[Pals] Secdir last call review of draft-ietf-pals-status-reduction-04
Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 30 March 2017 14:53 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: pals@ietf.org
Delivered-To: pals@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 700F3129517; Thu, 30 Mar 2017 07:53:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: secdir@ietf.org
Cc: draft-ietf-pals-status-reduction.all@ietf.org, ietf@ietf.org, pals@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.49.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149088558240.15511.14051374750329617951@ietfa.amsl.com>
Date: Thu, 30 Mar 2017 07:53:02 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/pals/hzd2bwYPvTX3r6twF8zTkJBRQVQ>
Subject: [Pals] Secdir last call review of draft-ietf-pals-status-reduction-04
X-BeenThere: pals@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "Pseudowire And LDP-enabled Services dicussion list." <pals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pals>, <mailto:pals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pals/>
List-Post: <mailto:pals@ietf.org>
List-Help: <mailto:pals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pals>, <mailto:pals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 14:53:03 -0000
Reviewer: Yaron Sheffer Review result: Ready This document proposes a way to aggregate status messages of multiple pseudowires carried on the same MPLS-network LSP. The Security Considerations simply refer to an earlier RFC, and this makes sense in this case. However from a broader perspective, I think the community should consider another look at its security assumptions. After what we've seen in recent years, maybe it's not a good idea to refer back to a 2006 document that contains this sentence: "To prevent unwanted packet insertion, it is also important to prevent unauthorized physical access to the PSN," We have all learned the hard way that this advice is not practical - bad actors WILL get physical access to your network.
- [Pals] Secdir last call review of draft-ietf-pals… Yaron Sheffer