[secdir] SECDIR review of draft-ietf-mpls-retire-ach-tlv-02

Alexey Melnikov <alexey.melnikov@isode.com> Thu, 08 August 2013 11:15 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1108E11E8115 for <secdir@ietfa.amsl.com>; Thu, 8 Aug 2013 04:15:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.155
X-Spam-Level:
X-Spam-Status: No, score=-102.155 tagged_above=-999 required=5 tests=[AWL=0.444, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fNCO2oW7Hxfn for <secdir@ietfa.amsl.com>; Thu, 8 Aug 2013 04:15:17 -0700 (PDT)
Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 54F6C11E8103 for <secdir@ietf.org>; Thu, 8 Aug 2013 04:15:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1375960516; d=isode.com; s=selector; i=@isode.com; bh=gyzuPW4YXIYUCc1CPuzsIFVKuQbcceSe2JMiga1eX5c=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Rskgezsgjt6RlOu7Qo3ZsSP2V67MbVNmMCb4BuHDsxpvPMqn/nHdMY8JEp2ffokoqTl+aQ HXize4r3BnL0FIhCEiqcM7Iu/pTxjBD6mhGrqgE5bZqI4EmU2smlzxoTq3hYIvSGuN6Lc2 sn4pmazp4dMoYvmTsNtK3+mv341uTI4=;
Received: from [192.168.0.4] (cpc5-nmal20-2-0-cust24.19-2.cable.virginmedia.com [92.234.84.25]) by waldorf.isode.com (submission channel) via TCP with ESMTPA id <UgN9rwBjM7u2@waldorf.isode.com>; Thu, 8 Aug 2013 12:15:16 +0100
Message-ID: <52037DB4.9040807@isode.com>
Date: Thu, 08 Aug 2013 12:15:00 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
To: secdir <secdir@ietf.org>, Adrian Farrel <adrian@olddog.co.uk>, Stewart Bryant <stbryant@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Spencer Dawkins <spencerdawkins.ietf@gmail.com>
Subject: [secdir] SECDIR review of draft-ietf-mpls-retire-ach-tlv-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 11:15:18 -0000

I reviewed this document as part of the security directorate's ongoing 
effort to review all IETF documents being processed by the IESG.  These 
comments were written primarily for the benefit of the security area 
directors.  Document editors and WG chairs should treat these comments 
just like any other last call comments.

This document updates RFC 5586 by retiring ACH TLVs (an MPLS 
extensibility mechanism) and removing the associated IANA registry.

The Security Considerations section states that by removing an unused 
feature of MPLS security of implementations is improved. I tend to 
agree, simplicity is a good thing.

It also states that the removed feature can be used to secure messages 
on the G-ACh in a generic way, but that no such mechanism was proposed 
so far. I think this is a fair comment.

I think the Security Considerations section is quite reasonable for this 
document. I don't have any issues with this document.