[secdir] secdir review of draft-ietf-pwe3-mpls-eth-oam-iwk-06

Stephen Hanna <shanna@juniper.net> Tue, 21 August 2012 01:54 UTC

Return-Path: <shanna@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B981911E809A; Mon, 20 Aug 2012 18:54:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.688
X-Spam-Status: No, score=-105.688 tagged_above=-999 required=5 tests=[AWL=-0.892, BAYES_00=-2.599, LONGWORDS=1.803, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id CUnIPwh0n7-4; Mon, 20 Aug 2012 18:54:40 -0700 (PDT)
Received: from exprod7og101.obsmtp.com (exprod7og101.obsmtp.com []) by ietfa.amsl.com (Postfix) with ESMTP id 07FE211E80A2; Mon, 20 Aug 2012 18:54:33 -0700 (PDT)
Received: from P-EMHUB02-HQ.jnpr.net ([]) (using TLSv1) by exprod7ob101.postini.com ([]) with SMTP ID DSNKUDLqWUszum0DhLRRdi2pL8CUCnUVSEUw@postini.com; Mon, 20 Aug 2012 18:54:40 PDT
Received: from p-emfe01-wf.jnpr.net ( by P-EMHUB02-HQ.jnpr.net ( with Microsoft SMTP Server (TLS) id; Mon, 20 Aug 2012 18:54:16 -0700
Received: from EMBX01-WF.jnpr.net ([fe80::8002:d3e7:4146:af5f]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Mon, 20 Aug 2012 21:54:15 -0400
From: Stephen Hanna <shanna@juniper.net>
To: "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-pwe3-mpls-eth-oam-iwk.all@tools.ietf.org" <draft-ietf-pwe3-mpls-eth-oam-iwk.all@tools.ietf.org>
Date: Mon, 20 Aug 2012 21:54:14 -0400
Thread-Topic: secdir review of draft-ietf-pwe3-mpls-eth-oam-iwk-06
Thread-Index: Ac1/P93G5CAAbzJ/TqG6VlMDs0ODyQ==
Message-ID: <AC6674AB7BC78549BB231821ABF7A9AEB91380E630@EMBX01-WF.jnpr.net>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] secdir review of draft-ietf-pwe3-mpls-eth-oam-iwk-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2012 01:54:40 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes how underlying defects in individual circuits
or pseudowires should be mapped in order to provide emulated Ethernet
service. I know very little about this area but I have reviewed the
document and the primary references.

Apparently, pseudowires provide little security themselves although
supplemental security mechanisms may be used. In that context, this
document seems to add no new security concerns. If security measures
are not used, OAM messages can be fabricated, modified, or viewed in
transit but this is arguably no worse than the lack of protection
for all the other traffic flowing over pseudowires.

The Security Considerations section in this document mainly points to
the Security Considerations sections in several more fundamental
documents. Those sections clearly describe the threats inherent in
this design so I see no need for changes to this document.