[secdir] Security directorate review of draft-ietf-ccamp-oam-configuration-fwk

Magnus Nyström <magnusn@gmail.com> Sun, 05 January 2014 01:31 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D7AF71AE09D; Sat, 4 Jan 2014 17:31:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id hiHfKA6ge92p; Sat, 4 Jan 2014 17:31:50 -0800 (PST)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 037E21AD73E; Sat, 4 Jan 2014 17:31:49 -0800 (PST)
Received: by mail-wi0-f175.google.com with SMTP id hi5so1669258wib.14 for <multiple recipients>; Sat, 04 Jan 2014 17:31:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=MaDJqZg8G/oUtSUU8W01AbC6qVCUxn1jEQCautH6DGE=; b=IiSeTsW6N5Gtg0LwKTu/Girzu0aM17ux4nedWXhQi5nnxOq9DJxau4wh7labKBPE8G FXJJl0j2hOJAgWkTHOQ/OeNpuXlxP97yClsIyMy0ejbrg1PFrzy7fjKmFxuMT7Wa/G1W GabEDvXKgO8EN5T8i0kLF/BJBxENXF1COcVJjzHiSdQeFXO7LCqUYho5F0aug3UrvpTK SNikNndUvL2+ksUq/SA5H73gsvQc2ZKi0M4RO5+TVXVSApVaW+v+NwVZoGGKId2MgzNA 8rsY9Wp7LnQu82kk1JuB6BlM9Xz5f5QGjitVeJAbfA+Y0rr2La0R3t+8WCOlPn5BkXzo E3aQ==
MIME-Version: 1.0
X-Received: by with SMTP id k1mr7110898wie.34.1388885501595; Sat, 04 Jan 2014 17:31:41 -0800 (PST)
Received: by with HTTP; Sat, 4 Jan 2014 17:31:41 -0800 (PST)
Date: Sat, 4 Jan 2014 17:31:41 -0800
Message-ID: <CADajj4ag7_EbrcJbJ7z6Eg3U7ysgXkBTrOSeFviSa8MRQWaeBA@mail.gmail.com>
From: =?ISO-8859-1?Q?Magnus_Nystr=F6m?= <magnusn@gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-ccamp-oam-configuration-fwk@tools.ietf.org
Content-Type: multipart/alternative; boundary=bcaec53d5ee1f4d53104ef2f1ae6
Cc: "iesg@ietf.org" <iesg@ietf.org>
Subject: [secdir] Security directorate review of draft-ietf-ccamp-oam-configuration-fwk
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jan 2014 01:31:52 -0000

 I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes extensions to RSVP-TE in support of the
establishment of Operation, Administration and Management entities in the
context of GMPLS .

The document seems well written. I would suggest removing the last sentence
of the Security Considerations section ("Cryptography can be used...")
since it does not really offer any hint as to how to use cryptography.
Instead, the previous sentence could be replaced with something like: "For
a more comprehensive discussion of GMPLS security, and attack mitigation
techniques, please see the Security Framework for MPLS and GMPLS Networks [
RFC5920 <http://tools.ietf.org/html/rfc5920>]."

-- Magnus