[Bier] Secdir last call review of draft-ietf-bier-php-12

Shawn Emery via Datatracker <noreply@ietf.org> Thu, 03 October 2024 07:30 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: bier@ietf.org
Delivered-To: bier@ietfa.amsl.com
Received: from [10.244.8.155] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 81963C16942C; Thu, 3 Oct 2024 00:30:14 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.25.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <172794061414.1110405.2942702584249285522@dt-datatracker-7bbd96684-zjf54>
Date: Thu, 03 Oct 2024 00:30:14 -0700
Message-ID-Hash: F2RPVGYS2IKQAVS7CYCRUCZOCA6DYR3V
X-Message-ID-Hash: F2RPVGYS2IKQAVS7CYCRUCZOCA6DYR3V
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-bier.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: bier@ietf.org, draft-ietf-bier-php.all@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc5
Reply-To: Shawn Emery <shawn.emery@gmail.com>
Subject: [Bier] Secdir last call review of draft-ietf-bier-php-12
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/Fs9fnC3QL2_slV4UHv8iU6wWynI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Owner: <mailto:bier-owner@ietf.org>
List-Post: <mailto:bier@ietf.org>
List-Subscribe: <mailto:bier-join@ietf.org>
List-Unsubscribe: <mailto:bier-leave@ietf.org>

Reviewer: Shawn Emery
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This standards track draft specifies a protocol for removing the Bit Index
Explicit Replication (BIER) header by the 2nd to last router before forwarding
to a BIER incapable router.  The goal of the protocol is to prevent the last
router in the path from unnecessarily processing the BIER header.

The security considerations sections does exist and discloses that the protocol
does not introduce any additional security implications beyond that of "BIER
architecture and OSPF/IS-IS/BGP extensions for BIER signaling".  It would be
helpful to outline the relevant RFCs that each of these building blocks of this
draft is dependent upon on in this section.  I focused this review on RFC8279
and believe that the aforementioned assertion is correct.

General comments:

A well written document, covering intricate conditionals.

Editorial comments:

None.