Last Call Review of draft-ietf-dime-agent-overload-08
review-ietf-dime-agent-overload-08-secdir-lc-ladd-2017-01-19-00

Request Review of draft-ietf-dime-agent-overload
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-01-23
Requested 2017-01-09
Draft last updated 2017-01-19
Completed reviews Opsdir Last Call review of -08 by Will LIU (diff)
Secdir Last Call review of -08 by Watson Ladd (diff)
Secdir Last Call review of -09 by Ólafur Guðmundsson (diff)
Genart Telechat review of -10 by Fernando Gont (diff)
Assignment Reviewer Watson Ladd
State Completed
Review review-ietf-dime-agent-overload-08-secdir-lc-ladd-2017-01-19
Reviewed rev. 08 (document currently at 11)
Review result Has Nits
Review completed: 2017-01-19

Review
review-ietf-dime-agent-overload-08-secdir-lc-ladd-2017-01-19

I have reviewed this as part of the SECDIR effort to review all
documents. I believe it is ready with nits.

I am concerned that this document doesn't adequately address the
consequences of malicious insertion of overload reports. While I am
not an expert on Diameter (and in particular what kinds of
authentication are used), merely noting that a malicious report can
have negative consequences is not enough. Mechanisms should be defined
to prevent this, such as authenticating all connections and ensuring
that reports only apply to the nodes that send them. The fact that
Diameter connections are authenticated may or may not be enough.

Sincerely,
Watson Ladd