Last Call Review of draft-ietf-ccamp-flexi-grid-fwk-05
review-ietf-ccamp-flexi-grid-fwk-05-secdir-lc-hartman-2015-08-06-00

I've been assigned at the secdir reviewer for
draft-ietf-ccamp-flexi-grid-fwk-05.

This document appears ready for publication.

This document describes a framework and requirements for the GMPLS
control plane for flexible grid DWDM optical transport networks.
The basic change is that rather than having a fixed grid of frequencies,
the frequency and slot widthof each media channel are parameters of the
control plane.


I read through section 1, 2, good chunks of section3, 4 and 7.

The authors claim in section 7 that the security implications are the
same between a flexible grid network and a fixed grip netwerk.

This seems to generally be true.
I think that the flexible grid network introduces new ways that attacks
can result.  As an example, the control plane might be able to loosen
restrictions on a filter so that an attacker was able to see more than
they should.  (my physics is entirely inadequate to the task of figuring
out whether this is interesting or would for example just create a DOS)
It might be harder to express this particular misconfiguration/attack in
a fixed network.
However it seems that the general issue is as the authors claim present
in the fixed grid network.

Which is to say, that I don't think the security is identical, but I
agree with the authors that the security considerations seem
substantially similar.
I don't see value for changes in the text in this document.

I did not read the cited references and confirm that the described
security considerations in those documents are adequate.

Thanks for a well-written document.