[Last-Call] Secdir last call review of draft-ietf-lsr-rfc8920bis-03
Scott Kelly via Datatracker <noreply@ietf.org> Mon, 22 May 2023 16:11 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: last-call@ietf.org
Delivered-To: last-call@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 506FBC1519B0; Mon, 22 May 2023 09:11:52 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Scott Kelly via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-lsr-rfc8920bis.all@ietf.org, last-call@ietf.org, lsr@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 10.4.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <168477191231.37220.13924089362384644202@ietfa.amsl.com>
Reply-To: Scott Kelly <scott@hyperthought.com>
Date: Mon, 22 May 2023 09:11:52 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/cAWHhER7p3VCzkjUicQo9MdLWnQ>
Subject: [Last-Call] Secdir last call review of draft-ietf-lsr-rfc8920bis-03
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2023 16:11:52 -0000
Reviewer: Scott Kelly Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is "almost ready" Quoting the abstract, Existing traffic-engineering-related link attribute advertisements have been defined and are used in RSVP-TE deployments. Since the original RSVP-TE use case was defined, additional applications (e.g., Segment Routing Policy and Loop-Free Alternates) that also make use of the link attribute advertisements have been defined. In cases where multiple applications wish to make use of these link attributes, the current advertisements do not support application- specific values for a given attribute, nor do they support indication of which applications are using the advertised value for a given link. This document introduces new link attribute advertisements in OSPFv2 and OSPFv3 that address both of these shortcomings. The security considerations seem complete, but I had one minor concern with this sentence: Implementations must ensure that if any of the TLVs and sub-TLVs defined in this document are malformed, they are detected and do not facilitate a vulnerability for attackers to crash the OSPF router or routing process. This is correct, but we are not just concerned with crashing. It might be better to say something like "...to crash or otherwise compromise the OSPF router or routing process."
- [Last-Call] Secdir last call review of draft-ietf… Scott Kelly via Datatracker
- Re: [Last-Call] Secdir last call review of draft-… Les Ginsberg (ginsberg)