[secdir] secdir review of draft-ietf-ccamp-gmpls-ethernet-pbb-te-06.txt
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Sun, 03 October 2010 17:33 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 011AB3A6C5A; Sun, 3 Oct 2010 10:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.97
X-Spam-Level:
X-Spam-Status: No, score=-101.97 tagged_above=-999 required=5 tests=[AWL=0.279, BAYES_00=-2.599, HELO_EQ_DE=0.35, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tPfXZPCSHAr; Sun, 3 Oct 2010 10:33:27 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id 81EAF3A6C1D; Sun, 3 Oct 2010 10:33:27 -0700 (PDT)
Received: from localhost (demetrius2.jacobs-university.de [212.201.44.47]) by hermes.jacobs-university.de (Postfix) with ESMTP id 2AC0EC0004; Sun, 3 Oct 2010 19:34:20 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius2.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id 9dqdO0yuY+s0; Sun, 3 Oct 2010 19:34:19 +0200 (CEST)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 42A1AC000D; Sun, 3 Oct 2010 19:34:10 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 4C9A915038E7; Sun, 3 Oct 2010 19:33:41 +0200 (CEST)
Date: Sun, 03 Oct 2010 19:33:41 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-ccamp-gmpls-ethernet-pbb-te.all@tools.ietf.org
Message-ID: <20101003173341.GA16738@elstar.local>
Mail-Followup-To: iesg@ietf.org, secdir@ietf.org, draft-ietf-ccamp-gmpls-ethernet-pbb-te.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [secdir] secdir review of draft-ietf-ccamp-gmpls-ethernet-pbb-te-06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Oct 2010 17:33:29 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I have reviewed -05 and my editorial comments have been addressed in the -06 version. My other comments have apparently not been acted on nor did I receive any response from the authors. The comments were: Security wise, this document essentially refers to other documents, namely RFC 4872 amd RFC 4873. These documents again refer to other documents and ultimately to IPsec as a security solution. If this is correct, perhaps this could be made clearer so people like me do not have to recursively resolve security considerations to find out how things are protected. The security considerations of this document also refer to 802.1AE Media Access Control Security for the protection of "transport" Ethernet. It is not clear what "transport" Ethernet is, perhaps it is the Ethernet traffic carried over the paths. If my interpretation is correct, I would argue that this pointer does not really belong into the security considerations of this document since this specification deals with a part of the signaling plane, not the data plane. Section 5 states that "configuration should be consistent". What happens security wise if configuration is not consistent? This might deserve some discussion in the security considerations. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [secdir] secdir review of draft-ietf-ccamp-gmpls-… Juergen Schoenwaelder
- Re: [secdir] secdir review of draft-ietf-ccamp-gm… Adrian Farrel
- Re: [secdir] secdir review of draft-ietf-ccamp-gm… Fedyk, Donald (Don)