[secdir] Secdir last call review of draft-ietf-ospf-ospfv3-segment-routing-extensions-16
Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 04 November 2018 15:38 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EBF04130E2E; Sun, 4 Nov 2018 07:38:14 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: secdir@ietf.org
Cc: lsr@ietf.org, ietf@ietf.org, draft-ietf-ospf-ospfv3-segment-routing-extensions.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.87.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154134589488.32046.1179323499664545252@ietfa.amsl.com>
Date: Sun, 04 Nov 2018 07:38:14 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/9zjLanQMGTijEEz7ja3LncnbTqk>
Subject: [secdir] Secdir last call review of draft-ietf-ospf-ospfv3-segment-routing-extensions-16
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2018 15:38:15 -0000
Reviewer: Yaron Sheffer Review result: Has Nits Summary: document has non-security related nits. Details * The definition of "segment" is different here from the one used in the architecture RFC. The RFC is more abstract, quoting: A node steers a packet through an ordered list of instructions, called "segments". Whereas here a segment is simply a sub-path. This is confusing to a non-expert, and perhaps indicates a change in the group's thinking. * SID/Label Sub-TLV: is it Mandatory? If so, please point it out. * "The SR-Algorithm TLV is optional" - I find this sentence confusing. Maybe replace by "The SR-Algorithm TLV is mandatory for routers that implement segment routing"? * The reference under "IGP Algorithm Type" registry should be to the IANA registry itself, not to the I-D that defines it. (In particular since the IANA registry has already been established, https://www.iana.org/assignments/igp-parameters/igp-parameters.xhtml#igp-algorithm-types). * OSPFv3 Extended Prefix Range TLV Flags octet: add the usual incantation about reserved bits. * In general I agree with the reasoning in the Security Considerations. I would like to raise the question if, in addition to mis-routing, this adds a threat of massive denial-of-service on MPLS endpoints, e.g. by allowing an attacker who has OSPF access to introduce routing loops. (This may be completely bogus, I am far from expert with either of these protocols).
- [secdir] Secdir last call review of draft-ietf-os… Yaron Sheffer
- Re: [secdir] Secdir last call review of draft-iet… Peter Psenak
- Re: [secdir] Secdir last call review of draft-iet… Yaron Sheffer
- Re: [secdir] Secdir last call review of draft-iet… Peter Psenak