[Last-Call] Secdir last call review of draft-ietf-lsr-isis-flood-reflection-10

Rich Salz via Datatracker <noreply@ietf.org> Mon, 03 October 2022 16:23 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: last-call@ietf.org
Delivered-To: last-call@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ACF64C1524CE; Mon, 3 Oct 2022 09:23:43 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Rich Salz via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: draft-ietf-lsr-isis-flood-reflection.all@ietf.org, last-call@ietf.org, lsr@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.17.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <166481422370.58279.1362610593377260426@ietfa.amsl.com>
Reply-To: Rich Salz <rsalz@akamai.com>
Date: Mon, 03 Oct 2022 09:23:43 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/5SOpZ6giObkS6VlkzCULZnpbh-M>
Subject: [Last-Call] Secdir last call review of draft-ietf-lsr-isis-flood-reflection-10
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2022 16:23:43 -0000

Reviewer: Rich Salz
Review result: Has Nits

I am a routing naïf and do not have a lot of time these days. I hope this
review is still useful, anyway.

The glossary was very helpful.  I still don't have a clear understanding of L1
and L2.

The picture is a tour de force.  The description "Figure 1 is an example..."
paragraph should be moved before the picture, not directly after it.

Sections 6 and 7 indicate, to me, that this document is comprehensive and
informed by real-world concerns.

Sec 9, Security Considerations.
This is where I did the most careful reading.
"If an attacker should be able..."  s/should be able/can/
s/could be in most extreme case/could be in THE most extreme case/
It was a bit surprising to me to see the same sentence at the end of both
paragraph 1 and paragraph 2.  Maybe remove them and move them to the start of
paragraph 3.

I think the risks are well-described, and the importance to preventing is made.
Is it possible to mitigate the damage if a risk occurs?  "No" is a reasonable
answer.