Last Call Review of draft-ietf-pwe3-ms-pw-arch-
review-ietf-pwe3-ms-pw-arch-secdir-lc-yu-2009-06-22-00

Request Review of draft-ietf-pwe3-ms-pw-arch
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-06-30
Requested 2009-06-05
Other Reviews
Review State Completed
Reviewer Taylor Yu
Review review-ietf-pwe3-ms-pw-arch-secdir-lc-yu-2009-06-22
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg00728.html
Draft last updated 2009-06-22
Review completed: 2009-06-22

Review
review-ietf-pwe3-ms-pw-arch-secdir-lc-yu-2009-06-22

Security-related comments:

My observations on the security-related content of this document focus
on the ambiguity of the text in a few places.  I suspect that details
resolving those ambiguities are available elsewhere, which would make
the ambiguity only a minor problem, but I believe that this document
should contain at least a summary of those details or a citation to
where the reader can find those details.

In the Section 13, "Security Considerations", the sentence "However,
S-PEs represent a point in the network where the PW label is exposed
to additional processing." needs clear elaboration.  The PW label is
not mentioned again in that section.  What are the risks associated
with this additional processing?  Is a breach of the integrity or
confidentiality of the pseudowire (PW) label a threat?  Or is the
issue that a PW Switching Provider Edge (S-PE) may misdirect or
otherwise tamper with a PW segment due to malice, malfunction, or
misconfiguration?

As in RFC 5254 (referenced in this document), the word "trust" appears
in multiple places in the Security Considerations sections without
adequate specification, in my opinion.  There may be additional
disambiguating context for the uses of the word "trust" in RFC 5254
and this document that I am not familiar with.  The most reasonable
interpretation that I can attach to words such as "trust" and
"eligible" in the Security Considerations of these documents is that
they refer to the policy of the operator of some network participating
in the pseudowire.  Ambiguity remains concerning the specific entity
whose policy applies in any given instance of those words, but I
expect that I would find it more clear once I had more context.

Editorial comments:

The references section does not distinguish between normative and
informative references.  By the context of their citations, I infer
that all of the cited references are normative.  If this is true, the
subsection (or section) heading should reflect this fact.

Section 11, "Congestion Considerations", includes an editor's note to
reference draft-ietf-pwe3-congestion-frmwk-01.txt, which has expired.

Trailing whitespace occurs on many lines of this document.  While
cosmetic in nature, it did complicate copying and pasting from this
document.