Last Call Review of draft-ietf-nsis-ext-

Request Review of draft-ietf-nsis-ext
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-03-31
Requested 2010-03-12
Authors Roland Bless, Elwyn Davies, John Loughney, Jukka Manner
Draft last updated 2010-04-01
Completed reviews Secdir Last Call review of -?? by Shawn Emery
Secdir Telechat review of -?? by Shawn Emery
Assignment Reviewer Shawn Emery 
State Completed
Review review-ietf-nsis-ext-secdir-lc-emery-2010-04-01
Review completed: 2010-04-01


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft describes is an informational document that provides an 

overview of the Next Steps in Signaling (NSIS) set of protocols, how to 

deploy said protocols, and how to extend the set of NSIS protocols.

The security considerations section does exist and gives guidance for 

any extensions to the NSIS protocol set.  It then talks about using 

authentication, integrity checks, and authorization for any NSIS 

supported routers.

The section continues guidance for extensions by making sure they 

leverage NSIS' lower layer transport authentication and that any new 

transport protocols created support NSIS' low layer authentication and 

integrity check capabilities.

I think this section should include a reference to RFC 4081 for the 

possible attack scenarios for NSIS when considering an extension to the 

NSIS protocol set.

General comments:


Editorial comments:

3. The General Internet Signaling Transport

s/in future/in the future/

8. Extending the Protocols

s/identified in future/identified in the future/