[Last-Call] Secdir telechat review of draft-ietf-alto-path-vector-22

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Samuel Weiler
Review result: Not Ready

The security considerations text in this document has changed markedly - and
multiple times - from when I reviewed it at version -19.  I'm flagging this as
"Not Ready" mostly because I think it deserves another set of eyes (e.g. the
ADs').

An intermediate version (-20) required the use of Digital Right Management
(DRM).  In -22, that's toned down to a recommendation.  What other non-DRM
technical solutions might help?

It feels weird to have the the server being instructed do out-of-band things,
e.g.:

           The ALTO server MUST carefully verify that the deployment
           scenario satisfies the security assumptions of these methods before
           applying them to protect Path Vector services with sensitive network
           information.

This sounds like a requirement for the operator of the server, which the server
is in no position to enforce - and we're providing no technical measure for
enforcing.


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux