[secdir] Review of draft-ietf-ccamp-gmpls-vcat-lcas-13.txt

Ondřej Surý <ondrej.sury@nic.cz> Thu, 02 June 2011 12:48 UTC

Return-Path: <ondrej.sury@nic.cz>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D3B17E07BA; Thu, 2 Jun 2011 05:48:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id e7G5aZbIkRbp; Thu, 2 Jun 2011 05:48:01 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by ietfa.amsl.com (Postfix) with ESMTP id D2E97E07B9; Thu, 2 Jun 2011 05:48:00 -0700 (PDT)
Received: from [IPv6:2001:1488:ac14:1400:224:e8ff:fea9:f617] (unknown [IPv6:2001:1488:ac14:1400:224:e8ff:fea9:f617]) by mail.nic.cz (Postfix) with ESMTPSA id 85C6E2A2C48; Thu, 2 Jun 2011 14:47:54 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1307018874; bh=Q+v3ZDHZHXCQpqhSpsldN2LOV8sw0yWLNPzQmC2Hh5Q=; h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type: Content-Transfer-Encoding; b=GkZX0E2b1Z+34GKJNO/gPBJEh+tgiN+G4JKWyxnnj90AvlGCqd6j8dChM4lcK5dcn UIguscs3yjSKswABjQiWWBYJDg6NYT0zI+B9c4jpwZuM0kp7+uKr1svtYJWuhdx3R1 7YEyYYDkWKW9JJ1qc0maIOZyEh9Tr1Xy80jSUrTY=
Message-ID: <4DE78679.3060308@nic.cz>
Date: Thu, 02 Jun 2011 14:47:53 +0200
From: =?UTF-8?B?T25kxZllaiBTdXLDvQ==?= <ondrej.sury@nic.cz>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110424 Thunderbird/3.1.10
MIME-Version: 1.0
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-ccamp-gmpls-vcat-lcas.all@tools.ietf.org
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.96.5 at mail
X-Virus-Status: Clean
Subject: [secdir] Review of draft-ietf-ccamp-gmpls-vcat-lcas-13.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2011 12:48:02 -0000


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The document summarizes requirements and use of Generalized 
Multi-Protocol Label Switching (GMPLS) control plane in support of the 
Virtual Concatentation and Link Capacity Adjustment Scheme.  In addition 
to this it add a specific use of the Notify message and admin status 
object for GMPLS signaling.

The security consideration is very short stating that the interceptor 
may see informations about different routes and that these members are 
of the same VCAT group.

I do not see any new security consideration on top of existing RFC5920.

You should read this review with one fact in mind: the subject of the 
draft is far far away from my expertise, however it seems to be well 
written and ready for publication.

  Ondřej Surý
  vedoucí výzkumu/Head of R&D department
  CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
  Americka 23, 120 00 Praha 2, Czech Republic
  mailto:ondrej.sury@nic.cz    http://nic.cz/
  tel:+420.222745110       fax:+420.222745112