Re: [secdir] secdir review of draft-ietf-mpls-ipv6-only-gap-02

Tobias Gondrom <tobias.gondrom@gondrom.org> Wed, 29 October 2014 03:46 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 864B21A6F3F; Tue, 28 Oct 2014 20:46:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.665
X-Spam-Level:
X-Spam-Status: No, score=-96.665 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=1.951, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XhLjlD3NoI2C; Tue, 28 Oct 2014 20:46:26 -0700 (PDT)
Received: from lvps5-35-241-16.dedicated.hosteurope.de (www.gondrom.org [5.35.241.16]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E32B1A6F3C; Tue, 28 Oct 2014 20:46:26 -0700 (PDT)
Received: from [192.168.1.249] (unknown [202.86.146.10]) by lvps5-35-241-16.dedicated.hosteurope.de (Postfix) with ESMTPSA id F26A062A5F; Wed, 29 Oct 2014 04:46:22 +0100 (CET)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=xYyMvUFxfSKH+5GJHlYcwqBUMJ7A0775vHPOdxUNXdFKDrcwciFMtSaXmYNRGtcEGFq0sc4IBJwpnrYTNEUcJMyl675bP5MftbytGpFVweT2k8DA0rx89UzR0H2IwfRzGPitL41vRkzNdse3rV+SlqzmJiLzQFztUiT2wW2pdXA=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
Message-ID: <5450630C.60603@gondrom.org>
Date: Wed, 29 Oct 2014 11:46:20 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: cpignata@cisco.com
References: <53E00686.7030909@gondrom.org> <54482C9B.6070703@gondrom.org> <4BAF9B31-0AEE-45F9-93EB-244ED28C119B@cisco.com>
In-Reply-To: <4BAF9B31-0AEE-45F9-93EB-244ED28C119B@cisco.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/4kG4aKy9v-31y-7uIZXESJWU5wo
Cc: draft-ietf-mpls-ipv6-only-gap.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-mpls-ipv6-only-gap-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 03:46:27 -0000

Carlos,

thanks for your reply.
One note inline.

On 29/10/14 01:49, Carlos Pignataro (cpignata) wrote:
> Tobias,
>
> Many thanks for your review, and apologies for a delayed response. Please see inline.
>
>> On Oct 22, 2014, at 6:15 PM, Tobias Gondrom <tobias.gondrom@gondrom.org> wrote:
>>
>>
>> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.
>>
>>
>> The draft is informational and identifies and analyses gaps that must be addressed in order to allow MPLS-related protocols and applications to be used with IPv6-only networks.
>>
>> The document appears ready for publication.
> Thanks!
>
>> The security considerations section (section 8) only states that changing the address family used for MPLS network operation does not fundamentally alter the security considerations of the existing protocol. Which is basically correct. It could have been interesting to look at the gaps analysis from a security perspective and see which of the MPLS IPv6-only gaps has security implications that need to be addressed. I.e. which gaps are security related. However, that is not essential.
>>
> Ack.
>
>> Comment:
>> 1. Abstract and Section 1:
>> the sentence "This document is not intended to highlight a particular vendor's implementation (or lack thereof)" sounds odd. Is there a WG discussion background or why is this document speaking of one "particular vendor's implementation”?
> We just wanted to proactively clarify that this gap analysis is one on specifications and not in implementations. The important part of that sentence is what follows: “, but rather to focus on gaps in the standards defining the MPLS suite."

I fully understand and saw the following sentence.
Just to explain further why I felt the sentence is odd:
Actually the wording "a particular" might give a strange impression. It 
might just be me being paranoid or overly curious, but if I read a 
document explicitly denies something, it makes me curious as to why it 
does so and whether there was an according aspect behind it. Otherwise, 
why would a document explicitly deny something. ;-)
E.g. if the document speaks about "not intended to highlight a 
particular vendor's implementation" it gives the feeling as if it might 
have started as looking at one particular vendor.

If you like to clarify the message as you described in your answer, you 
might want to rephrase by removing the "a" before "particular" or phrase 
it in a positive way as like ".... is about specifications and not about 
particular vendor implementations..."

Just a thought.

Best, Tobias


>
>> Nits:
>> - section 3.3.1.1. EVPN
>> formating: do you want to add one line at the end of the section: "Gap: Minor….
>> “
>>
> Good catch — fixed.
Thanks.
>
>
>> I did not find anything else in my review.
>>
>>
>
> Thanks!
>
> Carlos.
>
>> Thank you and best regards.
>>
>> Tobias
>>