Last Call Review of draft-ietf-pim-join-attributes-for-lisp-05
review-ietf-pim-join-attributes-for-lisp-05-secdir-lc-weis-2016-10-27-00

Request Review of draft-ietf-pim-join-attributes-for-lisp
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-10-24
Requested 2016-10-14
Authors Jesus Arango, Stig Venaas, Isidor Kouvelas, Dino Farinacci
Draft last updated 2016-10-27
Completed reviews Genart Last Call review of -05 by Lucy Yong (diff)
Secdir Last Call review of -05 by Brian Weis (diff)
Assignment Reviewer Brian Weis
State Completed
Review review-ietf-pim-join-attributes-for-lisp-05-secdir-lc-weis-2016-10-27
Reviewed rev. 05 (document currently at 06)
Review result Ready
Review completed: 2016-10-27

Review
review-ietf-pim-join-attributes-for-lisp-05-secdir-lc-weis-2016-10-27

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

I consider this draft to be Ready.

When a LISP-enabled site has a multicast source emitting messages to other LISP-enabled sites, PIM is used to report that there are multicast receivers within those LISP-enabled sites. These PIM messages are encapsulated with LISP over the provider network (“RLOC address space”) to a LISP ITR at site containing the multicast source. This Internet-Draft adds an attribute to PIM that enables PIM at the LISP xTR in front of a multicast receiver to indicate how it would like to receive the multicast data packets. It may indicate that the LISP multicast data messages are to be sent as native multicast LISP encapsulated packets (replicated in the provider network) or as unicast LISP packets. When unicast packets are selected, another new attribute can indicate  exactly which unicast receiver RLOC to which the multicast messages should be addressed. Security considerations of the semantics for protecting the multicast data packets are outside the scope of this document.

These new attributes are all delivered in PIM messages, which are sent encapsulated in LISP, and if a user has chosen to protect the LISP traffic across the provider network for confidentiality or privacy reasons, and/or chosen to protect the PIM packets with an integrity method, then the new attributes will also be protected. The information in the attributes related only to delivery of the packets, and there are no particular privacy considerations. The current Security Considerations section seems adequate.

Brian

-- 
Brian Weis
Security, CSG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew at cisco.com