Last Call Review of draft-ietf-teas-5g-ns-ip-mpls-15
review-ietf-teas-5g-ns-ip-mpls-15-secdir-lc-salowey-2025-01-29-00
review-ietf-teas-5g-ns-ip-mpls-15-secdir-lc-salowey-2025-01-29-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is ready, but could possibly be improved. The document does have security considerations that highlight some of the areas in the architecture where security controls can be applied. It leaves most of the details of the these controls to other documents, which seems appropriate. As someone not intimately familiar with slices I found it little hard to determine if other should be considered in other sections of the document to help enforce the desired isolation. It would be helpful to understand what security guarantees the isolation is expected to provide and what deployment parameters and choices affect those guarantees. It could be that the list in the security considerations section is complete, but it seemed a bit short. For example it mentions NSC authentication in security considerations as out of scope, an this is the only mention of the NSC authentication. As a somewhat naive reader I'm not sure where this control would be applied and how it affects the architecture, this may be discussed in other documents but after a brief investigation this wasn't clear. The authors should consider if the document should list additional places where security controls can be applied to reach isolation goals.