Last Call Review of draft-ietf-pce-p2mp-app-
review-ietf-pce-p2mp-app-secdir-lc-weis-2009-06-16-00

Request Review of draft-ietf-pce-p2mp-app
Requested rev. no specific revision (document currently at 02)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-06-16
Requested 2009-04-16
Draft last updated 2009-06-16
Completed reviews Secdir Last Call review of -?? by Brian Weis
Assignment Reviewer Brian Weis
State Completed
Review review-ietf-pce-p2mp-app-secdir-lc-weis-2009-06-16
Review completed: 2009-06-16

Review
review-ietf-pce-p2mp-app-secdir-lc-weis-2009-06-16

I have reviewed this document as part of the security directorate's  


ongoing effort to review all IETF documents being processed by the  


IESG. These comments were written primarily for the benefit of the  


security area directors. Document editors and WG chairs should treat  


these comments just like any other last call comments.






This Informational document describes how the Path Computation Element  


(PCE)-based architecture defined in RFC 4655 can support point-to- 


multipoint label switched paths. A PCE is a device that computes the  


path of Traffic Engineered Label Switched Paths (TE LSPs) within  


Multiprotocol Label Switching  (MPLS) and Generalized MPLS (GMPLS)  


networks. A PCE-based architecture is generally used to offload path  


computation processing from Label Switching Routers (LSRs).






This document does not substantially change the architecture described  


in RFC 4655. The Security Considerations section states that this  


document does not raise any additional security issues beyond those  


that generally apply to the PCE architecture, and I believe that is  


generally true. However, I do have one minor suggestion for the authors:






The "Note" in the Security Considerations section points out that P2MP  


computation is CPU-intensive, and posits that an attacker injecting  


spurious P2MP path computation requests may be more successful than if  


the attacker injected P2P computation requests. Since you brought up  


the attack, it would be worth noting that the use of a message  


integrity mechanism by a PCE protocol should be used to mitigate  


attacks from devices that are not authorized to send requests to the  


PCE device. I hesitate to be more specific because the document does  


not describe a particular PCE protocol.




Brian

--
Brian Weis
Router/Switch Security Group, ARTG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew at cisco.com