[bess] Secdir last call review of draft-ietf-bess-mvpn-evpn-aggregation-label-10

Robert Sparks via Datatracker <noreply@ietf.org> Tue, 11 July 2023 16:05 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Sparks via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: bess@ietf.org, draft-ietf-bess-mvpn-evpn-aggregation-label.all@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <168909151659.32968.7232771259274341256@ietfa.amsl.com>
Reply-To: Robert Sparks <rjsparks@nostrum.com>
Date: Tue, 11 Jul 2023 09:05:16 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/cB8cLdBKWTBprM80YJgBKCVgwJQ>
Subject: [bess] Secdir last call review of draft-ietf-bess-mvpn-evpn-aggregation-label-10

Reviewer: Robert Sparks
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other review
comments.

This document is mostly ready for publication as a Proposed Standard RFC, but
has nits (one bordering on an issue) to address before publication.

This document requires quite a bit of background provided outside of the
document to make it meaningful. There is some effort to point to where
essential concepts are defined, but a few more might be appropriate. It reads
reasonably well, but I have provided some editorial comments at the end.

Nit bordering on issue:

The Security Considerations need more consideration. The essence of what's
provided so far is "Nothing new to consider here, see RFC 5331, RFC 6514, RFC
7432, and RFC 8402 for the things you should really think about before using
the procedures defined in this document".

It's not clear how what the security consideration section in 5331 applies to
these procedures - some discussion of what's important from that, and the other
referenced docs, to _this_ document would be helpful. The primary concern seems
to be entirely about the safe handling of, and consequences of
(mis)-provisioning of, labels. Is there not a concise discussion in the
literature around these labels to point to?

Structural nit:

The last paragraph and four bullets at the end of section 3.2 appears to be a
set of pre-condition requirement (something that can only be violated by
mis-configuration) rather than something to test for at runtime. Consider
stating this earlier and as a requirement on configuration of the system. Or,
if I'm incorrect, say what to do should a receiving PE encounter this
configuration.

Editorial nits:

Consider more explicit instruction where you require PEs to program things. I
think "place an entry in" or similar would be clearer.

There is something that looks like normative text in the Terminology definition
of SRGB (last sentence). Consider moving it into the body of the document,
pointing to where it's specified (if specified elsewhere), or removing it.

At "This document simply specifies" (in 2.1) - what does "simply" mean here?
Please see if you can avoid the term.

Consider rewriting the first sentence of 3.2 more directly (think about
translation into other languages). Something like "The procedures here MAY be
used when...". The "need not...unless" construction is difficult.

At the last sentence of section 2.2 (before 2.2.1), consider how this will read
in a decade. Avoid "today's networks" and simplify "more and more".

Please break the single sentence paragraph at the end of page 12 (starting
"When a PE receives an x-PMSI/IMEI") into several simpler sentences.

Consider reworking the first part of "A PE MUST NOT both carry the DCB
flag...". The route is carrying the flag, not the PE.

[bess] Secdir last call review of draft-ietf-bess… Robert Sparks via Datatracker
Re: [bess] Secdir last call review of draft-ietf-… Jeffrey (Zhaohui) Zhang