Security Requirements for the Unidirectional Lightweight Encapsulation (ULE) Protocol
draft-ietf-ipdvb-sec-req-09

[Ballot comment]
Appendix A talks about modeling DBV link layer security with a
number of modules, including a security policy database (SPD)
that may resemble a similar functionality in IPsec.

I wanted to note that traditionally link layer security has been
operated using far simpler policy mechanisms that exists at the
IP layer. Typically, security is either applied or not applied;
some form of algorithm selection is of course needed for algorithm
agility.There are many good reasons for these simple policies, e.g.,
avoiding complexity, the endpoints stay the same (host -> AP),
the endpoints are known to support the mandatory link layer security
features, etc.

I would suggest that the same may apply for DVB as well.

[Ballot comment]
Please consider the comments made by Vijay Gurbani in the Gen-ART
  Review that he posted on 28-Nov-2008.

  In S4, requirements 2-5 have a normative strength of OPTIONAL.
  While I am not trying to second guess the decision reached
  by the WG in assigning this normative strength, I am just
  curious why the strength was not at least a SHOULD (or
  RECOMMENDED)?  These seem like good requirements to have,
  and keeping them OPTIONAL effectively implies that very
  few vendors, if any, will implement them.

  In Abstract: s/a range of services/a variety of services
    (reason: "range" is used in the line above as well.)

As required by RFC-to-be draft-ietf-proto-wgchair-doc-shepherding,
this is the current template for the Document Shepherd Write-Up.
Changes are expected over time.  This version is dated February 1, 2007.


  (1.a)  Who is the Document Shepherd for this document?  Has the
          Document Shepherd personally reviewed this version of the
          document and, in particular, does he or she believe this
          version is ready for forwarding to the IESG for publication?

This is a publication request from the IPDVB WG. I have read this
document (draft-ietf-ipdvb-sec-req-09) and I think this
is ready for publication. The document shepherd is G Fairhurst
(gorry@erg.abdn.ac.uk) IPDVB WG Chair.

    (1.b)  Has the document had adequate review both from key WG members
          and from key non-WG members?  Does the Document Shepherd have
          any concerns about the depth or breadth of the reviews that
          have been performed?

Yes, A previous version of the document was reviewed in a WGLC prior to
IETF-71 (and received comments from DVB and the ETSI/BSM WG were it was
cross-posted). It was also submitted at this time for a SECDIR review,
which revealed a set of issues. These issues were addressed in
revision 07 and 08 revs of the draft.

A new author - active within the group for some time, also made
substantial contributions to the 08 revision, which was submitted
to a WGLC that concluded on 1-Aug-08. During this LC, 3 reviewers plus
the chair submitted new comments, which have been addressed in rev -09.

    (1.c)  Does the Document Shepherd have concerns that the document
          needs more review from a particular or broader perspective,
          e.g., security, operational complexity, someone familiar with
          AAA, internationalization or XML?

No, it seems that all the previously raised concerns have been
adequately addressed in the latest revision of the document.

    (1.d)  Does the Document Shepherd have any specific concerns or
          issues with this document that the Responsible Area Director
          and/or the IESG should be aware of?  For example, perhaps he
          or she is uncomfortable with certain parts of the document, or
          has concerns whether there really is a need for it.  In any
          event, if the WG has discussed those issues and has indicated
          that it still wishes to advance the document, detail those
          concerns here.  Has an IPR disclosure related to this document
          been filed?  If so, please include a reference to the
          disclosure and summarize the WG discussion and conclusion on
          this issue.
No.

    (1.e)  How solid is the WG consensus behind this document?  Does it
          represent the strong concurrence of a few individuals, with
          others being silent, or does the WG as a whole understand and
          agree with it?

The working group supported this work.

    (1.f)  Has anyone threatened an appeal or otherwise indicated extreme
          discontent?  If so, please summarise the areas of conflict in
          separate email messages to the Responsible Area Director.  (It
          should be in a separate email because this questionnaire is
          entered into the ID Tracker.)

No.

    (1.g)  Has the Document Shepherd personally verified that the            document satisfies all ID nits?  (See
          http://www.ietf.org/ID-Checklist.html and
          http://tools.ietf.org/tools/idnits/).  Boilerplate checks are
          not enough; this check needs to be thorough.  Has the document
          met all formal review criteria it needs to, such as the MIB
          Doctor, media type and URI type reviews?

Yes.

    (1.h)  Has the document split its references into normative and
          informative?  Are there normative references to documents that
          are not ready for advancement or are otherwise in an unclear
          state?  If such normative references exist, what is the
          strategy for their completion?  Are there normative references
          that are downward references, as described in [RFC3967]?  If
          so, list these downward references to support the Area
          Director in the Last Call procedure for them [RFC3967].

The references have been verified.

    (1.i)  Has the Document Shepherd verified that the document IANA
          consideration section exists and is consistent with the body
          of the document?  If the document specifies protocol          extensions, are reservations requested in appropriate IANA
          registries?  Are the IANA registries clearly identified?  If
          the document creates a new registry, does it define the
          proposed initial contents of the registry and an allocation
          procedure for future registrations?  Does it suggest a
          reasonable name for the new registry?  See [RFC2434].  If the
          document describes an Expert Review process has Shepherd
          conferred with the Responsible Area Director so that the IESG
          can appoint the needed Expert during the IESG Evaluation?

There are no IANA actions required for this document.

    (1.j)  Has the Document Shepherd verified that sections of the
          document that are written in a formal language, such as XML
          code, BNF rules, MIB definitions, etc., validate correctly in
          an automated checker?

Not appropriate.

    (1.k)  The IESG approval announcement includes a Document
          Announcement Write-Up.  Please provide such a Document
          Announcement Write-Up?  Recent examples can be found in the
          "Action" announcements for approved documents.  The approval
          announcement contains the following sections:

          Technical Summary
              Relevant content can frequently be found in the abstract
              and/or introduction of the document.  If not, this may be
              an indication that there are deficiencies in the abstract
              or introduction.

This document provides a threat analysis and derives the security
requirements when using the Transport Stream, TS, to support an Internet
network-layer using the Unidirectional Lightweight Encapsulation
(ULE) defined in RFC4326. The document also provides the
motivation for link-layer security for a ULE Stream. A ULE Stream
may be used to send IPv4 packets, IPv6 packets, and other
Protocol Data Units (PDUs) to an arbitrarily large number of
Receivers supporting unicast and/or multicast transmission.

          Working Group Summary
              Was there anything in WG process that is worth noting?  For
              example, was there controversy about particular points or
              were there decisions where the consensus was particularly
              rough?

This document builds on RFC 4326, and identifies a set of
security-related topics that impact IP operation over a range of
broadcast links supporting IP.

          Document Quality
              Are there existing implementations of the protocol?  Have a
              significant number of vendors indicated their plan to
              implement the specification?  Are there any reviewers that
              merit special mention as having done a thorough review,
              e.g., one that resulted in important changes or a
              conclusion that the document had no substantive issues?  If
              there was a MIB Doctor, Media Type or other expert review,
              what was its course (briefly)?  In the case of a Media Type
              review, on what date was the request posted?

The IPDVB WG has reached consensus that this document is ready for
publication as an informational RFC. This document does not define a
protocol or new mechanism.