Last Call Review of draft-ietf-alto-reqs-
review-ietf-alto-reqs-secdir-lc-hoffman-2012-01-23-00
Request | Review of | draft-ietf-alto-reqs |
---|---|---|
Requested revision | No specific revision (document currently at 16) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2012-01-12 | |
Requested | 2011-12-29 | |
Authors | Sebastian Kiesel , Stefano Previdi , Martin Stiemerling , Richard Woundy , Y. Richard Yang | |
I-D last updated | 2012-01-23 | |
Completed reviews |
Secdir Last Call review of -??
by Paul E. Hoffman
|
|
Assignment | Reviewer | Paul E. Hoffman |
State | Completed | |
Request | Last Call review on draft-ietf-alto-reqs by Security Area Directorate Assigned | |
Completed | 2012-01-23 |
review-ietf-alto-reqs-secdir-lc-hoffman-2012-01-23-00
Greetings again. This is a security review of draft-ietf-alto-reqs, "Application-Layer Traffic Optimization (ALTO) Requirements". An ALTO protocol would allow optimization of network resources when information is in multiple places; a client can ask a server where to get the information, and the server can give hopefully-intelligent answers based on what the server knows of the network load, server load, network topology, and so on. This document does quite a good job of covering the many security issues with such a protocol. It lays out many of the competing security considerations, particularly the privacy of each party and, being a requirements document, doesn't answer any of the hard questions that will need to come in the upcoming protocol document. --Paul Hoffman