[DMM] Secdir telechat review of draft-ietf-dmm-pmipv6-dlif-05

Vincent Roca via Datatracker <noreply@ietf.org> Thu, 27 February 2020 14:57 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: dmm@ietf.org
Delivered-To: dmm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F00D3A0AF8; Thu, 27 Feb 2020 06:57:42 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Vincent Roca via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: dmm@ietf.org, last-call@ietf.org, draft-ietf-dmm-pmipv6-dlif.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.118.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <158281546210.2262.1845082722013562869@ietfa.amsl.com>
Reply-To: Vincent Roca <vincent.roca@inria.fr>
Date: Thu, 27 Feb 2020 06:57:42 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmm/aMG55HGyur8vcg3pSCX4nWIBMxQ>
Subject: [DMM] Secdir telechat review of draft-ietf-dmm-pmipv6-dlif-05
X-BeenThere: dmm@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Distributed Mobility Management Working Group <dmm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmm>, <mailto:dmm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmm/>
List-Post: <mailto:dmm@ietf.org>
List-Help: <mailto:dmm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmm>, <mailto:dmm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2020 14:57:49 -0000

Reviewer: Vincent Roca
Review result: Has Nits

Hello,

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

Summary: Has Nits

Thank you for the clarification of the Security Considerations section.
I just have a minor comment and a typo.

- It is said (section 6):
  "The CMD SHOULD use a pacing approach to limit
   this amplification risk."
I agree, but where do you intend to apply pacing? In the incoming queue (i.e.,
by delaying some PBU/PBA messages) or in the outgoing queue (i.e., to limit
output traffic), or both? It's a bit unclear.

- Typo: remove one "exist" in sentence: "there may exist multiple previous
(e.g., k) MAARs exist."

Regards,    Vincent