Last Call Review of draft-ietf-pwe3-mpls-eth-oam-iwk-
review-ietf-pwe3-mpls-eth-oam-iwk-secdir-lc-hanna-2012-08-21-00
Request | Review of | draft-ietf-pwe3-mpls-eth-oam-iwk |
---|---|---|
Requested revision | No specific revision (document currently at 08) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2012-08-20 | |
Requested | 2012-08-10 | |
Authors | Dinesh Mohan , Dr. Nabil N. Bitar , Ali Sajassi , Simon DeLord , Philippe Niger , Ray (Lei) Qiu | |
I-D last updated | 2012-08-21 | |
Completed reviews |
Genart Last Call review of -06
by David L. Black
(diff)
Genart Telechat review of -07 by David L. Black (diff) Secdir Last Call review of -?? by Steve Hanna |
|
Assignment | Reviewer | Steve Hanna |
State | Completed | |
Request | Last Call review on draft-ietf-pwe3-mpls-eth-oam-iwk by Security Area Directorate Assigned | |
Result | Ready | |
Completed | 2012-08-21 |
review-ietf-pwe3-mpls-eth-oam-iwk-secdir-lc-hanna-2012-08-21-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes how underlying defects in individual circuits or pseudowires should be mapped in order to provide emulated Ethernet service. I know very little about this area but I have reviewed the document and the primary references. Apparently, pseudowires provide little security themselves although supplemental security mechanisms may be used. In that context, this document seems to add no new security concerns. If security measures are not used, OAM messages can be fabricated, modified, or viewed in transit but this is arguably no worse than the lack of protection for all the other traffic flowing over pseudowires. The Security Considerations section in this document mainly points to the Security Considerations sections in several more fundamental documents. Those sections clearly describe the threats inherent in this design so I see no need for changes to this document. Thanks, Steve