Re: [secdir] secdir review of draft-ietf-mpls-hsmp-04
"Adrian Farrel" <adrian@olddog.co.uk> Mon, 02 December 2013 11:16 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A1831AE368; Mon, 2 Dec 2013 03:16:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TDr0aafZy-NJ; Mon, 2 Dec 2013 03:16:38 -0800 (PST)
Received: from asmtp2.iomartmail.com (asmtp2.iomartmail.com [62.128.201.249]) by ietfa.amsl.com (Postfix) with ESMTP id 22DA51AE363; Mon, 2 Dec 2013 03:16:21 -0800 (PST)
Received: from asmtp2.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id rB2BGI3T017754; Mon, 2 Dec 2013 11:16:18 GMT
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id rB2BGG9I017732 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 2 Dec 2013 11:16:17 GMT
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Charlie Kaufman' <charliek@microsoft.com>
References: <2b12ea7449014b53a4b4118929921b75@BL2PR03MB592.namprd03.prod.outlook.com>
In-Reply-To: <2b12ea7449014b53a4b4118929921b75@BL2PR03MB592.namprd03.prod.outlook.com>
Date: Mon, 02 Dec 2013 11:16:16 -0000
Message-ID: <0c0601ceef4f$ebe102d0$c3a30870$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIHav6dMGoNhrLf258GkpHEMqzPNpnPyaCQ
Content-Language: en-gb
Cc: draft-ietf-mpls-mldp-hsmp.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-mpls-hsmp-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2013 11:16:40 -0000
Charlie, Thanks for the time and the nits. Work will be done. Adrian > -----Original Message----- > From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Charlie Kaufman > Sent: 01 December 2013 07:11 > To: secdir@ietf.org; iesg@ietf.org; draft-ietf-mpls-mldp-hsmp.all@tools.ietf.org > Subject: [secdir] secdir review of draft-ietf-mpls-hsmp-04 > > I have reviewed this document as part of the security directorate's ongoing effort > to review all IETF documents being processed by the IESG. These comments > were written primarily for the benefit of the security area directors. Document > editors and WG chairs should treat these comments just like any other last call > comments. > > This document defines a new variation of MPLS for multipoint to multipoint > communication. The document does not state why anyone would prefer this > new variation over the existing one, though I can guess a few reasons. The new > variation is less efficient in that packets sent travel over many links twice instead > of once and packet delivery has longer latency in that most packets travel over > more links from their original source to ultimate destination. The two advantages > I can imagine are (1) in almost all cases, all packets will arrive at all destinations in > the same order (in the original protocol, packets from different sources could > arrive at different destinations in different orders); and (2) the root of the > multicast tree could filter messages - for example, to throttle the total volume of > messages from a single source. A third possible use that seems to be disavowed > by the document is to allow members of the multicast group to signal their status > only to the root node. It would be nice if the document was more explicit about > what this protocol was for, but it doesn't affect security considerations. > > The document correctly notes that there are no new security considerations > beyond those discussed in the protocol that this competes with. That protocol is > defined in RFC6388 and RFC6425. > > Nits: > > Last sentence of abstract reads "The communication among the leaf nodes are > not allowed." I believe the grammar is incorrect, but more importantly I believe it > should read "Direct communication among the leaf nodes is not allowed." > because communication among the leaf nodes is supported by this protocol with > all packets being relayed by the root node. > > Near the end of the introduction is the phrase "except that it follows the node of > reverse downstream path of the tree". I believe the word 'node' is incorrect > here, though I don't know what was intended. > > Page 11: "In some scenario," should be "In some scenarios," > > --Charlie
- [secdir] secdir review of draft-ietf-mpls-hsmp-04 Charlie Kaufman
- Re: [secdir] secdir review of draft-ietf-mpls-hsm… Adrian Farrel
- Re: [secdir] secdir review of draft-ietf-mpls-hsm… Lizhong Jin