Last Call Review of draft-ietf-cdni-requirements-12
review-ietf-cdni-requirements-12-secdir-lc-emery-2013-12-05-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This informational internet-draft describes the requirements to integrate
multiple Content Delivery Networks (CDNs) for Content Service Providers (CSPs)
so that end users have a single point of access for content.

The security considerations section does exist and refers to a separate section
for the discussion on security requirements.  This section gives requirements
priorities from high to low on the various types of attacks.  The high level
priorities are for authentication, confidentiality, integrity protection,
protection against replay, spoofing, and DoS attacks.  Since it is a requirements
specification there is purposefully no discussion on how to mitigate against such
attacks.

General comments:

None.

Editorial comments:

None.

Shawn.
--