Last Call Review of draft-ietf-cdni-requirements-12

Request Review of draft-ietf-cdni-requirements
Requested rev. no specific revision (document currently at 17)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-12-03
Requested 2013-11-07
Authors Kent Leung, Yiu Lee
Draft last updated 2013-12-05
Completed reviews Genart Last Call review of -12 by Christer Holmberg (diff)
Genart Last Call review of -13 by Christer Holmberg (diff)
Secdir Last Call review of -12 by Shawn Emery (diff)
Opsdir Last Call review of -12 by Carlos Pignataro (diff)
Assignment Reviewer Shawn Emery 
State Completed
Review review-ietf-cdni-requirements-12-secdir-lc-emery-2013-12-05
Reviewed rev. 12 (document currently at 17)
Review result Ready
Review completed: 2013-12-05


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This informational internet-draft describes the requirements to integrate
multiple Content Delivery Networks (CDNs) for Content Service Providers (CSPs)
so that end users have a single point of access for content.

The security considerations section does exist and refers to a separate section
for the discussion on security requirements.  This section gives requirements
priorities from high to low on the various types of attacks.  The high level
priorities are for authentication, confidentiality, integrity protection,
protection against replay, spoofing, and DoS attacks.  Since it is a requirements
specification there is purposefully no discussion on how to mitigate against such

General comments:


Editorial comments: