Last Call Review of draft-ietf-opsawg-oam-overview-
review-ietf-opsawg-oam-overview-secdir-lc-hoffman-2011-08-01-00

Request Review of draft-ietf-opsawg-oam-overview
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-08-09
Requested 2011-07-09
Authors Tal Mizrahi, Nurit Sprecher, Elisa Bellagamba, Yaacov Weingarten
Draft last updated 2011-08-01
Completed reviews Genart Last Call review of -08 by Elwyn Davies (diff)
Genart Telechat review of -14 by Elwyn Davies (diff)
Secdir Last Call review of -?? by Paul Hoffman
Assignment Reviewer Paul Hoffman
State Completed
Review review-ietf-opsawg-oam-overview-secdir-lc-hoffman-2011-08-01
Review completed: 2011-08-01

Review
review-ietf-opsawg-oam-overview-secdir-lc-hoffman-2011-08-01

Greetings. I am the Secdir reviewer for draft-ietf-opsawg-oam-overview. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This draft is a comprehensive list of the protocols used for operations, administration, and maintenance of many IETF and non-IETF protocols (basically: monitoring link status). The descriptions go into detail about how each OAM mechanism is used in combination with the protocol it monitors.

The security considerations section reads, in its entirety:
   There are no security implications imposed by this document.
That is probably sufficient, assuming that every OAM mechanism listed does not expose any traffic to the administrator. However, it seems likely that some of the mechanisms might also allow link maintenance, such as turning off some links and starting up others. If that is the case, then this document absolutely needs a discussion of authentication and authorization; if it is not the case, then the NOOP for security considerations is reasonable.

--Paul Hoffman