Last Call Review of draft-ietf-ccamp-gmpls-g709-framework-14
review-ietf-ccamp-gmpls-g709-framework-14-secdir-lc-hanna-2013-09-05-00

Request Review of draft-ietf-ccamp-gmpls-g709-framework
Requested rev. no specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-09-02
Requested 2013-08-22
Authors Fatai Zhang, Dan Li, Han Li, Sergio Belotti, Daniele Ceccarelli
Draft last updated 2013-09-05
Completed reviews Genart Last Call review of -14 by Russ Housley (diff)
Secdir Last Call review of -14 by Steve Hanna (diff)
Assignment Reviewer Steve Hanna
State Completed
Review review-ietf-ccamp-gmpls-g709-framework-14-secdir-lc-hanna-2013-09-05
Reviewed rev. 14 (document currently at 15)
Review result Ready
Review completed: 2013-09-05

Review
review-ietf-ccamp-gmpls-g709-framework-14-secdir-lc-hanna-2013-09-05

I reviewed this document as part of the security directorate's ongoing 
effort to review all IETF documents being processed by the IESG.  These 
comments were written primarily for the benefit of the security area 
directors.  Document editors and WG chairs should treat these comments 
just like any other last call comments.

This document provides a framework to allow the development of 
protocol extensions to support Generalized Multi-Protocol Label 
Switching (GMPLS) and Path Computation Element (PCE) control of 
Optical Transport Networks (OTN) as specified in ITU-T Recommendation 
G.709. It's part of a group of four documents pertaining to G.709
that are all proceeding through the IESG.

Because I know little about GMPLS, PCE, OTN, or G.709, I found
this document to be a bit hard to understand. Probably if I read
all the references, I might understand it better. I'm afraid that
I don't have time for that.

I did review the Security Considerations section and found it
to be easy to understand. This section states that the threats
posed by an enhanced OTN control plane are no greater than the
threats posed by the existing, simpler OTN control plane. That
seems reasonable. In addition, the Security Considerations
section points to RFC 5920, which contains a thorough analysis
of the threats that may be mounted against MPLS/GMPLS networks
and the countermeasures that may be employed against these
threats. The threats and countermeasures described in RFC 5920
seem to be broad enough to encompass any additional issues
raised by this document.

My conclusion is that, within my limited scope of understanding
of this document, the Security Considerations section is adequate
and there are no troubling issues from a security perspective.

Thanks,

Steve