Sorry...resending because I mistyped the author address. ---------- Forwarded message ---------- From: Radia Perlman Date: Sun, May 6, 2018 at 11:48 PM Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05 To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG < iesg@ietf.org>, secdir@ietf.org Summary: No security issues found, but I do have questions, and there are editing glitches I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the management interface for microwave radio links. It advocates (correctly, I believe) that such an interface should be extensible to provide for vendor-specific features. I don't understand the difference between a "a traditional network management system" and SDN. Perhaps it is not the job of this document to clearly make the distinction, and I suspect there is no real distinction...setting parameters (traditional network management) is a way of "programming" an interface ("SDN"). This document could use an editing pass for glitches, but these glitches do not impact its readability. The glitches consist mostly of leaving out little words like "of" in the following sentence. "The adoption of an SDN framework for management and control the microwave interface is one of the key applications for this work." The security considerations say that they assume a secure transport layer (authenticated, probably encryption isn't necessary) for communication. Other than that, perhaps, there might be security considerations for inadvertently setting parameters incorrectly, or maliciously by a trusted administrator. But this document does not specify the specific parameters to be managed, just a general framework. Radia