Last Call Review of draft-ietf-pwe3-mpls-eth-oam-iwk-
review-ietf-pwe3-mpls-eth-oam-iwk-secdir-lc-hanna-2012-08-21-00

Request Review of draft-ietf-pwe3-mpls-eth-oam-iwk
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-08-20
Requested 2012-08-10
Other Reviews Genart Last Call review of -06 by David Black (diff)
Genart Telechat review of -07 by David Black (diff)
Review State Completed
Reviewer Steve Hanna
Review review-ietf-pwe3-mpls-eth-oam-iwk-secdir-lc-hanna-2012-08-21
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg03479.html
Review result Ready
Draft last updated 2012-08-21
Review completed: 2012-08-21

Review
review-ietf-pwe3-mpls-eth-oam-iwk-secdir-lc-hanna-2012-08-21

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes how underlying defects in individual circuits
or pseudowires should be mapped in order to provide emulated Ethernet
service. I know very little about this area but I have reviewed the
document and the primary references.

Apparently, pseudowires provide little security themselves although
supplemental security mechanisms may be used. In that context, this
document seems to add no new security concerns. If security measures
are not used, OAM messages can be fabricated, modified, or viewed in
transit but this is arguably no worse than the lack of protection
for all the other traffic flowing over pseudowires.

The Security Considerations section in this document mainly points to
the Security Considerations sections in several more fundamental
documents. Those sections clearly describe the threats inherent in
this design so I see no need for changes to this document.

Thanks,

Steve