Skip to main content

Last Call Review of draft-ietf-dime-agent-overload-08

Request Review of draft-ietf-dime-agent-overload
Requested revision No specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-01-23
Requested 2017-01-09
Authors Steve Donovan
I-D last updated 2017-01-19
Completed reviews Opsdir Last Call review of -08 by Will (Shucheng) LIU (diff)
Secdir Last Call review of -08 by Watson Ladd (diff)
Secdir Last Call review of -09 by Ólafur Guðmundsson (diff)
Genart Telechat review of -10 by Fernando Gont (diff)
Assignment Reviewer Watson Ladd
State Completed
Request Last Call review on draft-ietf-dime-agent-overload by Security Area Directorate Assigned
Reviewed revision 08 (document currently at 11)
Result Has nits
Completed 2017-01-19
I have reviewed this as part of the SECDIR effort to review all
documents. I believe it is ready with nits.

I am concerned that this document doesn't adequately address the
consequences of malicious insertion of overload reports. While I am
not an expert on Diameter (and in particular what kinds of
authentication are used), merely noting that a malicious report can
have negative consequences is not enough. Mechanisms should be defined
to prevent this, such as authenticating all connections and ensuring
that reports only apply to the nodes that send them. The fact that
Diameter connections are authenticated may or may not be enough.

Watson Ladd