[secdir] Review of draft-ietf-l3vpn-mvpn-mldp-nlri-06

Shawn M Emery <shawn.emery@oracle.com> Tue, 28 October 2014 06:30 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 32D2B1A023E for <secdir@ietfa.amsl.com>; Mon, 27 Oct 2014 23:30:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YwsGRNYmN-Yp for <secdir@ietfa.amsl.com>; Mon, 27 Oct 2014 23:30:41 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8E5C1A008A for <secdir@ietf.org>; Mon, 27 Oct 2014 23:30:41 -0700 (PDT)
Received: from ucsinet22.oracle.com (ucsinet22.oracle.com []) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s9S6UcXR012007 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 28 Oct 2014 06:30:39 GMT
Received: from aserz7021.oracle.com (aserz7021.oracle.com []) by ucsinet22.oracle.com (8.14.5+Sun/8.14.5) with ESMTP id s9S5gO4P008342 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 28 Oct 2014 05:42:28 GMT
Received: from abhmp0009.oracle.com (abhmp0009.oracle.com []) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s9S6UY3q015707; Tue, 28 Oct 2014 06:30:34 GMT
Received: from [] (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 27 Oct 2014 23:30:34 -0700
Message-ID: <544F3820.6040505@oracle.com>
Date: Tue, 28 Oct 2014 00:30:56 -0600
From: Shawn M Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20141007 Thunderbird/17.0.11
MIME-Version: 1.0
To: secdir@ietf.org
References: <53E5864D.7040809@oracle.com>
In-Reply-To: <53E5864D.7040809@oracle.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: ucsinet22.oracle.com []
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/qgNJQbgiXPbp9N_8If45jMjz-iA
Cc: draft-ietf-l3vpn-mvpn-mldp-nlri.all@tools.ietf.org
Subject: [secdir] Review of draft-ietf-l3vpn-mvpn-mldp-nlri-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 06:30:45 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This proposed standard draft describes a protocol extension that allows the use of
Multicast Extensions to Label Distribution Protocol (mLDAP) for MultiProtocol Label
Switching (MPLS) multicast traffic without the current set of restrictions for deployment.

The security considerations section does exist and discloses that the proposal only involves
a way of encoding an element in an existing protocol.  The section goes on to describe that
no new security concerns are applicable because of this and refers to the security considerations
of mLDP and Multicast VPN-BGP for the overall security implications.  I agree with this assessment
and with the claim that there are no new security concerns with the proposal.

General comments:


Editorial comments:

The "Requirements Language" section does not exist and the associated text looks to be in the
"Introduction" section.