Last Call Review of draft-ietf-ccamp-gmpls-ethernet-arch-
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
Section 9, Security Considerations.
"The architecture for GMPLS controlled "transport" Ethernet assumes
that the network consists of trusted devices" I believe what is
meant is "The architecture for GMPLS controlled "transport" Ethernet
assumes that the GMPLS core network consists of trusted devices".
This is fairly vague, and it would be useful to use the terms from
draft-ietf-mpls-mpls-and-gmpls-security-framework-07, and say
something like "A GMPLS controlled "transport" Ethernet system should
assume that users and devices attached to UNIs may behave maliciously,
negligently, or incorrectly. Providers are trusted to not be
The document refers the reader to draft-ietf-mpls-mpls-and-gmpls-
security-framework-07 for most security considerations, which is a
fair thing to do.
encryption, so I suggest adding a reference to IEEE 802.1AE Media
Access Control (MAC) Security, like this: "Cryptography can be used to
protect against many attacks described in [draft-ietf-mpls-mpls-and-
gmpls-security-framework-07]. One option for protecting "transport"
Ethernet is the use of 802.1AE Media Access Control Security, which
provides encryption and authentication."
Nit: Section 1. "SONET/SDH TDM" needs a comma