[Gen-art] Gen-ART Telechat review of draft-ietf-opsec-lla-only-10
"Peter Yee" <peter@akayla.com> Thu, 21 August 2014 20:16 UTC
Return-Path: <peter@akayla.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDD8B1A06EA; Thu, 21 Aug 2014 13:16:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JGx0Q1lILPZ6; Thu, 21 Aug 2014 13:16:05 -0700 (PDT)
Received: from p3plsmtpa12-02.prod.phx3.secureserver.net (p3plsmtpa12-02.prod.phx3.secureserver.net [68.178.252.231]) by ietfa.amsl.com (Postfix) with ESMTP id 388BE1A06E1; Thu, 21 Aug 2014 13:16:05 -0700 (PDT)
Received: from spectre ([173.8.184.78]) by p3plsmtpa12-02.prod.phx3.secureserver.net with id hYG01o0011huGat01YG0GR; Thu, 21 Aug 2014 13:16:04 -0700
From: Peter Yee <peter@akayla.com>
To: draft-ietf-opsec-lla-only.all@tools.ietf.org
Date: Thu, 21 Aug 2014 13:16:03 -0700
Message-ID: <028101cfbd7c$be5a3150$3b0e93f0$@akayla.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac+9fBFonZKOdxB3SFGHhQ8Dnm+wYw==
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/gen-art/OKy2CI1bJUmyxTdMKCLOVDKMFHU
Cc: gen-art@ietf.org, ietf@ietf.org
Subject: [Gen-art] Gen-ART Telechat review of draft-ietf-opsec-lla-only-10
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 20:16:07 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq> Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-opsec-lla-only-10 Reviewer: Peter Yee Review Date: August-21-2014 IETF LC End Date: April-7-2014 IESG Telechat date: August-21-2014 Summary: This draft is basically ready for publication as an Informational RFC, but has issues that should be fixed before publication. [Ready with issues.] This document discusses the (controversial) use of IPv6 link-local addresses on router infrastructure links. I don't find all of the (remaining) arguments for use of link-local addresses to be terribly compelling, but I'm not averse to the document's publication as a summary of some of the pros and cons for those who desire to configure their routers in the manner prescribed. There may be other reasons that should be taken into consideration, but I lack a network operator's experience to discuss them. Minor: Page 4, 5th paragraph, 2nd sentence: SSH brute force password attacks aren't really reduced unless the reduction is simply not being able to attack a single router over multiple interfaces in parallel. A better scheme for reducing SSH brute force password attacks might be to limit the rate of responses to SSH login attempts in the face of repeated failures. I'd still consider dropping this marginal example. The TCP SYN flood suffices to make the point. Page 6, 1st partial paragraph: the argument is made that "more work" is required to discover all of an IXPs loopback interface addresses before a generic attack can be mounted. This wouldn't seem to be a lot of upfront work and once it has been done, the advantage is negated. I don't find the argument particularly persuasive. Nits: Page 4, 5th paragraph, 2nd sentence: delete the comma after "[RFC4987])" and change the "or" to "and". Page 6, 1st full paragraph, 1st sentence: replace "a" with "an" before "MPLS LSP". -Peter Yee
- [Gen-art] Gen-ART Telechat review of draft-ietf-o… Peter Yee
- Re: [Gen-art] Gen-ART Telechat review of draft-ie… Michael Behringer (mbehring)