Skip to main content

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP)
RFC 5713

Yes

(Ralph Droms)

No Objection

Lars Eggert
(Adrian Farrel)
(Cullen Jennings)
(Dan Romascanu)
(Robert Sparks)
(Ron Bonica)

Note: This ballot was opened for revision 08 and is now closed.

Lars Eggert No Objection

(Ralph Droms; former steering group member) Yes

Yes ()

                            

(Adrian Farrel; former steering group member) No Objection

No Objection ()

                            

(Cullen Jennings; former steering group member) No Objection

No Objection ()

                            

(Dan Romascanu; former steering group member) (was Discuss) No Objection

No Objection ()

                            

(Robert Sparks; former steering group member) No Objection

No Objection ()

                            

(Ron Bonica; former steering group member) No Objection

No Objection ()

                            

(Tim Polk; former steering group member) No Objection

No Objection (2009-07-02)
In section 3, first paragraph after the list of components:

   The threat model and the security requirments in this draft consider this
   later case.

s/later/latter/

In section 4, the document identifies three classes of attacks, but bullet three seems to identify two overlapping classes:

   o  attacks to gain profit for the attacker (e.g., by modifying the
      QoS settings).  Also, through replaying old packets, of another
      privileged client for instance, an attacker can attempt to
      configure a better QoS profile on its own DSL line increasing its
      own benefit.

This is fine if there are no attacks that gain profit which do not involve modifying the
QoS settings.  Are the authors confident that there are 3 rather than 4 classes?