I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document follows up on earlier RFCs and describe how to do
multicast in BGP/MPLS IP VPN/tunnels, which were underspecified earlier.

I believe the document is ready.

Multicast in tunnels can have security considerations, but this RFC
does not introduce the concept.  It refers to earlier RFCs that
introduce the concept and contain the security considerations.  I don't
feel that this RFC introduce particular important new concepts to
warrant a more extensive security considerations.

I have a general security caveat with all things in the MPLS/routing
world: the specifications are large (hence slight delay of
this review as it interfered with skiing) and are dense to read due to
the large amount of acronyms used. This is a real challenge for anyone
who wants to analyze security properties of the protocols or
deployments.

/Simon


Attachment:


pgpcsjo_OEtsB.pgp




Description:

 OpenPGP digital signatur