[secdir] secdir review of draft-ietf-opsec-protect-control-plane-04
"Glen Zorn" <gwz@net-zen.net> Tue, 14 December 2010 06:38 UTC
Return-Path: <gwz@net-zen.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 344AA3A6E4F for <secdir@core3.amsl.com>; Mon, 13 Dec 2010 22:38:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.572
X-Spam-Level:
X-Spam-Status: No, score=-102.572 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dXrMJUrhoHgC for <secdir@core3.amsl.com>; Mon, 13 Dec 2010 22:37:59 -0800 (PST)
Received: from smtpauth13.prod.mesa1.secureserver.net (smtpauth13.prod.mesa1.secureserver.net [64.202.165.37]) by core3.amsl.com (Postfix) with SMTP id 4EBB23A6E4B for <secdir@ietf.org>; Mon, 13 Dec 2010 22:37:58 -0800 (PST)
Received: (qmail 3323 invoked from network); 14 Dec 2010 06:39:38 -0000
Received: from unknown (124.122.110.184) by smtpauth13.prod.mesa1.secureserver.net (64.202.165.37) with ESMTP; 14 Dec 2010 06:39:37 -0000
From: Glen Zorn <gwz@net-zen.net>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-opsec-protect-control-plane@tools.ietf.org, opsec-chairs@tools.ietf.org
Date: Tue, 14 Dec 2010 13:39:31 +0700
Organization: Network Zen
Message-ID: <001201cb9b59$acd02d70$06708850$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcubWamob5YqS29CS2ujzWXZeKAbbg==
Content-Language: en-us
Subject: [secdir] secdir review of draft-ietf-opsec-protect-control-plane-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Dec 2010 06:38:00 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Section 3.1 says: o Permit RADIUS authentication and accounting replies from RADIUS servers 198.51.100.9, 198.51.100.10, 2001:DB8:100::9, and 2001: DB8:100::10 that are listening on UDP ports 1645 and 1646. Note that this doesn't account for a server using Internet Assigned Numbers Authority (IANA) ports 1812 and 1813 for RADIUS. So, in other words, RADIUS traffic on the ports (officially assigned for more than ten years now) will be blocked. This seems like a very poor example.
- [secdir] secdir review of draft-ietf-opsec-protec… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Sean Turner
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Sean Turner
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Joe Abley
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Rodney Dunn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Joe Abley
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Rodney Dunn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Ronald Bonica
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Joe Abley
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)