[mpls] Secdir last call review of draft-ietf-mpls-mna-usecases-12

Yaron Sheffer via Datatracker <noreply@ietf.org> Fri, 13 September 2024 13:39 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: mpls@ietf.org
Delivered-To: mpls@ietfa.amsl.com
Received: from [10.244.2.118] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id C913EC151533; Fri, 13 Sep 2024 06:39:27 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yaron Sheffer via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.23.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <172623476741.3388439.10172931974011368249@dt-datatracker-68b7b78cf9-q8rsp>
Date: Fri, 13 Sep 2024 06:39:27 -0700
Message-ID-Hash: WDKJ3LAKHRN6XO273Z34TRPQELBENBLJ
X-Message-ID-Hash: WDKJ3LAKHRN6XO273Z34TRPQELBENBLJ
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-mpls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-mpls-mna-usecases.all@ietf.org, last-call@ietf.org, mpls@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Yaron Sheffer <yaronf.ietf@gmail.com>
Subject: [mpls] Secdir last call review of draft-ietf-mpls-mna-usecases-12
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/0PMLrfByuYC4iYNmNasluSWPTQo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Owner: <mailto:mpls-owner@ietf.org>
List-Post: <mailto:mpls@ietf.org>
List-Subscribe: <mailto:mpls-join@ietf.org>
List-Unsubscribe: <mailto:mpls-leave@ietf.org>

Reviewer: Yaron Sheffer
Review result: Has Issues

This document reviews multiple use cases for a new extension to MPLS, Network
Action Indicators.

The entirety of the Security Considerations section reads:

This document introduces no new security considerations.

I am not convinced, and I think an explanation is needed on why MNA are more or
less susceptible to attacks than the way these use cases are signaled today.
That *could* lead to discussion of new security controls.

Specifically I would recommend to address the more difficult migration and
coexistence scenarios listed in Sections 3 and 4.

In fact, even a reference to
https://www.ietf.org/archive/id/draft-ietf-mpls-mna-fwk-10.html#name-security-considerations
may do the job, assuming the authors believe the Security Considerations over
in that document cover the use cases listed here.