Skip to main content

Last Call Review of draft-ietf-pim-join-attributes-for-lisp-05
review-ietf-pim-join-attributes-for-lisp-05-secdir-lc-weis-2016-10-27-00

Request Review of draft-ietf-pim-join-attributes-for-lisp
Requested revision No specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-10-24
Requested 2016-10-14
Authors Jesus Arango , Stig Venaas , Isidor Kouvelas , Dino Farinacci
Draft last updated 2016-10-27
Completed reviews Genart Last Call review of -05 by Lucy Yong (diff)
Secdir Last Call review of -05 by Brian Weis (diff)
Assignment Reviewer Brian Weis
State Completed
Review review-ietf-pim-join-attributes-for-lisp-05-secdir-lc-weis-2016-10-27
Reviewed revision 05 (document currently at 06)
Result Ready
Completed 2016-10-27
review-ietf-pim-join-attributes-for-lisp-05-secdir-lc-weis-2016-10-27-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

I consider this draft to be Ready.

When a LISP-enabled site has a multicast source emitting messages to other
LISP-enabled sites, PIM is used to report that there are multicast receivers
within those LISP-enabled sites. These PIM messages are encapsulated with LISP
over the provider network (“RLOC address space”) to a LISP ITR at site
containing the multicast source. This Internet-Draft adds an attribute to PIM
that enables PIM at the LISP xTR in front of a multicast receiver to indicate
how it would like to receive the multicast data packets. It may indicate that
the LISP multicast data messages are to be sent as native multicast LISP
encapsulated packets (replicated in the provider network) or as unicast LISP
packets. When unicast packets are selected, another new attribute can indicate 
exactly which unicast receiver RLOC to which the multicast messages should be
addressed. Security considerations of the semantics for protecting the
multicast data packets are outside the scope of this document.

These new attributes are all delivered in PIM messages, which are sent
encapsulated in LISP, and if a user has chosen to protect the LISP traffic
across the provider network for confidentiality or privacy reasons, and/or
chosen to protect the PIM packets with an integrity method, then the new
attributes will also be protected. The information in the attributes related
only to delivery of the packets, and there are no particular privacy
considerations. The current Security Considerations section seems adequate.

Brian

--
Brian Weis
Security, CSG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew at cisco.com