[secdir] Secdir last call review of draft-ietf-bess-evpn-na-flags-05
Mališa Vučinić via Datatracker <noreply@ietf.org> Tue, 01 September 2020 10:59 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DE903A0F56; Tue, 1 Sep 2020 03:59:31 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Mališa Vučinić via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: bess@ietf.org, last-call@ietf.org, draft-ietf-bess-evpn-na-flags.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.15.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <159895797147.16761.14408621518778897643@ietfa.amsl.com>
Reply-To: Mališa Vučinić <malisa.vucinic@inria.fr>
Date: Tue, 01 Sep 2020 03:59:31 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Y2NV9L26ukffr6y1ty8Hvx__Xss>
Subject: [secdir] Secdir last call review of draft-ietf-bess-evpn-na-flags-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2020 10:59:32 -0000
Reviewer: Mališa Vučinić Review result: Has Nits I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area Directors. Document authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments. The document specifies an extension to an Ethernet Virtual Private Network (EVPN) MAC/IP advertisement by defining an EVPN Extended Community carrying flags relevant to the ARP/ND resolution. The abstract of the document does not include enough background context for it to be useful to the general audience. Otherwise, the document is well written. The security considerations section should be further elaborated. For instance, the section includes a discussion on a possible misconfiguration of Router (R) /Override (O) flags but the discussion is limited to the fact that the misconfiguration of an IPv6/MAC binding on a given Provider Edge device (PE) will propagate, through the means of IPv6 Neighbor Solicitation messages, to other PEs in the same broadcast domain. I would like to understand better the effect of each flag, i.e. what kind of behavior in the network can an attacker cause by changing one of these flags on a particular device or in transit?
- [secdir] Secdir last call review of draft-ietf-be… Mališa Vučinić via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Rabadan, Jorge (Nokia - US/Mountain View)