Last Call Review of draft-ietf-l2vpn-pbb-evpn-09
review-ietf-l2vpn-pbb-evpn-09-secdir-lc-meadows-2015-01-22-00
Request | Review of | draft-ietf-l2vpn-pbb-evpn |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2015-01-26 | |
Requested | 2015-01-02 | |
Authors | Ali Sajassi , Samer Salam , Dr. Nabil N. Bitar , Aldrin Isaac , Wim Henderickx | |
I-D last updated | 2015-01-22 | |
Completed reviews |
Genart Last Call review of -09
by Christer Holmberg
(diff)
Secdir Last Call review of -09 by Catherine Meadows (diff) Opsdir Last Call review of -09 by Melinda Shore (diff) Rtgdir Early review of -09 by John Drake (diff) |
|
Assignment | Reviewer | Catherine Meadows |
State | Completed | |
Request | Last Call review on draft-ietf-l2vpn-pbb-evpn by Security Area Directorate Assigned | |
Reviewed revision | 09 (document currently at 10) | |
Result | Has issues | |
Completed | 2015-01-22 |
review-ietf-l2vpn-pbb-evpn-09-secdir-lc-meadows-2015-01-22-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft describes a method for integrating Ethernet Provider Backbone Bridge (PBB) with Ethernet VPN (EVPN) to improve the delivery of MAC addresses, in particular with respect to scalability. I don’t see any security concerns with this draft, but I do have some comments on the Security Considerations section. It is very short, and all it says that the security considerations in the EVPN draft apply directly to this draft. I assume that it is also the case that this draft introduces no new security considerations. If so, you should say so, and you should also say why. Also, I was wondering if the mechanisms introduced in this draft, by introducing a greater degree of organization in the delivery of MAC addresses, makes it easier to detect duplicated MACs, which were mentioned as a security risk in the Security Considerations of the EVPN draft. If this is the case, it would be a good thing to mention here. I’d consider the draft somewhere between ready with nits and ready with issues. I don’t see any real security issues here, just a Security Considerations section that needs to be expanded a little, but this seems to be a little more than what the secdir guidelines would call a nit. Cathy Meadows Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows at nrl.navy.mil