Last Call Review of draft-ietf-opsec-protect-control-plane-
review-ietf-opsec-protect-control-plane-secdir-lc-zorn-2010-12-16-00
| Request | Review of | draft-ietf-opsec-protect-control-plane |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2010-12-14 | |
| Requested | 2010-11-22 | |
| Authors | Dave Dugal , Carlos Pignataro , Rodney Dunn | |
| I-D last updated | 2010-12-16 | |
| Completed reviews |
Secdir Last Call review of -??
by Glen Zorn
|
|
| Assignment | Reviewer | Glen Zorn |
| State | Completed | |
| Request | Last Call review on draft-ietf-opsec-protect-control-plane by Security Area Directorate Assigned | |
| Completed | 2010-12-16 |
review-ietf-opsec-protect-control-plane-secdir-lc-zorn-2010-12-16-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
Section 3.1 says:
o Permit RADIUS authentication and accounting replies from RADIUS
servers 198.51.100.9, 198.51.100.10, 2001:DB8:100::9, and 2001:
DB8:100::10 that are listening on UDP ports 1645 and 1646. Note
that this doesn't account for a server using Internet Assigned
Numbers Authority (IANA) ports 1812 and 1813 for RADIUS.
So, in other words, RADIUS traffic on the ports (officially assigned for
more than ten years now) will be blocked. This seems like a very poor
example.