[Bier] Secdir last call review of draft-ietf-bier-oam-requirements-12

Barry Leiba via Datatracker <noreply@ietf.org> Wed, 09 August 2023 19:09 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Barry Leiba via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: bier@ietf.org, draft-ietf-bier-oam-requirements.all@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <169160814305.42427.16864377745174297952@ietfa.amsl.com>
Reply-To: Barry Leiba <barryleiba@computer.org>
Date: Wed, 09 Aug 2023 12:09:03 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/RvC0RtCgHrGrC1ERMUVh4adefPo>
Subject: [Bier] Secdir last call review of draft-ietf-bier-oam-requirements-12

Reviewer: Barry Leiba
Review result: Has Issues

The only comment I have from a security standpoint is that the Security
Considerations seem basically absent, saying no more than "Nothing to see
here."  That's common and easy to say, but I expected some explanation of how
the requirements specified in the document are needed to ensure a robust and
secure BIER system.  I wouldn't expect pages of text, but I'm surprised to see
nothing at all.  Is it really the case that an OAM system for BIER would do
nothing to enhance security, nothing to alert us to BIER-specific attacks?

[Bier] Secdir last call review of draft-ietf-bier… Barry Leiba via Datatracker
Re: [Bier] Secdir last call review of draft-ietf-… Greg Mirsky
Re: [Bier] Secdir last call review of draft-ietf-… Barry Leiba
Re: [Bier] Secdir last call review of draft-ietf-… Greg Mirsky