[secdir] secdir review of draft-ietf-pwe3-fc-encap-14.txt
Stephen Hanna <shanna@juniper.net> Mon, 21 February 2011 15:05 UTC
Return-Path: <shanna@juniper.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CDF0F3A7121; Mon, 21 Feb 2011 07:05:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQ4oBNK80KhZ; Mon, 21 Feb 2011 07:05:44 -0800 (PST)
Received: from exprod7og111.obsmtp.com (exprod7og111.obsmtp.com [64.18.2.175]) by core3.amsl.com (Postfix) with ESMTP id 9534F3A7115; Mon, 21 Feb 2011 07:05:43 -0800 (PST)
Received: from source ([66.129.224.36]) (using TLSv1) by exprod7ob111.postini.com ([64.18.6.12]) with SMTP ID DSNKTWJ/bZxJfEf8oy7M5ru3F9qEgwZr52dF@postini.com; Mon, 21 Feb 2011 07:06:25 PST
Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.2.254.0; Mon, 21 Feb 2011 07:03:52 -0800
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Mon, 21 Feb 2011 10:04:23 -0500
From: Stephen Hanna <shanna@juniper.net>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Date: Mon, 21 Feb 2011 10:04:22 -0500
Thread-Topic: secdir review of draft-ietf-pwe3-fc-encap-14.txt
Thread-Index: AcvR2J79mnoqbMWXRHiAcNAfdrQddA==
Message-ID: <AC6674AB7BC78549BB231821ABF7A9AE970E6E1FE2@EMBX01-WF.jnpr.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "draft-ietf-pwe3-fc-encap@tools.ietf.org" <draft-ietf-pwe3-fc-encap@tools.ietf.org>
Subject: [secdir] secdir review of draft-ietf-pwe3-fc-encap-14.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2011 15:05:44 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes how Fibre Channel traffic can be carried over MPLS networks using a Fibre Channel pseudowire (FC PW). I am not an expert in Fibre Channel, MPLS, or pseudowires so I will not venture any judgment on the content of the draft. I will focus exclusively on the Security Considerations section. The Security Considerations section is rather brief, only five sentences long. While I support brevity, this section seems to omit key information. For example, the text says "FC PW shares susceptibility to a number of pseudowire-layer attacks and implementations SHOULD use whatever mechanisms for confidentiality, integrity, and authentication are developed for PWs in general. These methods are beyond the scope of this document." That's too brief. At least, the authors should add a reference to a document that describes the attacks to which this protocol is susceptible and the countermeasures that can be employed. If no such document exists, either it should be written or this document should describe the threats and countermeasures or this document should admit that the threats and countermeasures are not understood at this time. You can't just leave the analysis of threats and countermeasures to the reader. Thanks, Steve Hanna
- [secdir] secdir review of draft-ietf-pwe3-fc-enca… Stephen Hanna
- Re: [secdir] secdir review of draft-ietf-pwe3-fc-… david.black