[secdir] secdir review of draft-ietf-mpls-special-purpose-labels-05 (resend)
Tom Yu <tlyu@MIT.EDU> Mon, 10 March 2014 21:34 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51E8F1A04E9; Mon, 10 Mar 2014 14:34:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.148
X-Spam-Level:
X-Spam-Status: No, score=-3.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F-78hI4tPBTd; Mon, 10 Mar 2014 14:34:40 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) by ietfa.amsl.com (Postfix) with ESMTP id B96D91A0146; Mon, 10 Mar 2014 14:34:39 -0700 (PDT)
X-AuditID: 1209190c-f794a6d000000c27-55-531e2fe909c5
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 08.AA.03111.9EF2E135; Mon, 10 Mar 2014 17:34:33 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s2ALYWsk008989; Mon, 10 Mar 2014 17:34:33 -0400
Received: from cathode-dark-space.mit.edu (cathode-dark-space.mit.edu [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s2ALYVoJ004566 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 10 Mar 2014 17:34:32 -0400
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id s2ALYVN0025196; Mon, 10 Mar 2014 17:34:31 -0400 (EDT)
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-mpls-special-purpose-labels.all@tools.ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Mon, 10 Mar 2014 17:34:31 -0400
Message-ID: <ldviorlkaag.fsf@cathode-dark-space.mit.edu>
Lines: 34
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDIsWRmVeSWpSXmKPExsUixCmqrftSXy7Y4PhvLYsTX2eyWcz4M5HZ 4sPChywOzB5Llvxk8vhy+TNbAFMUl01Kak5mWWqRvl0CV8b751fYCrp5Kg5O/srSwHiPs4uR g0NCwETi5jL5LkZOIFNM4sK99WxdjFwcQgKzmSS6fl5gBkkICWxklHhwXhEicY5J4uTafnYI p4tRYtf9f2wgVSICaRJzDl9jB7GFBXwkHi46xw6ygU1AWuLo4jKQMIuAqsSjLc9ZQWxeAQuJ BT13wVp5BDglevu6mSHighInZz5hAbGZBbQkbvx7yTSBkW8WktQsJKkFjEyrGGVTcqt0cxMz c4pTk3WLkxPz8lKLdA31cjNL9FJTSjcxggNNkmcH45uDSocYBTgYlXh4D7yVCRZiTSwrrsw9 xCjJwaQkypunIxcsxJeUn1KZkVicEV9UmpNafIhRgoNZSYR3nThQjjclsbIqtSgfJiXNwaIk ztt3ViJYSCA9sSQ1OzW1ILUIJivDwaEkwasPjCghwaLU9NSKtMycEoQ0EwcnyHAeoOHmIDW8 xQWJucWZ6RD5U4yKUuK8CnpACQGQREZpHlwvLBG8YhQHekWYVwCknQeYROC6XwENZgIa3Hxc CmRwSSJCSqqBUZpFZXZRc+jkuPUlGfYvFyTdbD0beeC8hmzlQstlFrMtw571GjtOb8yXfTYj s8359L73NnlcExVvHmk1O61+oKxXOvbTm2Zd6VdzfDN+bsyQZnAr0fcXW/9mg/GcqhXSuTYb KmXPqrrcfbrtWuzEdH0eZWHvAJXwOUlm8rdmTEq+tKdI6/sdJZbijERDLeai4kQA0BSblt8C AAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/5DgLi6qXahDiwP9IYJ5bw43YakM
Subject: [secdir] secdir review of draft-ietf-mpls-special-purpose-labels-05 (resend)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 21:34:41 -0000
[Sorry for the resend; I got the tools address for the draft wrong at first.] I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: ready with nits I believe the Security Considerations section of this document is reasonable. Query: I'm not very familiar with MPLS; is the handling of the Entropy Label Indicator the only situation where a Label Switching Router would need to inspect (as opposed to hash for load balancing) labels below the top of the label stack? I was confused by the explanation of why Label 7 (ELI) has meaning as both an ordinary Special Label and an Extended Special Purpose Label until I read RFC 6790. Perhaps explain that looking for the ELI is typically the only reason why a LSR would inspect the middle of the label stack? Re answer 6 of Section 3: If an ingress LSR pushes ESPLs onto the label stack, any downstream LSRs that do not understand ESPLs could erroneously use the ESPLs as load balancing inputs. Would it be a good idea to recommend that ingress LSRs avoid pushing ESPLs onto the label stack if their policy cannot tolerate variations in downstream load balancing caused by inappropriate use of the ESPLs as load balancing inputs by downstream LSRs that don't understand ESPLs?