of a discussion of the threats they are supposed to address. /Stefan
- [secdir] Secdir review of draft-ietf-l3vpn-2547bi… Stefan Santesson