Skip to main content

Last Call Review of draft-ietf-dime-ovli-08

Request Review of draft-ietf-dime-ovli
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-07-27
Requested 2015-07-16
Authors Jouni Korhonen , Steve Donovan , Ben Campbell , Lionel Morand
I-D last updated 2015-07-30
Completed reviews Genart Last Call review of -08 by Elwyn B. Davies (diff)
Genart Telechat review of -09 by Elwyn B. Davies (diff)
Secdir Last Call review of -08 by Paul E. Hoffman (diff)
Assignment Reviewer Paul E. Hoffman
State Completed
Request Last Call review on draft-ietf-dime-ovli by Security Area Directorate Assigned
Reviewed revision 08 (document currently at 10)
Result Ready
Completed 2015-07-30
Greetings again. This document, "Diameter Overload Indication 

Conveyance", is a way for a Diameter server in a cluster to tell other 

servers in the cluster "don't send so many requests to me". It is pretty 

complex and fiddly, but seems sensible. The security considerations are 

numerous, but fairly well covered in the extensive Security 

Considerations section.

Note that there is not much that can really be done here to address the 

biggest concern of spoofing. As the document says:

   Diameter does not include features to provide end-to-end
   authentication, integrity protection, or confidentiality.  This may
   cause complications when sending overload reports between non-
   adjacent nodes.

(Nice use of "may" there...) So, there isn't much that can be demanded 

of this document without some obvious controls. Still, the Security 

Considerations section covers the likely attacks and problems.

--Paul Hoffman