Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14

"Dan Harkins" <dharkins@lounge.org> Tue, 28 October 2014 16:26 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAAFC1A1B6D; Tue, 28 Oct 2014 09:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUdnBAMpeesC; Tue, 28 Oct 2014 09:26:24 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id DF1291A8F4F; Tue, 28 Oct 2014 09:24:50 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 846371022404C; Tue, 28 Oct 2014 09:24:50 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Tue, 28 Oct 2014 09:24:50 -0700 (PDT)
Message-ID: <946399d78e1b4a6e8d2a1b6df04dd66c.squirrel@www.trepanning.net>
In-Reply-To: <7AEB3D6833318045B4AE71C2C87E8E1729C41344@dfweml706-chm>
References: <28335d401a6c792d0259a03c5767c1dc.squirrel@www.trepanning.net> <7AEB3D6833318045B4AE71C2C87E8E1729C41344@dfweml706-chm>
Date: Tue, 28 Oct 2014 09:24:50 -0700 (PDT)
From: "Dan Harkins" <dharkins@lounge.org>
To: "Leeyoung" <leeyoung@huawei.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/o5NRHZARyeQqjSqsoJTvJ8poges
Cc: "draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org" <draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 16:26:27 -0000

  Hi Young,

On Tue, October 28, 2014 8:50 am, Leeyoung wrote:
> Hi Dan,
>
> Thanks a lot for your review and providing comments.
>
> Would the following work for you in Security Section to add:
>
> "Solutions that address the requirements in this document need to verify
> that existing PCEP security mechanisms adequately protect the additional
> network capabilities and must include new mechanisms as necessary."

  Yes, that's fine. Adrian had a good point (it's a requirements document)
and this puts the requirements where they should be-- on the solution
that addresses the requirements.

  thanks,

  Dan.

> Best regards,
> Young
>
> -----Original Message-----
> From: Dan Harkins [mailto:dharkins@lounge.org]
> Sent: Monday, October 27, 2014 12:04 PM
> To: iesg@ietf.org; secdir@ietf.org;
> draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org
> Subject: secdir review of draft-ietf-pce-wson-routing-wavelength-14
>
>
>   Hello,
>
>   I have reviewed draft-ietf-pce-wson-routing-wavelength as part of the
> security directorate's ongoing effort to review all IETF documents being
> processed by the IESG.  These comments were written primarily for the
> benefit of the security area directors. Document editors and WG chairs
> should treat  these comments just like any other last call comments.
>
>   This is a requirements document for additions to the PCEP protocol to
> support path computation in a wavelength-switched optical network. It
> describes what needs to be added to requests/responses to support
> routing and wavelength assignment to a path computation element (that
> supports both functions) for a path computation client.
>
>   The security considerations are basically a punt. There's information
> that an operator may not want to disclose and "[c]onsideration should be
> given to securing this information." That seems a little thin. At the
> very least some explanation of how this should be done. Do only the TLVs
> that represent these required additions require confidentiality?
> Is KARP a potential solution to this problem? If so it might be nice to
> explain that; if not, then why and what else would be required?
>
>   It is a well-organized and well-written document. I would say it is
> "ready with nits", my nits being the thinness of the Security
> Consideration section.
>
>   regards,
>
>   Dan.
>
>
>