[secdir] Secdir last call review of draft-ietf-mpls-lsp-ping-lag-multipath-05

Linda Dunbar <Linda.dunbar@huawei.com> Tue, 11 December 2018 20:24 UTC

Return-Path: <Linda.dunbar@huawei.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 61F74130F63; Tue, 11 Dec 2018 12:24:23 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Linda Dunbar <Linda.dunbar@huawei.com>
To: secdir@ietf.org
Cc: mpls@ietf.org, draft-ietf-mpls-lsp-ping-lag-multipath.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.89.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154455986336.13151.8483284555885294015@ietfa.amsl.com>
Date: Tue, 11 Dec 2018 12:24:23 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/B1aFHrVqLOyemt_NYICL3CNxgvY>
Subject: [secdir] Secdir last call review of draft-ietf-mpls-lsp-ping-lag-multipath-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 20:24:24 -0000

Reviewer: Linda Dunbar
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with comment

The described mechanism for LSP Multipath Ping is very clear. The Security
Consideration re-uses the description of RFC8029, which is very comprehensive.
It would be better if the draft describes how to prevent intermediate LSRs in
between the Initiating LSR and Responding LSR from mis-using the detailed link
information (e.g. forwarding to somewhere else).

Best Regards,
Linda Dunbar