[mpls] Secdir last call review of draft-ietf-mpls-tp-aps-updates-03
Christian Huitema <huitema@huitema.net> Wed, 17 May 2017 01:02 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: mpls@ietf.org
Delivered-To: mpls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0045213147C; Tue, 16 May 2017 18:02:40 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Christian Huitema <huitema@huitema.net>
To: secdir@ietf.org
Cc: mpls@ietf.org, draft-ietf-mpls-tp-aps-updates.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.51.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149498296095.6616.14922755167741082096@ietfa.amsl.com>
Date: Tue, 16 May 2017 18:02:40 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/tByUH5bhUTlPL-MnXtl1SLQrZ0c>
Subject: [mpls] Secdir last call review of draft-ietf-mpls-tp-aps-updates-03
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 May 2017 01:02:41 -0000
Reviewer: Christian Huitema Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is: Ready. This document, draft-ietf-mpls-tp-aps-updates-03, describes a set of fixes to the MPLS Transport Profile (MPLS-TP) Linear Protection defined in RFC 6378. Linear Protection is meant to provide rapid and simple protection switching. MPLS-TP allows end-points in a "protected domain" to coordinate when the traffic shall be sent on the normal path, or switched to the pre-established protection path. The protocol was updated in RFC 7271. The current document updates RFC 7271. It adds a better definition for the initialization of the protocol state, and defines a limited set of changes in the state machine. The security sections states that "No specific security issue is raised in addition to those ones already documented in [RFC7271]. It may be noted that tightening the description of initializing behavior may help to protect networks from re-start attack." I agree with that assessment.
- [mpls] Secdir last call review of draft-ietf-mpls… Christian Huitema