[mpls] Secdir last call review of draft-ietf-mpls-spring-lsp-ping-11
Stephen Farrell <firstname.lastname@example.org> Fri, 06 October 2017 14:35 UTC
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ACCC1342E9; Fri, 6 Oct 2017 07:35:07 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
From: Stephen Farrell <email@example.com>
Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
Date: Fri, 06 Oct 2017 07:35:07 -0700
Subject: [mpls] Secdir last call review of draft-ietf-mpls-spring-lsp-ping-11
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:email@example.com?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:firstname.lastname@example.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2017 14:35:07 -0000
Reviewer: Stephen Farrell Review result: Ready Hiya, The document describes yet another variant of ping and traceroute for MPLS, which is fine. The security considerations text is probably right in saying there's no big delta here vs. RFC 8029. I do have one query: The "protocol" field in the requests here seems like it's maybe a new thing, that wasn't in 8029 (or at least wasn't clearly there from my fairly uninformed read:-). That's defined as: Set to 1, if the Responder MUST perform FEC validation using OSPF as IGP protocol. Set to 2, if the Responder MUST perform Egress FEC validation using ISIS as IGP protocol. I don't know what's required for those validation steps, nor if there's any chance that doing such validation could form a new DoS vector, or if it could (interestingly) affect the interpretation of the information in the responses (say if validation can affect response timing in some weird way), so this is just to check if there's anything more to be said about that. I assume the authors' answer will be that implementers of this will know what validation means here, that it's no big deal as a DoS vector and that the timing effects are not a problem. If so, that's probably fine, but it might be good to verify that. Cheers, S.
- [mpls] Secdir last call review of draft-ietf-mpls… Stephen Farrell
- Re: [mpls] Secdir last call review of draft-ietf-… Carlos Pignataro (cpignata)