Last Call Review of draft-ietf-ccamp-mpls-tp-cp-framework-
review-ietf-ccamp-mpls-tp-cp-framework-secdir-lc-leiba-2011-02-07-00
| Request | Review of | draft-ietf-ccamp-mpls-tp-cp-framework |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-02-01 | |
| Requested | 2011-01-18 | |
| Authors | Eric Gray , Dr. Nabil N. Bitar , Luyuan Fang , Lou Berger , Loa Andersson | |
| I-D last updated | 2011-02-07 | |
| Completed reviews |
Secdir Last Call review of -??
by Barry Leiba
|
|
| Assignment | Reviewer | Barry Leiba |
| State | Completed | |
| Request | Last Call review on draft-ietf-ccamp-mpls-tp-cp-framework by Security Area Directorate Assigned | |
| Completed | 2011-02-07 |
review-ietf-ccamp-mpls-tp-cp-framework-secdir-lc-leiba-2011-02-07-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. In particular, I don't know a lot about MPLS, whatever "TP"s and "G"s and "PWE"s are attached to it. I've tried to read this from a security point of view only. The GenART review has given an excellent editorial look at the document, so I won't try to repeat that. I have only one concern, from the security viewpoint, and I'm not sure how much of a concern it is. Sections 2.1 to 2.3 list more than 130 requirements for the MPLS-TP control plane. Section 2.4, "Security Requirements", then says this: There are no specific MPLS-TP control plane security requirements. The existing framework for MPLS and GMPLS security is documented in [RFC5920] and that document applies equally to MPLS-TP. I have no way to tell whether, perhaps, some of those 130+ functional requirements ought to be generating some security requirements beyond what's in RFC 5920. For example, requirement 14, just to pick one: 14. The MPLS-TP control plane must support the logical separation of the control plane from the management and data plane [RFC5654, requirement 15]. Note that this implies that the addresses used in the control plane are independent from the addresses used in the management and data planes. Is it possible that requiring logical separation of the control plane from the management and data planes might also introduce a security requirement with respect to that separation? Perhaps the working group and the joint effort have already considered this for each requirement, and all is well. I can't tell: there are far too many requirements and variables here, and my knowledge of MPLS is far too slight. I just think it's important to bring up this point, and whenever I see discussion of out-of-band controls, I wonder about the security implications. The security considerations section (6) points out that this document is showing how other specifications provide the means to meet the requirements listed here, and that those specifications have (and possible future extension specifications will have) security considerations sections that properly cover the issues. I think that's correct; my concern is only about whether any security requirements might have been overlooked, which might necessitate an unanticipated adaptation in order to use, say, GMPLS to satisfy functional requirements here. Barry