Re: [secdir] Secdir review of draft-ietf-pim-drlb-13
Benjamin Kaduk <kaduk@mit.edu> Tue, 03 December 2019 21:49 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 738C8120044 for <secdir@ietfa.amsl.com>; Tue, 3 Dec 2019 13:49:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vzmEBomc4LfN for <secdir@ietfa.amsl.com>; Tue, 3 Dec 2019 13:49:50 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A5C212003E for <secdir@ietf.org>; Tue, 3 Dec 2019 13:49:50 -0800 (PST)
Received: from mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id xB3Lnil7020489 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 3 Dec 2019 16:49:48 -0500
Date: Tue, 03 Dec 2019 13:49:44 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Carl Wallace <carl@redhoundsoftware.com>
Cc: secdir@ietf.org
Message-ID: <20191203214944.GP32847@mit.edu>
References: <2572EB02-5F21-451B-95EA-B7D8D2207AC8@redhoundsoftware.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <2572EB02-5F21-451B-95EA-B7D8D2207AC8@redhoundsoftware.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/DP5UKpCG3w9Ydvdty6Nq5IEtpxM>
Subject: Re: [secdir] Secdir review of draft-ietf-pim-drlb-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 21:49:52 -0000
Hi Carl, Thanks for the review! I'm also unclear on why migration is out of scope, and filed a Discuss ballot to seek clarity. (I also asked for clarity improvements on a couple other points that are not particularly security-related.) -Ben On Sat, Nov 09, 2019 at 05:49:33AM -0500, Carl Wallace wrote: > I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. > > This document defines an extension to the PIM-SM protocol to allow some responsibilities of is Designated Router to be distributed amongst a set of routers instead of the router elected as DR. > > The document is well written and has clear examples. The security considerations references those of the DR as applicable to the new mechanism. This seems fine. One minor comment, the last sentence in the operational considerations section seemed odd to me. It wasn't clear to me why migration between different hash algorithms is not considered in this document (or why this is much different from changes in DR priority, which is also required to be considered as a GDR candidate). > > The document is ready to my eye. > > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir > wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
- [secdir] Secdir review of draft-ietf-pim-drlb-13 Carl Wallace
- Re: [secdir] Secdir review of draft-ietf-pim-drlb… Benjamin Kaduk