[secdir] Secdir review of draft-ietf-ccamp-flexible-grid-ospf-ext-07

Catherine Meadows <catherine.meadows@nrl.navy.mil> Thu, 19 January 2017 23:24 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 424301295BC; Thu, 19 Jan 2017 15:24:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.1
X-Spam-Status: No, score=-5.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id KBP7Ng1UWrTo; Thu, 19 Jan 2017 15:24:34 -0800 (PST)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5E66129688; Thu, 19 Jan 2017 15:24:33 -0800 (PST)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil []) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id v0JNOV8B011476 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Thu, 19 Jan 2017 18:24:32 -0500
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C28807D6-41B5-4E11-8D30-360A9F593982"
Date: Thu, 19 Jan 2017 18:24:31 -0500
Message-Id: <898B3216-8D9F-47F8-971C-1CD7CC61A4CE@nrl.navy.mil>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-ccamp-flexible-grid-ospf-ext.all@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/jWA7m3hgZTVt698dNSx_bpi8f3g>
Subject: [secdir] Secdir review of draft-ietf-ccamp-flexible-grid-ospf-ext-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2017 23:24:37 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document describes extensions to the Open Shortest Path First (OSPF) Traffic-Engineering (TE) protocol to support GPLS control of networks that include devices that use
the new flexible optical grid introduced by the International Telecommunication Union Telecommunications Standardization Sector (ITU-T). It defines GLMPS OSPF-TE extensions that
support advertising available frequency ranges for flex-grid links.

In the Security Considerations section, the authors point out that this document extends RFCs [RFC3630] and [RFC7580] to carry flex-grid specific information in OSPF Opaque LSAs.
Thus this document does not introduce any new security considerations beyond previous RFCs  specifying these LSAs, and the security mechanisms described in [RFC2328] applying
to these mechanisms still apply.  

I think this is a valid point, and well expressed.  However, when I looked through the document (using both manual and automatic search methods) I was surprised to find that no explicit mention of
OSPF Opaque LSAs other than in the Security Considerations section.  It would be helpful to have a specific mention of them in the body of the document, and a brief discussion of how
they are used to implement the extensions.  This would give a the reader a better understanding of how the Security Considerations section relates to the rest of the document.

Other than that, I think the document is ready.

Cathy Meadows



Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil <mailto:catherine.meadows@nrl.navy.mil>