[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Evaluation: draft-ietf-ccamp-gmpls-sonet-sdh - Generalized Multiprotocol Label Switching Extensions for SONET and SDH Control to Proposed Standard
- To: "Steven M. Bellovin" <smb@research.att.com>
- Subject: RE: Evaluation: draft-ietf-ccamp-gmpls-sonet-sdh - Generalized Multiprotocol Label Switching Extensions for SONET and SDH Control to Proposed Standard
- From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
- Date: Thu, 6 Mar 2003 20:44:43 +0100
- Cc: Internet Engineering Steering Group <iesg@ietf.org>
So Steve to the Discuss and I would point him to where to look
to see if there are indeed security issues.
As far as I understand it:
- This document just defines a few extra RSVP-TE objects to be
send in RSVP protocol messages over the control channel
- It also defines a few extra CR-LDP TLVs to be send in CR-LDP
protocol messages over the control channel
- It defines how each end of the protocol exchange should compose
the objects/tlvs and how to deal with them.
- So these are GMPLS-for-SONET extensions to the base GMPLS
documents, specified in RFC3471 (functionality) RFC3472 (CR-LDPR)
and RFC3473 (RSVP_TE).
- Those original documents build on the original RSVP-TE and CR-LDP
So, they have
- in RFC3471 they point to RFC3212, RFC3209 for security
considerations.
- RFC3212 (CR-LDP) basically points back to LDP (RFC3036) for
security considerations, and that RFC3036 indeed has an
extensive security considerations section (in sect 5.
some 2.5 pages)
- RFC3209 does peak about some extra security considerations
for RSVP-TE which come on top of the base RSVP (RFC2205)
which has security (quite extensive) considerations in
sect 2.8.
- in RFC3472 they point back to base CR-LDP (RFC3212) for
security Considerations
- in RFC3473 they actually do somewhat better in that they do
go into details on how to run things in a secure way.
They also point back to RFC2747 for original RSVP
Cryptographic Authentication.
So I think they have it pretty well covered.
It is kind of tough though to find exactly all the security
considerations.
Steve... I suspect you may need a bit of time to check all this.
Thanks,
Bert
> -----Original Message-----
> From: Steven M. Bellovin [mailto:smb@research.att.com]
> Sent: zaterdag 1 maart 2003 3:27
> To: IESG Secretary
> Cc: Internet Engineering Steering Group
> Subject: Re: Evaluation: draft-ietf-ccamp-gmpls-sonet-sdh -
> Generalized
> Multiprotocol Label Switching Extensions for SONET and SDH Control to
> Proposed Standard
>
>
> In message <200302282111.QAA13490@ietf.org>, IESG Secretary writes:
> >
> >Last Call to expire on: 2003-2-24
> >
> > Please return the full line with your position.
> >
> > Yes No-Objection Discuss * Abstain
> >
> >
> >Harald Alvestrand [ ] [ ] [ ] [ ]
> >Scott Bradner [ ] [ ] [ ] [ ]
> >Randy Bush [ ] [ ] [ ] [ ]
> >Patrik Faltstrom [ ] [ ] [ ] [ ]
> >Bill Fenner [ ] [ ] [ ] [ ]
> >Ned Freed [ ] [ ] [ ] [ ]
> >Marcus Leech [ ] [ ] [ ] [ ]
> >Allison Mankin [ ] [ ] [ ] [ ]
> >Thomas Narten [ ] [ ] [ ] [ ]
> >Erik Nordmark [ ] [ ] [ ] [ ]
> >Jeff Schiller [ ] [ ] [ ] [ ]
> >Bert Wijnen [ X ] [ ] [ ] [ ]
> >Alex Zinin [ ] [ ] [ ] [ ]
> >
>
> Why is Marcus's name on this ballot? (I notice that the
> ballot on the
> Web site shows me.)
>
>
> --Steve Bellovin, http://www.research.att.com/~smb (me)
> http://www.wilyhacker.com (2nd edition of
> "Firewalls" book)
>
>