[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-ips-fcip-slp - Finding FCIP Entities Using SLPv2

To: IESG Scretary <iesg-secretary@ietf.org>
Subject: Re: Evaluation: draft-ietf-ips-fcip-slp - Finding FCIP Entities Using SLPv2
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 09 Jul 2003 21:06:33 -0400
Cc: Internet Engineering Steering Group <iesg@ietf.org>

In message <200307042242.SAA11327@ietf.org>, IESG Secretary writes:
>
>Last Call to expire on: 2003-07-03
>
>        Please return the full line with your position.
>
>                      Yes  No-Objection  Discuss  Abstain
>Steve Bellovin       [   ]     [   ]     [ X ]     [   ]

Figure 1 is very confusing -- the second machine has its stack on the 
top.  

The security considerations section is inadequate.  There is no 
mandatory-to-implement security mechanism; both SLPv2 authentication 
and IPsec are listed as optional.  At least one MUST be mandatory.
The draft speaks of distributing security policies; it doesn't say 
anything about what security policies, or where these come from, or why 
they must be confidential.  Nor is there any discussion of what it 
means for security policy distribution to be "supported".

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Prev by Date: draft-siemborski-mupdate-04.txt
Next by Date: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
Previous by thread: draft-siemborski-mupdate-04.txt
Next by thread: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
Index(es):
- Date
- Thread