[secdir] Review of draft-ietf-ccamp-gmpls-mln-extensions-11
Shawn M Emery <Shawn.Emery@Sun.COM> Wed, 03 March 2010 06:59 UTC
Return-Path: <Shawn.Emery@Sun.COM>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B52F128C238; Tue, 2 Mar 2010 22:59:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.046
X-Spam-Level:
X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NwuGERGoeCWG; Tue, 2 Mar 2010 22:59:38 -0800 (PST)
Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36]) by core3.amsl.com (Postfix) with ESMTP id C522228C101; Tue, 2 Mar 2010 22:59:37 -0800 (PST)
Received: from fe-amer-09.sun.com ([192.18.109.79]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id o236xaWV004451; Wed, 3 Mar 2010 06:59:39 GMT
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"; format="flowed"
Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) id <0KYP00K001Y0RE00@mail-amer.sun.com>; Tue, 02 Mar 2010 23:59:36 -0700 (MST)
Received: from [10.0.0.5] ([unknown] [174.51.225.48]) by mail-amer.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) with ESMTPSA id <0KYP00AEW23C8M40@mail-amer.sun.com>; Tue, 02 Mar 2010 23:59:36 -0700 (MST)
Date: Tue, 02 Mar 2010 23:57:30 -0700
From: Shawn M Emery <Shawn.Emery@Sun.COM>
Sender: Shawn.Emery@Sun.COM
To: secdir@ietf.org
Message-id: <4B8E085A.2060500@sun.com>
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.1.5) Gecko/20100117 Lightning/1.0b1 Thunderbird/3.0
Cc: draft-ietf-ccamp-gmpls-mln-extensions.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] Review of draft-ietf-ccamp-gmpls-mln-extensions-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2010 06:59:38 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft describes protocol extensions for interfacing with Generalized Multi Protocol Label Switching (GMPLS) Multi-Layer/Multi-Region Networks. The security considerations section does exist and references draft-ietf-mpls-mpls-and-gmpls-security-framework for the various attacks and their possible solutions regarding MPLS/GMPLS. The section then discloses that a call controller should not be reachable from an external Traffic Engineering domain. Then discusses that in order to prevent MITM attacks that IKE MUST be used between edge nodes and terminating calls. After reading this draft and the security-framework draft it seems that they cover the threat models sufficiently. General comments: None. Editorial comments: Introduction: PSC and L2SC are expanded, therefore: s/TDM/Time-Division Multiplexing (TDM)/ - - Shawn.
- [secdir] Review of draft-ietf-ccamp-gmpls-mln-ext… Shawn M Emery
- Re: [secdir] Review of draft-ietf-ccamp-gmpls-mln… Adrian Farrel