Last Call Review of draft-ietf-nsis-ext-
review-ietf-nsis-ext-secdir-lc-emery-2010-04-01-00
| Request | Review of | draft-ietf-nsis-ext |
|---|---|---|
| Requested rev. | no specific revision (document currently at 07) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2010-03-31 | |
| Requested | 2010-03-12 | |
| Authors | Roland Bless, Elwyn Davies, John Loughney, Jukka Manner | |
| Draft last updated | 2010-04-01 | |
| Completed reviews |
Secdir Last Call review of -?? by Shawn Emery
Secdir Telechat review of -?? by Shawn Emery |
|
| Assignment | Reviewer | Shawn Emery |
| State | Completed | |
| Review | review-ietf-nsis-ext-secdir-lc-emery-2010-04-01 | |
| Review completed: | 2010-04-01 |
Review
review-ietf-nsis-ext-secdir-lc-emery-2010-04-01
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft describes is an informational document that provides an overview of the Next Steps in Signaling (NSIS) set of protocols, how to deploy said protocols, and how to extend the set of NSIS protocols. The security considerations section does exist and gives guidance for any extensions to the NSIS protocol set. It then talks about using authentication, integrity checks, and authorization for any NSIS supported routers. The section continues guidance for extensions by making sure they leverage NSIS' lower layer transport authentication and that any new transport protocols created support NSIS' low layer authentication and integrity check capabilities. I think this section should include a reference to RFC 4081 for the possible attack scenarios for NSIS when considering an extension to the NSIS protocol set. General comments: None. Editorial comments: 3. The General Internet Signaling Transport s/in future/in the future/ 8. Extending the Protocols s/identified in future/identified in the future/ -- Shawn.