Skip to main content

Last Call Review of draft-ietf-dime-e2e-sec-req-04
review-ietf-dime-e2e-sec-req-04-opsdir-lc-wu-2016-05-16-00

Request Review of draft-ietf-dime-e2e-sec-req
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2016-05-31
Requested 2016-04-28
Authors Hannes Tschofenig , Jouni Korhonen , Glen Zorn , Kervin Pillay
I-D last updated 2016-05-16
Completed reviews Genart Last Call review of -04 by Christer Holmberg (diff)
Secdir Last Call review of -04 by Radia Perlman (diff)
Opsdir Last Call review of -04 by Qin Wu (diff)
Assignment Reviewer Qin Wu
State Completed
Request Last Call review on draft-ietf-dime-e2e-sec-req by Ops Directorate Assigned
Reviewed revision 04 (document currently at 05)
Result Has nits
Completed 2016-05-16
review-ietf-dime-e2e-sec-req-04-opsdir-lc-wu-2016-05-16-00

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational
 aspects of the IETF drafts. Comments that are not addressed in last call may
 be included in AD reviews during the IESG review.  Document editors and WG
 chairs should treat these comments just like any other last call comments.



This document discusses requirements for providing end to end security to
protect Attribute-Value Pairs between non-neighboring Diameter nodes and I
think it is almost ready for publication.
 But I have a few editorial comments as follows:

1.



Section 3, 1

st

 paragraph:

AAA broker is usually referred to intermediate node that support AAA
functionality, I am not sure one network can be labeled as AAA broker. Change
AAA broker into AAA broker network?

2.



Section 3, 1

st

 bullet on eavesdropping

In 1

st

 bullet, it mentions AAA broker network. It will be nice to give a definition
 of AAA broker and AAA broker network in the terminology section.

3.



Section 3, 2

nd

 bullet on Injection and Manipulation

s/and inject/manipulate/to inject or manipulate

4.



Section 4, the 2

nd

 ,3

rd

, 4

th

 scenarios

How do you prevent man in middle attack by introducing Diameter proxy? How
Diameter Proxy establish trust relationship with either Diameter client or
Diameter Server? Is there security requirements for this?

5.



Section 4, last paragraph

It looks these paragraph discusses security consideration and should be moved
to section 6.

6.



Section 5, requirement 4

Is there any authorization approval before delegate security functionality to
another entity?





-Qin Wu