draft-ietf-ccamp-gmpls-architecture

[Steve Bellovin <smb@research.att.com>]

        Please return the full line with your position.

                    Yes    No-Objection  Discuss *  Abstain  


Steve Bellovin      [   ]     [   ]       [ x ]      [   ] 


Nit:  section 4 says

   Re-using existing IP routing protocols allows for non-PSC layers to
   take advantages of all the valuable developments that took place
   since years for IP routing,

which isn't grammatically correct.

The Security Considerations section hints at, but doesn't follow
through with, the difference between authentication and authorization.
The requirement for cryptographic authentication or encryption
depends on the risk of attackers being able to inject and/or snoop
on traffic.  This may or may not be correlated with intra-domain vs.
inter-domain GMPLS.  The physical characteristics and exposure of the
link matter more; there may be additional exposure since it appears that
the control plane link may be more than one hop long.

The authorization question is what resources a given node may request
of another.  This may indeed be differ for inter-domain and intra-domain
GMPLS.  On the other hand, imposing such limits even internally helps
guard against spreading break-ins, and has useful effects with regard
to configuration errors.

The more important question raised by this latter point is whether or
not a security architecture is needed that specifies what sorts of
restrictions can be applied.  I don't know the answer to that one; clearly,
though, implementors are going to have to decide.