[secdir] secdir review of draft-ietf-pwe3-fc-encap-14.txt

Stephen Hanna <shanna@juniper.net> Mon, 21 February 2011 15:05 UTC

Return-Path: <shanna@juniper.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id CDF0F3A7121; Mon, 21 Feb 2011 07:05:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id iQ4oBNK80KhZ; Mon, 21 Feb 2011 07:05:44 -0800 (PST)
Received: from exprod7og111.obsmtp.com (exprod7og111.obsmtp.com []) by core3.amsl.com (Postfix) with ESMTP id 9534F3A7115; Mon, 21 Feb 2011 07:05:43 -0800 (PST)
Received: from source ([]) (using TLSv1) by exprod7ob111.postini.com ([]) with SMTP ID DSNKTWJ/bZxJfEf8oy7M5ru3F9qEgwZr52dF@postini.com; Mon, 21 Feb 2011 07:06:25 PST
Received: from p-emfe01-wf.jnpr.net ( by P-EMHUB03-HQ.jnpr.net ( with Microsoft SMTP Server (TLS) id; Mon, 21 Feb 2011 07:03:52 -0800
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Mon, 21 Feb 2011 10:04:23 -0500
From: Stephen Hanna <shanna@juniper.net>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Date: Mon, 21 Feb 2011 10:04:22 -0500
Thread-Topic: secdir review of draft-ietf-pwe3-fc-encap-14.txt
Thread-Index: AcvR2J79mnoqbMWXRHiAcNAfdrQddA==
Message-ID: <AC6674AB7BC78549BB231821ABF7A9AE970E6E1FE2@EMBX01-WF.jnpr.net>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "draft-ietf-pwe3-fc-encap@tools.ietf.org" <draft-ietf-pwe3-fc-encap@tools.ietf.org>
Subject: [secdir] secdir review of draft-ietf-pwe3-fc-encap-14.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2011 15:05:44 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

This document describes how Fibre Channel traffic can be carried
over MPLS networks using a Fibre Channel pseudowire (FC PW). I am
not an expert in Fibre Channel, MPLS, or pseudowires so I will not
venture any judgment on the content of the draft. I will focus
exclusively on the Security Considerations section.

The Security Considerations section is rather brief, only five
sentences long. While I support brevity, this section seems to
omit key information. For example, the text says "FC PW shares
susceptibility to a number of pseudowire-layer attacks and
implementations SHOULD use whatever mechanisms for confidentiality,
integrity, and authentication are developed for PWs in general.
These methods are beyond the scope of this document." That's too
brief. At least, the authors should add a reference to a document
that describes the attacks to which this protocol is susceptible
and the countermeasures that can be employed. If no such document
exists, either it should be written or this document should describe
the threats and countermeasures or this document should admit that
the threats and countermeasures are not understood at this time.
You can't just leave the analysis of threats and countermeasures
to the reader.


Steve Hanna