[secdir] Review of draft-ietf-pwe3-iccp-stp-04

Shawn M Emery <shawn.emery@oracle.com> Wed, 23 September 2015 08:11 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF6691A9023 for <secdir@ietfa.amsl.com>; Wed, 23 Sep 2015 01:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CGVqbXmWqCUW for <secdir@ietfa.amsl.com>; Wed, 23 Sep 2015 01:11:18 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD6B81A9006 for <secdir@ietf.org>; Wed, 23 Sep 2015 01:11:18 -0700 (PDT)
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t8N8BHeD025507 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 23 Sep 2015 08:11:18 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id t8N8BH3c009119 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 23 Sep 2015 08:11:17 GMT
Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by aserv0122.oracle.com (8.13.8/8.13.8) with ESMTP id t8N8BHSw005064; Wed, 23 Sep 2015 08:11:17 GMT
Received: from [10.159.120.65] (/10.159.120.65) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 23 Sep 2015 01:11:16 -0700
Message-ID: <56025EEB.5060602@oracle.com>
Date: Wed, 23 Sep 2015 02:12:27 -0600
From: Shawn M Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: secdir@ietf.org
References: <559A155B.6080505@oracle.com>
In-Reply-To: <559A155B.6080505@oracle.com>
X-Forwarded-Message-Id: <559A155B.6080505@oracle.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Source-IP: aserv0021.oracle.com [141.146.126.233]
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/ti_6rL5y8ETPnfg6P9F2IkU3GCY>
Cc: draft-ietf-pwe3-iccp-stp.all@tools.ietf.org
Subject: [secdir] Review of draft-ietf-pwe3-iccp-stp-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2015 08:11:20 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a Spanning Tree Protocol (STP) application for the
Inter-Chassis Communication Protocol (ICCP).

The security considerations section does exist and refers to the base ICCP
specification, RFC 7275, for applicability.  7275 lists the security
constraints and limitations sufficiently when considering the reviewed draft.
The section goes on to describe potential DoS attacks as described in 7275
and provides a single example to mitigate such an attack.  Even though this
coverage is fairly sparse, 7275 outlines a more comprehensive list of thwarting
potential threats.
  
General comments:

None.

Editorial comments:

PE, PW, AC, CE, and LDP are never expanded.

s/need be active/need to be active/

s/such system/such systems/

s/that support ICCP/that supports ICCP/

s/on CE or PE/on the CE or PE/

s/attack on channel/attack on a channel/

s/careful attack on channel/a careful attack on a channel/

Shawn.
--