SECDIR review of draft-ietf-forces-model-14

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes an information model for describing forwarding
elements within the ForCES framework.  In this model, forwarding
elements are constructed as a network of Logical Functional Blocks with
a well-defined interconnection topology.  The document seems
functionally complete and consistent.

The document defines an XML syntax for describing FE capabilities and
states.  This structure (in some semanticaly equivalent encoding) will
be the basis for such descriptions within the ForCES protocol.  Section
7 makes clear that FE descriptions constructed according to this model
will be used to communicate FE topology information for several purposes.

Given that attacks on this information while en route between ForCES 
entities are dealt with in RFC 3746, what seems to me to be missing here 
is a discussion of what risks an entity can introduce by 
mis-constructing a model, i.e., by communicating false information 
within the protocol.  For example, could an FE prevent a CE from 
controlling certain LFBs by omitting them from the topology it reports? 
Some discussion of these risks would be helpful.

Overall, however, I think this document adequately addresses relevant
security concerns.

--Richard

_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]