Last Call Review of draft-ietf-ccamp-gmpls-mln-extensions-
review-ietf-ccamp-gmpls-mln-extensions-secdir-lc-emery-2010-03-03-00

Request Review of draft-ietf-ccamp-gmpls-mln-extensions
Requested rev. no specific revision (document currently at 12)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-03-02
Requested 2010-02-05
Authors Jean-Louis Le Roux, Deborah Brungard, Papadimitriou Dimitri, Kohei Shiomoto, Martin Vigoureux
Draft last updated 2010-03-03
Completed reviews Secdir Last Call review of -?? by Shawn Emery
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-ccamp-gmpls-mln-extensions-secdir-lc-emery-2010-03-03
Review completed: 2010-03-03

Review
review-ietf-ccamp-gmpls-mln-extensions-secdir-lc-emery-2010-03-03

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the 


IESG.  These comments were written primarily for the benefit of the 


security area directors. Document editors and WG chairs should treat 


these comments just like any other last call comments.






This draft describes protocol extensions for interfacing with 


Generalized Multi Protocol Label Switching (GMPLS) 


Multi-Layer/Multi-Region Networks.






The security considerations section does exist and references 


draft-ietf-mpls-mpls-and-gmpls-security-framework for the various 


attacks and their possible solutions regarding MPLS/GMPLS.  The section 


then discloses that a call controller should not be reachable from an 


external Traffic Engineering domain.  Then discusses that in order to 


prevent MITM attacks that IKE MUST be used between edge nodes and 


terminating calls.  After reading this draft and the security-framework 


draft it seems that they cover the threat models sufficiently.




General comments:

None.

Editorial comments:

Introduction:

PSC and L2SC are expanded, therefore:
s/TDM/Time-Division Multiplexing (TDM)/

- -
Shawn.