Last Call Review of draft-ietf-alto-reqs-
review-ietf-alto-reqs-secdir-lc-hoffman-2012-01-23-00

Request Review of draft-ietf-alto-reqs
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-01-12
Requested 2011-12-29
Authors Sebastian Kiesel, Stefano Previdi, Martin Stiemerling, Richard Woundy, Y. Yang
Draft last updated 2012-01-23
Completed reviews Secdir Last Call review of -?? by Paul Hoffman
Assignment Reviewer Paul Hoffman
State Completed
Review review-ietf-alto-reqs-secdir-lc-hoffman-2012-01-23
Review completed: 2012-01-23

Review
review-ietf-alto-reqs-secdir-lc-hoffman-2012-01-23

Greetings again. This is a security review of draft-ietf-alto-reqs, "Application-Layer Traffic Optimization (ALTO) Requirements". An ALTO protocol would allow optimization of network resources when information is in multiple places; a client can ask a server where to get the information, and the server can give hopefully-intelligent answers based on what the server knows of the network load, server load, network topology, and so on.

This document does quite a good job of covering the many security issues with such a protocol. It lays out many of the competing security considerations, particularly the privacy of each party and, being a requirements document, doesn't answer any of the hard questions that will need to come in the upcoming protocol document.

--Paul Hoffman