Last Call Review of draft-ietf-nsis-ext-
review-ietf-nsis-ext-secdir-lc-emery-2010-04-01-00
Review
review-ietf-nsis-ext-secdir-lc-emery-2010-04-01
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This draft describes is an informational document that provides an
overview of the Next Steps in Signaling (NSIS) set of protocols, how to
deploy said protocols, and how to extend the set of NSIS protocols.
The security considerations section does exist and gives guidance for
any extensions to the NSIS protocol set. It then talks about using
authentication, integrity checks, and authorization for any NSIS
supported routers.
The section continues guidance for extensions by making sure they
leverage NSIS' lower layer transport authentication and that any new
transport protocols created support NSIS' low layer authentication and
integrity check capabilities.
I think this section should include a reference to RFC 4081 for the
possible attack scenarios for NSIS when considering an extension to the
NSIS protocol set.
General comments:
None.
Editorial comments:
3. The General Internet Signaling Transport
s/in future/in the future/
8. Extending the Protocols
s/identified in future/identified in the future/
--
Shawn.