Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14
"Dan Harkins" <dharkins@lounge.org> Tue, 28 October 2014 16:26 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAAFC1A1B6D; Tue, 28 Oct 2014 09:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUdnBAMpeesC; Tue, 28 Oct 2014 09:26:24 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id DF1291A8F4F; Tue, 28 Oct 2014 09:24:50 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 846371022404C; Tue, 28 Oct 2014 09:24:50 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Tue, 28 Oct 2014 09:24:50 -0700 (PDT)
Message-ID: <946399d78e1b4a6e8d2a1b6df04dd66c.squirrel@www.trepanning.net>
In-Reply-To: <7AEB3D6833318045B4AE71C2C87E8E1729C41344@dfweml706-chm>
References: <28335d401a6c792d0259a03c5767c1dc.squirrel@www.trepanning.net> <7AEB3D6833318045B4AE71C2C87E8E1729C41344@dfweml706-chm>
Date: Tue, 28 Oct 2014 09:24:50 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Leeyoung <leeyoung@huawei.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/o5NRHZARyeQqjSqsoJTvJ8poges
Cc: "draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org" <draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 16:26:27 -0000
Hi Young, On Tue, October 28, 2014 8:50 am, Leeyoung wrote: > Hi Dan, > > Thanks a lot for your review and providing comments. > > Would the following work for you in Security Section to add: > > "Solutions that address the requirements in this document need to verify > that existing PCEP security mechanisms adequately protect the additional > network capabilities and must include new mechanisms as necessary." Yes, that's fine. Adrian had a good point (it's a requirements document) and this puts the requirements where they should be-- on the solution that addresses the requirements. thanks, Dan. > Best regards, > Young > > -----Original Message----- > From: Dan Harkins [mailto:dharkins@lounge.org] > Sent: Monday, October 27, 2014 12:04 PM > To: iesg@ietf.org; secdir@ietf.org; > draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org > Subject: secdir review of draft-ietf-pce-wson-routing-wavelength-14 > > > Hello, > > I have reviewed draft-ietf-pce-wson-routing-wavelength as part of the > security directorate's ongoing effort to review all IETF documents being > processed by the IESG. These comments were written primarily for the > benefit of the security area directors. Document editors and WG chairs > should treat these comments just like any other last call comments. > > This is a requirements document for additions to the PCEP protocol to > support path computation in a wavelength-switched optical network. It > describes what needs to be added to requests/responses to support > routing and wavelength assignment to a path computation element (that > supports both functions) for a path computation client. > > The security considerations are basically a punt. There's information > that an operator may not want to disclose and "[c]onsideration should be > given to securing this information." That seems a little thin. At the > very least some explanation of how this should be done. Do only the TLVs > that represent these required additions require confidentiality? > Is KARP a potential solution to this problem? If so it might be nice to > explain that; if not, then why and what else would be required? > > It is a well-organized and well-written document. I would say it is > "ready with nits", my nits being the thinness of the Security > Consideration section. > > regards, > > Dan. > > >
- [secdir] secdir review of draft-ietf-pce-wson-rou… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-pce-wson… Adrian Farrel
- Re: [secdir] secdir review of draft-ietf-pce-wson… Leeyoung
- Re: [secdir] secdir review of draft-ietf-pce-wson… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-pce-wson… Leeyoung
- Re: [secdir] secdir review of draft-ietf-pce-wson… OSCAR GONZALEZ DE DIOS