Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-security-groupkeying-04
"Carlberg, Kenneth G." <KENNETH.G.CARLBERG@saic.com> Tue, 02 June 2009 14:16 UTC
Return-Path: <KENNETH.G.CARLBERG@saic.com>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D90143A693A for <tsvwg@core3.amsl.com>; Tue, 2 Jun 2009 07:16:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9tSq8EmXUeyn for <tsvwg@core3.amsl.com>; Tue, 2 Jun 2009 07:16:02 -0700 (PDT)
Received: from mclmx2.mail.saic.com (mclmx2.mail.saic.com [149.8.64.32]) by core3.amsl.com (Postfix) with ESMTP id 30E2E3A6ECB for <tsvwg@ietf.org>; Tue, 2 Jun 2009 07:15:58 -0700 (PDT)
Received: from 0015-ITS-SMS02 ([149.8.64.21] [149.8.64.21]) by mclmx2.mail.saic.com with ESMTP id BT-MMP-5643581; Tue, 2 Jun 2009 10:15:25 -0400
X-AuditID: 9508402f-abbb0ba000006bc2-a8-4a2533fce7c3
Received: from 0015-its-exbh03.us.saic.com (unknown [149.8.64.21]) by 0015-ITS-SMS02 (Symantec Mail Security) with ESMTP id EBFE5594124; Tue, 2 Jun 2009 10:15:24 -0400 (EDT)
Received: from 0015-its-exmb11.us.saic.com ([10.43.229.22]) by 0015-its-exbh03.us.saic.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 2 Jun 2009 10:15:25 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 02 Jun 2009 10:15:24 -0400
Message-Id: <B111EEAA42CD0F4D85A5E486368D155A024D109B@0015-its-exmb11.us.saic.com>
In-Reply-To: <D24156B9-B8A6-4552-9642-B366DE07B7EB@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-security-groupkeying-04
Thread-Index: AcnN3C7N8rc/XN/qQkSJrm3ALaOEKwVqtm2g
References: <D24156B9-B8A6-4552-9642-B366DE07B7EB@cisco.com>
From: "Carlberg, Kenneth G." <KENNETH.G.CARLBERG@saic.com>
To: Francois Le Faucheur IMAP <flefauch@cisco.com>, Michael Behringer <mbehring@cisco.com>
X-OriginalArrivalTime: 02 Jun 2009 14:15:25.0304 (UTC) FILETIME=[92B51F80:01C9E38C]
X-Brightmail-Tracker: AAAAAA==
Cc: tsvwg IETF list <tsvwg@ietf.org>
Subject: Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-security-groupkeying-04
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2009 14:16:02 -0000
Francois & Michael, Here is another review of the draft. Its mostly comprised of nits and requests for additional clarification. -ken 1) page 4, "Implicitly each node trusts each other node with which it has a trust relationship established via the mechanisms here to adhere to the protocol specifications laid out by the various standards." The sentence is a bit long and confusing. You need to break up the sentence and clarify the content of the word "here". Also, s/other/other's 2) page 5, 3'rd para. s/R2 and will ignore/R2 will ignore 3) page 5, 5'th para. "With neighbor based keys, an RSVP key is bound to an interface plus a neighbor on that interface. It allows the distinction of different trust groups on a single subnet. (Assuming that layer-2 security is correctly implemented to prevent layer-2 attacks.)" Does the above text concerning neighbor based keys allow for different trust groups per interface? If so, this should be stated to the reader. 4) Page 6, 5'th para. s/domains however/domains. However 5) page 14, 2'nd para. "In particular, such keying can be used for RSVP authentication (e.g., using RSVP authentication or IPsec AH) and/ or for RSVP encryption (e.g., using IPsec ESP in tunnel mode)." The sentence is a bit unclear with respect to using the term RSVP authentication as an example of keying "used for RSVP authentication". You'll either need to clarify the text, or just rely on IPsec AH as a single example. 6) Page 15, late sentence of 4'th para. "Therefore the impact of subverted nodes on the path is comparable, independently whether per-interface, per-neighbor or group keys are used." The reader would probably ask, comparable to what? It would be helpful if you could complete the object of the sentence.
- [Tsvwg] Review of draft-ietf-tsvwg-rsvp-security-… Brian Weis
- Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-secur… Michael Behringer (mbehring)
- Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-secur… Michael Behringer (mbehring)
- Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-secur… Carlberg, Kenneth G.
- Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-secur… Carlberg, Kenneth G.
- Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-secur… Sheela Rowles (sheela)
- Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-secur… Francois Le Faucheur IMAP
- Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-secur… Michael Behringer (mbehring)
- Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-secur… Michael Behringer (mbehring)
- Re: [Tsvwg] Review of draft-ietf-tsvwg-rsvp-secur… Brian Weis