Re: [mpls] Secdir last call review of draft-ietf-mpls-lsp-ping-lag-multipath-05
Mach Chen <mach.chen@huawei.com> Fri, 14 December 2018 02:11 UTC
Return-Path: <mach.chen@huawei.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A994A130F66; Thu, 13 Dec 2018 18:11:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OpbTn4Lfz50L; Thu, 13 Dec 2018 18:11:37 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD626130F5C; Thu, 13 Dec 2018 18:11:36 -0800 (PST)
Received: from lhreml702-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id D7DE2CB0F96AA; Fri, 14 Dec 2018 02:11:32 +0000 (GMT)
Received: from lhreml707-chm.china.huawei.com (10.201.108.56) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 14 Dec 2018 02:11:33 +0000
Received: from lhreml707-chm.china.huawei.com (10.201.108.56) by lhreml707-chm.china.huawei.com (10.201.108.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Fri, 14 Dec 2018 02:11:33 +0000
Received: from DGGEML422-HUB.china.huawei.com (10.1.199.39) by lhreml707-chm.china.huawei.com (10.201.108.56) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1591.10 via Frontend Transport; Fri, 14 Dec 2018 02:11:33 +0000
Received: from DGGEML510-MBX.china.huawei.com ([169.254.2.202]) by dggeml422-hub.china.huawei.com ([10.1.199.39]) with mapi id 14.03.0415.000; Fri, 14 Dec 2018 10:11:22 +0800
From: Mach Chen <mach.chen@huawei.com>
To: Linda Dunbar <linda.dunbar@huawei.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "mpls@ietf.org" <mpls@ietf.org>, "draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org" <draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-mpls-lsp-ping-lag-multipath-05
Thread-Index: AQHUkY+Xr7eIQ7lWe0az4uRG6fBCdqV9d+Sw
Date: Fri, 14 Dec 2018 02:11:21 +0000
Message-ID: <F73A3CB31E8BE34FA1BBE3C8F0CB2AE2927B2883@dggeml510-mbx.china.huawei.com>
References: <154455986336.13151.8483284555885294015@ietfa.amsl.com>
In-Reply-To: <154455986336.13151.8483284555885294015@ietfa.amsl.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.194.201]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/GGfieKTN7Mk3mocFRXMYbNoPuzs>
Subject: Re: [mpls] Secdir last call review of draft-ietf-mpls-lsp-ping-lag-multipath-05
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Dec 2018 02:11:39 -0000
Hi Linda, Thanks for the review! Some responses inline... > -----Original Message----- > From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of Linda Dunbar > Sent: Wednesday, December 12, 2018 4:24 AM > To: secdir@ietf.org > Cc: mpls@ietf.org; draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org; > ietf@ietf.org > Subject: Secdir last call review of draft-ietf-mpls-lsp-ping-lag-multipath-05 > > Reviewer: Linda Dunbar > Review result: Ready > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments > just like any other last call comments. > > The summary of the review is Ready with comment > > The described mechanism for LSP Multipath Ping is very clear. The Security > Consideration re-uses the description of RFC8029, which is very > comprehensive. > It would be better if the draft describes how to prevent intermediate LSRs in > between the Initiating LSR and Responding LSR from mis-using the detailed > link information (e.g. forwarding to somewhere else). The Echo Request and Reply messages are directly exchanged between the Initiating LSR and the Responding LSR, those intermediate LSRs just forward the messages as normal packets, they will not see the detailed link information unless if they inspect and do DPI on every packet forwarded by them. The detailed link information is supplied to the Initiating LSR for using, the intermediate LSRs will not try to use it even if they received the information, because there is no corresponding Echo Request to the received Echo Reply. Best regards, Mach > > Best Regards, > Linda Dunbar >
- [mpls] Secdir last call review of draft-ietf-mpls… Linda Dunbar
- Re: [mpls] Secdir last call review of draft-ietf-… Mach Chen
- Re: [mpls] [secdir] Secdir last call review of dr… Benjamin Kaduk
- Re: [mpls] [secdir] Secdir last call review of dr… Mach Chen
- Re: [mpls] [secdir] Secdir last call review of dr… Benjamin Kaduk
- Re: [mpls] [secdir] Secdir last call review of dr… Mach Chen
- Re: [mpls] [secdir] Secdir last call review of dr… Benjamin Kaduk