Last Call Review of draft-ietf-ccamp-gmpls-mln-extensions-

Request Review of draft-ietf-ccamp-gmpls-mln-extensions
Requested rev. no specific revision (document currently at 12)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-03-02
Requested 2010-02-05
Authors Jean-Louis Le Roux, Deborah Brungard, Papadimitriou Dimitri, Kohei Shiomoto, Martin Vigoureux
Draft last updated 2010-03-03
Completed reviews Secdir Last Call review of -?? by Shawn Emery
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-ccamp-gmpls-mln-extensions-secdir-lc-emery-2010-03-03
Review completed: 2010-03-03


I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the 

IESG.  These comments were written primarily for the benefit of the 

security area directors. Document editors and WG chairs should treat 

these comments just like any other last call comments.

This draft describes protocol extensions for interfacing with 

Generalized Multi Protocol Label Switching (GMPLS) 

Multi-Layer/Multi-Region Networks.

The security considerations section does exist and references 

draft-ietf-mpls-mpls-and-gmpls-security-framework for the various 

attacks and their possible solutions regarding MPLS/GMPLS.  The section 

then discloses that a call controller should not be reachable from an 

external Traffic Engineering domain.  Then discusses that in order to 

prevent MITM attacks that IKE MUST be used between edge nodes and 

terminating calls.  After reading this draft and the security-framework 

draft it seems that they cover the threat models sufficiently.

General comments:


Editorial comments:


PSC and L2SC are expanded, therefore:
s/TDM/Time-Division Multiplexing (TDM)/

- -