> -----Original Message-----
> From: David Farmer [mailto:[email protected]]
> Sent: Friday, April 10, 2015 7:26 PM
> To: Ronald Bonica; Lucy yong; [email protected]; [email protected]
> Cc: David Farmer
> Subject: Re: [Int-area] FW: New Version Notification for draft-ietf-intarea-
> gre-ipv6-05.txt
>
> Sure, that works, but few nits;
>
> - The first "GRE" in in the second sentence seems redundant, I'd suggest just
> removing it.
[RPB]
Yikes! That was certainly redundant! I will remove it.
>
> - Except for applying to IPv6, the fourth sentence says almost the same thing
> as the third sentence. I'd suggest adding ", including IPv6" to the second
> sentence, and remove the fourth sentence all together.
[RPB]
I don't agree. In the third sentence, the GRE ingress and GRE egress nodes
execute IPSec procedures. They encrypt and/or authenticate the GRE delivery
header. (That's all you can do when the payload is MPLS). In the fourth
sentence, the payload originator and payload destination execute IPSec
procedures. They encrypt and/or authenticate the payload packet. This is an
option when the payload is IPv6.
In the first case, the
>
> - The double use of the word "beyond" in the last sentence seems
> redundant as well. Maybe substitute, "Otherwise," for "Beyond that," at the
> beginning of the sentence.
[RPB]
Agree.
Ron
>
> Putting those together you get;
>
> The security section of [RFC 4023] identifies threats encountered when MPLS
> is deliver over GRE. These threats apply equally to any payload that is
> delivered over GRE, including IPv6. As stated in RFC 4023, these threats can
> be mitigated by authenticating and/or encrypting the delivery packet using
> IPSec [RFC 4301] procedures. Otherwise, the current specification introduces
> no security considerations beyond those mentioned in RFC 2784.
>
> More generically, security considerations for IPv6 are discussed in [RFC4942],
> operational security for IPv6 is discussed in [I-D.ietf-opsec-v6], and
> security
> concerns for tunnels in general are discussed in [RFC6169].
>
> On 4/10/15 17:24 , Ronald Bonica wrote:
> > David, Lucy,
> >
> > Having thought about it a little more, would you mind if I crafted the text
> > as
> follows:
> >
> > The security section of [RFC 4023] identifies threats encountered when
> MPLS is deliver over GRE. These threats apply equally to any GRE payload
> that is delivered over GRE. As stated in RFC 4023, these threats can be
> mitigated by authenticating and/or encrypting the delivery packet using
> IPSec [RFC 4301] procedures. When the payload is IPv6, they can also be
> mitigated by authenticating and/or encrypting the payload using IPSec.
> Beyond that, the current specification introduces no security considerations
> beyond those mentioned in RFC 2784.
> >
> > More generically, security considerations for IPv6 are discussed in
> [RFC4942], operational security for IPv6 is discussed in [I-D.ietf-opsec-v6],
> and security concerns for tunnels in general are discussed in [RFC6169].
> >
> >
> >
> > Ron
>
>
> --
> ================================================
> David Farmer Email: [email protected]
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE Phone: 1-612-626-0815
> Minneapolis, MN 55414-3029 Cell: 1-612-812-9952
> ================================================
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
