IETF Logo Mail Archive

[secdir] Secdir last call review of draft-ietf-mboned-multicast-telemetry-09

Adam Montville via Datatracker <noreply@ietf.org> Mon, 20 May 2024 12:34 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E2FD0C14F71F; Mon, 20 May 2024 05:34:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Adam Montville via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171620844691.16456.1565706188305470103@ietfa.amsl.com>
Date: Mon, 20 May 2024 05:34:06 -0700
Message-ID-Hash: IXVJUTHVHVVRYRTXX3HFV4OL7ERSMP3J
X-Message-ID-Hash: IXVJUTHVHVVRYRTXX3HFV4OL7ERSMP3J
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-mboned-multicast-telemetry.all@ietf.org, last-call@ietf.org, mboned@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Adam Montville <adam@onepenny.group>
Subject: [secdir] Secdir last call review of draft-ietf-mboned-multicast-telemetry-09
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/D2TIcQfV6qYRxfDR4dzG13Btlqc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

Reviewer: Adam Montville
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

I believe this document is ready.

The security considerations section refers to RFC9197 and RFC9326 for complete
treatment of packet amplification, integrity, and covert channel risks. The
last half of the security considerations paragraph does allude to a multicast
tree configuration preference that would be better as a non-option (strictly
from a security perspective - why allow a non-/less-secure state at all if you
can avoid it?). But, I don't know enough about the challenges of achieving
and/or enforcing that configuration option.

v2.39.1 | Report a Bug | By Email | System Status