Telechat Review of draft-ietf-mpls-tp-security-framework-08
review-ietf-mpls-tp-security-framework-08-genart-telechat-romascanu-2013-02-19-00

Request Review of draft-ietf-mpls-tp-security-framework
Requested rev. no specific revision (document currently at 09)
Type Telechat Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2013-02-19
Requested 2013-02-07
Authors Luyuan Fang, Ben Niven-Jenkins, Scott Mansfield, Richard Graveman
Draft last updated 2013-02-19
Completed reviews Genart Last Call review of -07 by Dan Romascanu (diff)
Genart Telechat review of -08 by Dan Romascanu (diff)
Secdir Last Call review of -07 by Brian Weis (diff)
Assignment Reviewer Dan Romascanu
State Completed
Review review-ietf-mpls-tp-security-framework-08-genart-telechat-romascanu-2013-02-19
Reviewed rev. 08 (document currently at 09)
Review result Ready
Review completed: 2013-02-19

Review
review-ietf-mpls-tp-security-framework-08-genart-telechat-romascanu-2013-02-19

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at

<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments you may receive.

Document: draft-ietf-mpls-tp-security-framework-07
Reviewer: Dan Romascanu
Review Date: 1/31/13
IETF LC End Date: 2/6/13
IESG Telechat date: (if known)

Summary: Ready with Issues

This is a short, well-written and useful document that supplements RFC 5920 with information on reference models, security threats and defense techniques specific to MPLS-TP. There is one major issue which I believe should be fixed and is not too difficult to fix if the authors agree. 

Major issues:

One of the major features of extending MPLS in MPLS-TP is rightly identified in the words of the Abstract as the 'strong emphasis on static provisioning supported by network management systems'. However Sections 3 and 4 miss to describe accurately the threats introduced by provisioning tools and the defensive techniques that need to be put in place in order to address these threats. 

Section 3 speaks about 'attacks to NMS' but this is quite vague (what kind of attacks?) and incomplete, as it is not only the NMS that can be attacked but also the communication between the NMS and the routers that are being provisioned, as well as the access of the users to the provisioning tools. Threats like disclosure of information, masquerade (as NMS) or access of unauthorized users to the provisioning information and controls need to be clearly articulated here. 

In Section 4 the corresponding defensive techniques need to be listed, or at least make clear that techniques like entity authentication for identity verification, encryption for confidentiality, message integrity and replay detection to ensure the validity of message streams, as well as users access control and events logging need to apply also for NMS applications and provisioning traffic. 

Minor issues: 

Nits/editorial comments:

1. Several acronyms are not expanded at first occurrence: PE/T-PE, GAL

2. Inconsistent abbreviation: T-PE in the text, TPE in figures 2-5

3. The first sentence in Section 3 seems broken grammatically: 

> This section discuss various network security threats which are to
   MPLS-TP and may endanger MPLS-TP networks.