Thanks Richard. It is heartening that someone from another aspect of the community can read and understand the document. I will await instructions from the ADs as to whether some text on the degree of control a lying FE can exercise while misleading the CE (almost unlimited) is a helpful thing to add to the security considerations section. Again, thank you fro the effort and the comment, Joel Richard Barnes wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > This document describes an information model for describing forwarding > elements within the ForCES framework. In this model, forwarding > elements are constructed as a network of Logical Functional Blocks with > a well-defined interconnection topology. The document seems > functionally complete and consistent. > > The document defines an XML syntax for describing FE capabilities and > states. This structure (in some semanticaly equivalent encoding) will > be the basis for such descriptions within the ForCES protocol. Section > 7 makes clear that FE descriptions constructed according to this model > will be used to communicate FE topology information for several purposes. > > Given that attacks on this information while en route between ForCES > entities are dealt with in RFC 3746, what seems to me to be missing here > is a discussion of what risks an entity can introduce by > mis-constructing a model, i.e., by communicating false information > within the protocol. For example, could an FE prevent a CE from > controlling certain LFBs by omitting them from the topology it reports? > Some discussion of these risks would be helpful. > > Overall, however, I think this document adequately addresses relevant > security concerns. > > --Richard > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf