[secdir] secdir review of draft-ietf-mpls-special-purpose-labels-05
Tom Yu <tlyu@MIT.EDU> Mon, 10 March 2014 21:31 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B46301A04B0; Mon, 10 Mar 2014 14:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.148
X-Spam-Level:
X-Spam-Status: No, score=-3.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tX60tG1BaYrL; Mon, 10 Mar 2014 14:31:01 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) by ietfa.amsl.com (Postfix) with ESMTP id 0CD701A0146; Mon, 10 Mar 2014 14:31:00 -0700 (PDT)
X-AuditID: 12074424-f79e26d000000c70-6b-531e2f0fd78f
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id FE.84.03184.F0F2E135; Mon, 10 Mar 2014 17:30:55 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s2ALUnI7008478; Mon, 10 Mar 2014 17:30:54 -0400
Received: from cathode-dark-space.mit.edu (cathode-dark-space.mit.edu [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s2ALUlvm002403 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 10 Mar 2014 17:30:48 -0400
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id s2ALUkq0025170; Mon, 10 Mar 2014 17:30:46 -0400 (EDT)
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-mpls-special-purpose-labels-05.all@tools.ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Mon, 10 Mar 2014 17:30:46 -0400
Message-ID: <ldvob1dkagp.fsf@cathode-dark-space.mit.edu>
Lines: 31
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrLIsWRmVeSWpSXmKPExsUixCmqrcuvLxdssGi+qMW6yzNZLWb8mchs 8WHhQxYHZo8lS34yeXy5/JktgCmKyyYlNSezLLVI3y6BK+P80eNMBTu5K44u2MDYwDifs4uR k0NCwETi1Jx9jBC2mMSFe+vZuhi5OIQEZjNJrJr5iRXC2cgo0TR5DwtIlZDAOSaJh136EIku oET/c7B2EYFMifNHjrKD2MICzhIPt5wHauDgYBOQlji6uAwkzCKgKtF58BEziM0rYCHRu30V mM0jwClxqGclI0RcUOLkzCdgu5gFtCRu/HvJNIGRbxaS1CwkqQWMTKsYZVNyq3RzEzNzilOT dYuTE/PyUot0zfVyM0v0UlNKNzGCQo3dRWUHY/MhpUOMAhyMSjy8B9/KBAuxJpYVV+YeYpTk YFIS5c3TkQsW4kvKT6nMSCzOiC8qzUktPsQowcGsJMK7Thwox5uSWFmVWpQPk5LmYFES5+07 KxEsJJCeWJKanZpakFoEk5Xh4FCS4F2pDdQoWJSanlqRlplTgpBm4uAEGc4DNHyOLsjw4oLE 3OLMdIj8KUZFKXHeBSAXCYAkMkrz4HphqeAVozjQK8K8K0HaeYBpBK77FdBgJqDBzcelQAaX JCKkpBoYJe/LvJcLS2ZOCC5fkHnT+d8phufS35+57e5fFGqw8LHy+2nCK82Tn9+cbi3IpXjV LHBHKVPH9ETDxWohtQ9neh8X4bwct+On8buHbq+/zMwwSbzCcrOSXaueszrPg5kphGuV/tyL sTcvMD4J1k9S5C3Xm/6nWf7HdjfNMmGdfVwKFsyTDhxTYinOSDTUYi4qTgQAfoHmEuACAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/Q2ckBP21GYgPsh-vTDmq_rAwZ3k
Subject: [secdir] secdir review of draft-ietf-mpls-special-purpose-labels-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 21:31:02 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: ready with nits I believe the Security Considerations section of this document is reasonable. Query: I'm not very familiar with MPLS; is the handling of the Entropy Label Indicator the only situation where a Label Switching Router would need to inspect (as opposed to hash for load balancing) labels below the top of the label stack? I was confused by the explanation of why Label 7 (ELI) has meaning as both an ordinary Special Label and an Extended Special Purpose Label until I read RFC 6790. Perhaps explain that looking for the ELI is typically the only reason why a LSR would inspect the middle of the label stack? Re answer 6 of Section 3: If an ingress LSR pushes ESPLs onto the label stack, any downstream LSRs that do not understand ESPLs could erroneously use the ESPLs as load balancing inputs. Would it be a good idea to recommend that ingress LSRs avoid pushing ESPLs onto the label stack if their policy cannot tolerate variations in downstream load balancing caused by inappropriate use of the ESPLs as load balancing inputs by downstream LSRs that don't understand ESPLs?