Last Call Review of draft-ietf-ccamp-flexi-grid-fwk-05

Request Review of draft-ietf-ccamp-flexi-grid-fwk
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-08-04
Requested 2015-07-16
Authors Iftekhar Hussain, Xihua Fu, Fatai Zhang, Daniele Ceccarelli, Oscar de Dios, Ramon Casellas
Draft last updated 2015-08-06
Completed reviews Genart Last Call review of -05 by David Black (diff)
Genart Telechat review of -05 by David Black (diff)
Secdir Last Call review of -05 by Sam Hartman (diff)
Opsdir Last Call review of -05 by Tina Tsou (diff)
Assignment Reviewer Sam Hartman
State Completed
Review review-ietf-ccamp-flexi-grid-fwk-05-secdir-lc-hartman-2015-08-06
Reviewed rev. 05 (document currently at 07)
Review result Ready
Review completed: 2015-08-06


I've been assigned at the secdir reviewer for

This document appears ready for publication.

This document describes a framework and requirements for the GMPLS
control plane for flexible grid DWDM optical transport networks.
The basic change is that rather than having a fixed grid of frequencies,
the frequency and slot widthof each media channel are parameters of the
control plane.

I read through section 1, 2, good chunks of section3, 4 and 7.

The authors claim in section 7 that the security implications are the
same between a flexible grid network and a fixed grip netwerk.

This seems to generally be true.
I think that the flexible grid network introduces new ways that attacks
can result.  As an example, the control plane might be able to loosen
restrictions on a filter so that an attacker was able to see more than
they should.  (my physics is entirely inadequate to the task of figuring
out whether this is interesting or would for example just create a DOS)
It might be harder to express this particular misconfiguration/attack in
a fixed network.
However it seems that the general issue is as the authors claim present
in the fixed grid network.

Which is to say, that I don't think the security is identical, but I
agree with the authors that the security considerations seem
substantially similar.
I don't see value for changes in the text in this document.

I did not read the cited references and confirm that the described
security considerations in those documents are adequate.

Thanks for a well-written document.