Last Call Review of draft-ietf-mpls-tp-security-framework-07
review-ietf-mpls-tp-security-framework-07-secdir-lc-weis-2013-02-21-00
Request | Review of | draft-ietf-mpls-tp-security-framework |
---|---|---|
Requested revision | No specific revision (document currently at 09) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2013-02-19 | |
Requested | 2013-01-25 | |
Authors | Luyuan Fang , Ben Niven-Jenkins , Scott Mansfield , Richard F. Graveman | |
I-D last updated | 2013-02-21 | |
Completed reviews |
Genart Last Call review of -07
by Dan Romascanu
(diff)
Genart Telechat review of -08 by Dan Romascanu (diff) Secdir Last Call review of -07 by Brian Weis (diff) |
|
Assignment | Reviewer | Brian Weis |
State | Completed | |
Request | Last Call review on draft-ietf-mpls-tp-security-framework by Security Area Directorate Assigned | |
Reviewed revision | 07 (document currently at 09) | |
Result | Ready | |
Completed | 2013-02-21 |
review-ietf-mpls-tp-security-framework-07-secdir-lc-weis-2013-02-21-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document provides a security framework for Multiprotocol Label Switching Transport Profile (MPLS-TP). It is based upon RFC 5920 ("MPLS and GMPLS security framework"), but particularly addresses MPLS-TP extensions. It starts with a good background on the security reference models, highlighting "trusted zones" and "untrusted zones" of various network architectures. It then outlines threats in an MPLS network that are either particularly important to MPLS-TP. The primary mitigation for threats to the infrastructure is to use some form of packet authentication, and this is well covered. It also stresses threats and mitigations to using a network management system used to provision MPLS-TP network elements. Draft -08 is much improved over -07, and I believe is ready to publish. Brian