Telechat Review of draft-ietf-tsvwg-rsvp-security-groupkeying-
|Requested revision||No specific revision (document currently at 11)|
|Team||Security Area Directorate (secdir)|
|Authors||Michael H. Behringer , Brian Weis , François Le Faucheur|
|I-D last updated||2011-08-14|
Secdir Early review of -??
by Stephen Kent
Secdir Telechat review of -?? by Stephen Kent
Title: draft-ietf-tsvwg-rsvp-security-groupkeying-10.txt This is a quick re-check. I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document (draft-ietf-tsvwg-rsvp-security-groupkeying-10.txt) compares group keying vs. per-neighbor or per-interface keying options for RSVP. It also examines the applicability of various protocol security mechanisms (e.g., IPsec and the RSVP INTEGRITY object) in different "trust" contexts, and for different RSVP message types. This is a very well-written document. The Security Consideration section is but one sentence, because the whole document is an analysis of security issues associated with key management and protocol options for RSVP security. I wish more documents were of this quality!