[secdir] secdir review of draft-ietf-pcn-encoding-comparison-08
Stephen Hanna <shanna@juniper.net> Sat, 25 February 2012 06:56 UTC
Return-Path: <shanna@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 805B921E803A; Fri, 24 Feb 2012 22:56:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Pim7SFiunjL; Fri, 24 Feb 2012 22:56:43 -0800 (PST)
Received: from exprod7og106.obsmtp.com (exprod7og106.obsmtp.com [64.18.2.165]) by ietfa.amsl.com (Postfix) with ESMTP id E995911E8072; Fri, 24 Feb 2012 22:56:42 -0800 (PST)
Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob106.postini.com ([64.18.6.12]) with SMTP ID DSNKT0iGKe4Z3y64yN/2lMgI/ZkltpwpMopD@postini.com; Fri, 24 Feb 2012 22:56:43 PST
Received: from P-CLDFE02-HQ.jnpr.net (172.24.192.60) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.3.213.0; Fri, 24 Feb 2012 22:50:39 -0800
Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by p-cldfe02-hq.jnpr.net (172.24.192.60) with Microsoft SMTP Server (TLS) id 14.1.355.2; Fri, 24 Feb 2012 22:50:38 -0800
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Sat, 25 Feb 2012 01:50:38 -0500
From: Stephen Hanna <shanna@juniper.net>
To: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-pcn-encoding-comparison.all@ietf.org" <draft-ietf-pcn-encoding-comparison.all@ietf.org>
Date: Sat, 25 Feb 2012 01:50:37 -0500
Thread-Topic: secdir review of draft-ietf-pcn-encoding-comparison-08
Thread-Index: Aczzg5nO9eyUrqP+Tja49My4hOy8Rg==
Message-ID: <AC6674AB7BC78549BB231821ABF7A9AEB82C7D07D0@EMBX01-WF.jnpr.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EXCLAIMER-MD-CONFIG: e4081efb-6d29-443c-8708-750833aec629
Cc: "iesg@ietf.org" <iesg@ietf.org>
Subject: [secdir] secdir review of draft-ietf-pcn-encoding-comparison-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Feb 2012 06:56:44 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a variety of approaches for encoding pre-congestion information into the IP header. The document claims that all relevant security considerations are covered in RFC 5559 and so far as I can tell this is correct since these approaches all fit within the architecture defined by RFC 5559 and the security considerations for that document appear to be adequate. In any case, this document does not include any normative text. Whichever approach or approaches are eventually selected for standardization will presumably need to come back to IESG for approval. A more detailed security analysis of the approaches can be done at that time. >From a security perspective, I see no obstacle to approval of this document at this time. I will say that the document is rather difficult to understand if you're not well versed in PCN technology. I believe that I have understood enough to evaluate the security aspects of the document but I would not claim that I understood the document at a deep level. This may be fine but it will certainly reduce the number of useful reviews that the document will get. Thanks, Steve
- [secdir] secdir review of draft-ietf-pcn-encoding… Stephen Hanna