Re: [secdir] secdir review of draft-ietf-mpls-ipv6-only-gap-02

"Carlos Pignataro (cpignata)" <> Wed, 29 October 2014 14:45 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 50D611A0177; Wed, 29 Oct 2014 07:45:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id F66F4R7za-ZB; Wed, 29 Oct 2014 07:45:20 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1F1CD1A017E; Wed, 29 Oct 2014 07:45:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=22725; q=dns/txt; s=iport; t=1414593920; x=1415803520; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=CODa5csrRRqQHevoqv9+UPTt1AIbnUlmNynbYez483w=; b=JaiqWlbCqSKL+po+TsZCxfCqIuc0RqjIeM1ko244XyLZpHmQ824gQIDQ xxEpkQvXLE0Ixb3beVtYd02ilh6+XiI6CxMSSJ5195fOj3qB0TXe1FiZp zi4zn68wgCn5YdtjqthZaNaA7bMtdPcerOLBEd06RX0MZcXSDIUFdpi4Y M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.04,810,1406592000"; d="scan'208,217"; a="91360594"
Received: from ([]) by with ESMTP; 29 Oct 2014 14:45:19 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id s9TEjJBD002226 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 29 Oct 2014 14:45:19 GMT
Received: from ([fe80::8c1c:7b85:56de:ffd1]) by ([]) with mapi id 14.03.0195.001; Wed, 29 Oct 2014 09:45:19 -0500
From: "Carlos Pignataro (cpignata)" <>
To: Tobias Gondrom <>
Thread-Topic: secdir review of draft-ietf-mpls-ipv6-only-gap-02
Thread-Index: AQHP8td4tLW89gRha0aSOHC69VI045xGw+8AgAC4HIA=
Date: Wed, 29 Oct 2014 14:45:18 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_173091B4E02A4B438FF1225DF4AA5083ciscocom_"
MIME-Version: 1.0
Cc: "" <>, The IESG <>, "" <>
Subject: Re: [secdir] secdir review of draft-ietf-mpls-ipv6-only-gap-02
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 29 Oct 2014 14:45:32 -0000


On Oct 28, 2014, at 11:46 PM, Tobias Gondrom <<>> wrote:


thanks for your reply.
One note inline.

On 29/10/14 01:49, Carlos Pignataro (cpignata) wrote:

Many thanks for your review, and apologies for a delayed response. Please see inline.

On Oct 22, 2014, at 6:15 PM, Tobias Gondrom <<>> wrote:

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

The draft is informational and identifies and analyses gaps that must be addressed in order to allow MPLS-related protocols and applications to be used with IPv6-only networks.

The document appears ready for publication.

The security considerations section (section 8) only states that changing the address family used for MPLS network operation does not fundamentally alter the security considerations of the existing protocol. Which is basically correct. It could have been interesting to look at the gaps analysis from a security perspective and see which of the MPLS IPv6-only gaps has security implications that need to be addressed. I.e. which gaps are security related. However, that is not essential.


1. Abstract and Section 1:
the sentence "This document is not intended to highlight a particular vendor's implementation (or lack thereof)" sounds odd. Is there a WG discussion background or why is this document speaking of one "particular vendor's implementation”?
We just wanted to proactively clarify that this gap analysis is one on specifications and not in implementations. The important part of that sentence is what follows: “, but rather to focus on gaps in the standards defining the MPLS suite."

I fully understand and saw the following sentence.
Just to explain further why I felt the sentence is odd:
Actually the wording "a particular" might give a strange impression. It might just be me being paranoid or overly curious, but if I read a document explicitly denies something, it makes me curious as to why it does so and whether there was an according aspect behind it. Otherwise, why would a document explicitly deny something. ;-)
E.g. if the document speaks about "not intended to highlight a particular vendor's implementation" it gives the feeling as if it might have started as looking at one particular vendor.

If you like to clarify the message as you described in your answer, you might want to rephrase by removing the "a" before "particular" or phrase it in a positive way as like ".... is about specifications and not about particular vendor implementations..."

Just a thought.

I agree with you, it’s a good thought. We can turn around in a positive way, and remove the “a”, like this:

      This document is intended to  focus on gaps in
      the standards defining the MPLS suite, and not to
      highlight particular vendor implementations (or lack thereof) in the
      context of IPv6-only MPLS functionality.



Best, Tobias

- section EVPN
formating: do you want to add one line at the end of the section: "Gap: Minor….

Good catch — fixed.

I did not find anything else in my review.



Thank you and best regards.