答复: Secdir last call review of draft-ietf-pim-source-discovery-bsr-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stig,
Your feedback looks fine to me.

Thanks !

B.R.
Frank

-----邮件原件-----
发件人: Stig Venaas [mailto:stig@xxxxxxxxxx] 
发送时间: 2018年1月17日 1:51
收件人: Xialiang (Frank)
抄送: secdir@xxxxxxxx; draft-ietf-pim-source-discovery-bsr.all@xxxxxxxx; ietf@xxxxxxxx; pim@xxxxxxxx; The IESG
主题: Re: Secdir last call review of draft-ietf-pim-source-discovery-bsr-07

Thanks for great feedback!

I've tried to address all of your comments. I'm planning to add this paragraph to the security considerations.

PIM-SM link-local messages can be authenticated using IPsec, see [RFC7761] section 6.3 and [RFC5796]. Since PFM messages are link-local messages sent hop by hop, a link-local PFM message can be authenticated using IPsec such that a router can verify that a message was sent by a trusted neighbor and has not been modified. However, to verify that a received message contains correct information announced by the originator specified in the message, one will have to trust every router on the path from the originator and that each router has authenticated the received message.

Let me know if you have any comments on that paragraph.
Thanks,
Stig

On Sun, Jan 7, 2018 at 10:22 PM, Liang Xia <frank.xialiang@xxxxxxxxxx> wrote:
> Reviewer: Liang Xia
> Review result: Has Issues
>
> Nits:
> 1. In Abstract, the abbreviation is missed when the Term are firstly 
> appeared, such as: Sparse-Mode, Rendezvous Point; 2. Every word in the 
> section titles should be in the capital form
>
> Issues:
> 1. In Security Considerations section,  should one sentence be "even 
> if the sources are actually not active"? 2. Generally, the peer 
> authentication (by certificate, shared key...) and the message 
> integration protection are always helpful to defend against the forged 
> routers and PEM messages, even the resulted resource consumption. But 
> in current Security Considerations section, there is nothing discussed 
> about these countermeasures, even in the general way. Suggest to consider this point personally.
>




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]