[mpls] Secdir last call review of draft-ietf-mpls-tp-aps-updates-03

Christian Huitema <huitema@huitema.net> Wed, 17 May 2017 01:02 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: mpls@ietf.org
Delivered-To: mpls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0045213147C; Tue, 16 May 2017 18:02:40 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Christian Huitema <huitema@huitema.net>
To: <secdir@ietf.org>
Cc: mpls@ietf.org, draft-ietf-mpls-tp-aps-updates.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.51.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149498296095.6616.14922755167741082096@ietfa.amsl.com>
Date: Tue, 16 May 2017 18:02:40 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/tByUH5bhUTlPL-MnXtl1SLQrZ0c>
Subject: [mpls] Secdir last call review of draft-ietf-mpls-tp-aps-updates-03
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 May 2017 01:02:41 -0000

Reviewer: Christian Huitema
Review result: Ready

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat

these comments just like any other last call comments.

This document is: Ready.

This document, draft-ietf-mpls-tp-aps-updates-03, describes a set of
fixes to the MPLS Transport Profile (MPLS-TP) Linear Protection
defined in RFC 6378. Linear Protection is meant to provide rapid and
simple protection switching. MPLS-TP allows end-points in a "protected
domain" to coordinate when the traffic shall be sent on the normal
path, or switched to the pre-established protection path. The protocol
was updated in RFC 7271. The current document updates RFC 7271. It
adds a better definition for the initialization of the protocol state,
and defines a limited set of changes in the state machine. 

The security sections states that "No specific security issue is
raised in addition to those ones already documented in [RFC7271].  It
may be noted that tightening the description of initializing behavior
may help to protect networks from re-start attack." I agree with that