[secdir] Secdir last call review of draft-ietf-bess-evpn-optimized-ir-09

Derek Atkins via Datatracker <noreply@ietf.org> Thu, 07 October 2021 12:53 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Derek Atkins via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: bess@ietf.org, draft-ietf-bess-evpn-optimized-ir.all@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <163361121039.16337.12285140758441545338@ietfa.amsl.com>
Reply-To: Derek Atkins <derek@ihtfp.com>
Date: Thu, 07 Oct 2021 05:53:30 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/fAsS6YPiAXFGj6oiTjs4B504vGM>
Subject: [secdir] Secdir last call review of draft-ietf-bess-evpn-optimized-ir-09

Reviewer: Derek Atkins
Review result: Ready

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written with the intent of improving
security requirements and considerations in IETF drafts.  Comments
not addressed in last call may be included in AD reviews during the
IESG review.  Document editors and WG chairs should treat these
comments just like any other last call comments.

Summary:

* Ready to Publish

Details:

* It is unclear to me how one would protect from a (D)DoS attack with
  a forged BM packet sent into the replicator and prevent
  amplification attacks.

-derek

[secdir] Secdir last call review of draft-ietf-be… Derek Atkins via Datatracker
Re: [secdir] Secdir last call review of draft-iet… Rabadan, Jorge (Nokia - US/Mountain View)