Last Call Review of draft-ietf-dime-ovli-08
review-ietf-dime-ovli-08-secdir-lc-hoffman-2015-07-30-00
| Request | Review of | draft-ietf-dime-ovli |
|---|---|---|
| Requested revision | No specific revision (document currently at 10) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2015-07-27 | |
| Requested | 2015-07-16 | |
| Authors | Jouni Korhonen , Steve Donovan , Ben Campbell , Lionel Morand | |
| I-D last updated | 2015-07-30 | |
| Completed reviews |
Genart Last Call review of -08
by Elwyn B. Davies
(diff)
Genart Telechat review of -09 by Elwyn B. Davies (diff) Secdir Last Call review of -08 by Paul E. Hoffman (diff) |
|
| Assignment | Reviewer | Paul E. Hoffman |
| State | Completed | |
| Request | Last Call review on draft-ietf-dime-ovli by Security Area Directorate Assigned | |
| Reviewed revision | 08 (document currently at 10) | |
| Result | Ready | |
| Completed | 2015-07-30 |
review-ietf-dime-ovli-08-secdir-lc-hoffman-2015-07-30-00
Greetings again. This document, "Diameter Overload Indication Conveyance", is a way for a Diameter server in a cluster to tell other servers in the cluster "don't send so many requests to me". It is pretty complex and fiddly, but seems sensible. The security considerations are numerous, but fairly well covered in the extensive Security Considerations section. Note that there is not much that can really be done here to address the biggest concern of spoofing. As the document says: Diameter does not include features to provide end-to-end authentication, integrity protection, or confidentiality. This may cause complications when sending overload reports between non- adjacent nodes. (Nice use of "may" there...) So, there isn't much that can be demanded of this document without some obvious controls. Still, the Security Considerations section covers the likely attacks and problems. --Paul Hoffman