Last Call Review of draft-ietf-dime-group-signaling-13
review-ietf-dime-group-signaling-13-secdir-lc-meadows-2021-01-26-00
Request | Review of | draft-ietf-dime-group-signaling |
---|---|---|
Requested revision | No specific revision (document currently at 14) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2021-01-25 | |
Requested | 2021-01-11 | |
Authors | Mark Jones , Marco Liebsch , Lionel Morand | |
I-D last updated | 2021-01-26 | |
Completed reviews |
Secdir Last Call review of -13
by Catherine Meadows
(diff)
|
|
Assignment | Reviewer | Catherine Meadows |
State | Completed | |
Request | Last Call review on draft-ietf-dime-group-signaling by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/aq4UPJISw8-JYHJtrE1Ed-nDmsQ | |
Reviewed revision | 13 (document currently at 14) | |
Result | Ready | |
Completed | 2021-01-26 |
review-ietf-dime-group-signaling-13-secdir-lc-meadows-2021-01-26-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft presents the commands a Diameter node could use to communicate with multiple sessions of the Diameter simultaneously. The Security Considerations section mentions two issues. One is that the use of bulk commands introduces increases the ease of implementing certain types of DoS attacks because a single command, e.g. to terminate a session, could affect multiple sessions instead of just one. The other is that current security mechanisms employed by Diameter do not enforce end-to-end security, and so make it difficult to trust information received from non-adjacent nodes. Work is ongoing on end-to-end security for Diameter, so it is premature to address end-to-end security in this document, which instead relies on available security mechanisms. I think this is a reasonable summary of the security considerations. Since end-to-end security for Diameter is a work in progress, it would be premature to attempt to address it in this document. I consider this document Ready.