The IESG has approved following document:
- 'IP over Optical Networks: A Framework '
<draft-ietf-ipo-framework-05.txt> as an Informational RFC
This document is the product of the IP over Optical Working Group.
The IESG contact persons are Alex Zinin and Bert Wijnen.
RFC Editor Note
Section 9.1 "General security aspects"
OLD:
Communication protocols usually require two main security
mechanisms: authentication and confidentiality. Authentication
mechanisms ensure data origin verification and message integrity so
that intrusions and unauthorized operations can be detected and
mitigated. For example, with reference to Figure 1, message
authentication can prevent a malicious IP client from mounting a
denial of service attack against the optical network by invoking an
excessive number of connection creation requests across the UNI
interface.
NEW:
Communication protocols usually require two main security
mechanisms: authentication and confidentiality. Authentication
mechanisms ensure data origin verification and message integrity so
that intrusions and unauthorized operations can be detected and
mitigated. For example, with reference to Figure 1, message
authentication can prevent a malicious IP client from mounting a
denial of service attack against the optical network by invoking an
excessive number of connection creation requests across the UNI
interface. Another important security consideration is the need
to reject replayed control packets. This capability can assist in
countering some forms of denial of service attacks. Replay protection
provides a form of partial sequence integrity, and can be implemented
in conjunction with an authentication mechanism.
