[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-ips-fcip-slp - Finding FCIP Entities Using SLPv2
In message <200307042242.SAA11327@ietf.org>, IESG Secretary writes:
>
>Last Call to expire on: 2003-07-03
>
> Please return the full line with your position.
>
> Yes No-Objection Discuss Abstain
>Steve Bellovin [ ] [ ] [ X ] [ ]
Figure 1 is very confusing -- the second machine has its stack on the
top.
The security considerations section is inadequate. There is no
mandatory-to-implement security mechanism; both SLPv2 authentication
and IPsec are listed as optional. At least one MUST be mandatory.
The draft speaks of distributing security policies; it doesn't say
anything about what security policies, or where these come from, or why
they must be confidential. Nor is there any discussion of what it
means for security policy distribution to be "supported".
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)