[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments: draft-ietf-forces-framework-08

To: iesg-secretary@ietf.org, iesg@ietf.org
Subject: Comments: draft-ietf-forces-framework-08
From: Russ Housley <housley@vigilsec.com>
Date: Wed, 20 Aug 2003 16:11:20 -0400

As a matter of taste, I would like to see the usual RFC 2119 text inside
Section 1, which is all about definitions.

In section 4.2.2, the document says that a security protocol will be used for
authentication. Clearly, an authorization decision needs to be made following
successful authentication. Section 4.3 needs to discuss authorization as
well.

Section 4.2.2 contains a forward reference to section 9. I suspect that this
should be a reference to section 7.

In section 4.2.5, there is no discussion of security. Given the authentication
(and needed authorization) discussion in section 4.2.2, it seems that authentication
and authorization need to be discussed in the context of the proxy.

Section 7.1.2 needs to include authorization too.

In section 7.2, the phrase "inside a box" should be expanded to include a
physically secure room.

In the 2nd paragraph of section 7.2.3 please change "Ipsec's" to "IPsec's"

Section 7.2 suggests the use of IPsec or TLS for security between the ForCES
components. It seems that there are advantages to using a layer 2 security
protocol. In particular, a protocol like SDE (IEEE 802.10b) would limit
participation to components attached directly to the LAN segment.

Follow-Ups:
- Re: Comments: draft-ietf-forces-framework-08
  - From: Alex Zinin <zinin@psg.com>

Prev by Date: Re: last call comments to draft-ietf-ipsec-ciph-aes-ccm-04.txt
Next by Date: evaluation: draft-ietf-dnsext-dnssec-2535typecode-change-04.txt
Previous by thread: Revised Schedule for IESG Teleconferences
Next by thread: Re: Comments: draft-ietf-forces-framework-08
Index(es):
- Date
- Thread