"Security Considerations" for draft-ietf-tewg-diff-te-reqts-07.txt

["Francois Le Faucheur (flefauch)" <flefauch@cisco.com>]

Hello,

We are doing the final edits in order to issue reqts-07. But before
issueing it, I would like to close-off the final wording for the updated
"Security Considerations" section.

Here is what I anm proposing to incorporate:

"
The solution developed to address the DS-TE requirements defined in this
document MUST address security aspects. DS-TE does not raise any
specific additional security requirements beyond the existing security
requirements of MPLS TE and Diff-Serv. The solution MUST ensure that the
existing security mechanisms (including those protecting against DOS
attacks) of MPLS TE and Diff-Serv are not compromised by the
protocol/procedure extensions of the DS-TE solution or otherwise MUST
provide security mechanisms to address this.
"

This is attempting to address both the concerns from Bert and those from
David on DOS attacks (see excerpts below).

Please let us know promptly if you still see any issue with this
wording.
Thanks

Francois


===============================================

>> > "
>> > The solution developed to address the requirements defined in this
>> > document must address security aspects. DS-TE does not raise any
>> > specific additional security requirements beyond the 
>> existing security
>> > requirements of MPLS TE and Diff-Serv. The solution must 
>> > ensure that the
>> > existing security mechanisms of MPLS TE and Diff-Serv are not
>> > compromised by the solution protocol/procedure extensions 
>> or otherwise
>> > must provide security mechanisms to address this. 
>> > "
>> > 
>> That sounds much better to me. 
>> 

============================================================

>> If nothing else, then at least list the fact that
>> any protocols that get developed need to pay specific attention to
>> ensure that DoS attackes are prevented as much as possible.