Last Call Review of draft-ietf-nsis-ext-
review-ietf-nsis-ext-secdir-lc-emery-2010-04-01-00

Request Review of draft-ietf-nsis-ext
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-03-31
Requested 2010-03-12
Other Reviews Secdir Telechat review of - by Shawn Emery (diff)
Review State Completed
Reviewer Shawn Emery
Review review-ietf-nsis-ext-secdir-lc-emery-2010-04-01
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg01564.html
Draft last updated 2010-04-01
Review completed: 2010-04-01

Review
review-ietf-nsis-ext-secdir-lc-emery-2010-04-01

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.



This draft describes is an informational document that provides an 


overview of the Next Steps in Signaling (NSIS) set of protocols, how to 


deploy said protocols, and how to extend the set of NSIS protocols.






The security considerations section does exist and gives guidance for 


any extensions to the NSIS protocol set.  It then talks about using 


authentication, integrity checks, and authorization for any NSIS 


supported routers.






The section continues guidance for extensions by making sure they 


leverage NSIS' lower layer transport authentication and that any new 


transport protocols created support NSIS' low layer authentication and 


integrity check capabilities.






I think this section should include a reference to RFC 4081 for the 


possible attack scenarios for NSIS when considering an extension to the 


NSIS protocol set.




General comments:

None.

Editorial comments:

3. The General Internet Signaling Transport

s/in future/in the future/


8. Extending the Protocols

s/identified in future/identified in the future/

--
Shawn.