[secdir] Secdir review of draft-ietf-l3vpn-2547bis-mcast-bgp-07

Stefan Santesson <stefan@aaa-sec.com> Fri, 18 September 2009 05:33 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 958203A68B3 for <secdir@core3.amsl.com>; Thu, 17 Sep 2009 22:33:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[AWL=0.152, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id d64vNszKUdjt for <secdir@core3.amsl.com>; Thu, 17 Sep 2009 22:33:08 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se []) by core3.amsl.com (Postfix) with ESMTP id 05ADC3A6801 for <secdir@ietf.org>; Thu, 17 Sep 2009 22:33:06 -0700 (PDT)
Received: from s128.loopia.se (s34.loopia.se []) by s87.loopia.se (Postfix) with ESMTP id DB6F128BEA3 for <secdir@ietf.org>; Fri, 18 Sep 2009 07:25:09 +0200 (CEST)
Received: (qmail 48341 invoked from network); 18 Sep 2009 05:25:09 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO []) (stefan@fiddler.nu@[]) (envelope-sender <stefan@aaa-sec.com>) by s128.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <iesg@ietf.org>; 18 Sep 2009 05:25:09 -0000
User-Agent: Microsoft-Entourage/
Date: Fri, 18 Sep 2009 07:25:08 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: iesg@ietf.org, secdir@ietf.org, rahul@juniper.net, erosen@cisco.com, thomas.morin@francetelecom.com, yakov@juniper.net, Danny McPherson <danny@arbor.net>, Marshall Eubanks <tme@multicasttech.com>, Ross Callon <rcallon@juniper.net>
Message-ID: <C6D8E654.4A77%stefan@aaa-sec.com>
Thread-Topic: Secdir review of draft-ietf-l3vpn-2547bis-mcast-bgp-07
Thread-Index: Aco4IGK6TR35B5v9cUiRZN9bnck0HA==
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: [secdir] Secdir review of draft-ietf-l3vpn-2547bis-mcast-bgp-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 05:33:08 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes the BGP encodings and procedures for exchanging the
information elements required by Multicast in MPLS/BGP IP VPNs, as specified
in draft-ietf-l3vpn-2547bis-mcast.

I would like to draw the Security AD's attention to consider whether the
security considerations section of this draft contains adequate information.

The security considerations section of this draft list a number of security
requirements, but very few considerations. That is, the section list
requirements but says very little, if anything at all, about the security
threats that are addressed by these requirements or whether handling of
these security threats falls inside or outside the scope of this document.

It is hard to review these security requirements in absence of a discussion
of the threats they are supposed to address.