Re: [secdir] secdir review of draft-ietf-pwe3-iccp-13

"Scott G. Kelly" <scott@hyperthought.com> Wed, 19 February 2014 00:19 UTC

Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AD851A00F6 for <secdir@ietfa.amsl.com>; Tue, 18 Feb 2014 16:19:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MVcRyWvb37CG for <secdir@ietfa.amsl.com>; Tue, 18 Feb 2014 16:19:56 -0800 (PST)
Received: from smtp122.iad3a.emailsrvr.com (smtp122.iad3a.emailsrvr.com [173.203.187.122]) by ietfa.amsl.com (Postfix) with ESMTP id E8C031A0166 for <secdir@ietf.org>; Tue, 18 Feb 2014 16:19:55 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp8.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id D5FD7248160; Tue, 18 Feb 2014 19:19:52 -0500 (EST)
X-Virus-Scanned: OK
Received: from app30.wa-webapps.iad3a (relay.iad3a.rsapps.net [172.27.255.110]) by smtp8.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 052892480C8; Tue, 18 Feb 2014 19:19:51 -0500 (EST)
Received: from hyperthought.com (localhost.localdomain [127.0.0.1]) by app30.wa-webapps.iad3a (Postfix) with ESMTP id D61B980042; Tue, 18 Feb 2014 19:19:51 -0500 (EST)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Tue, 18 Feb 2014 16:19:51 -0800 (PST)
Date: Tue, 18 Feb 2014 16:19:51 -0800 (PST)
From: "Scott G. Kelly" <scott@hyperthought.com>
To: stbryant@cisco.com
MIME-Version: 1.0
Content-Type: text/plain;charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
In-Reply-To: <53039370.4070707@cisco.com>
References: <1392310413.011331048@apps.rackspace.com> <53039370.4070707@cisco.com>
Message-ID: <1392769191.875311529@apps.rackspace.com>
X-Mailer: webmail7.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/iJsW4xDAtRMPemeUo91vEdO-jM8
Cc: draft-ietf-pwe3-iccp.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-pwe3-iccp-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 00:19:57 -0000

Hi Stewart,

On Tuesday, February 18, 2014 9:08am, "Stewart Bryant" <stbryant@cisco.com> said:

<trimmed>
> Scott
> 
> Thank you for the review.
> 
> MPLS signalling is only used in well managed and highly monitored networks
> so an attempt by an attacker to join would be noticed. However to
> attempt the
> join the attacker would first need to breach the physical and packet
> filtering
> security measures.
> 
> This would not be deployed on or over the public Internet.
> 
> Stewart

If this is obvious to folks working in this domain, you may not need to say this in the document, but if you want it to be obvious to everyone, a statement to this effect in the security considerations might be helpful.

Thanks,

Scott