[secdir] secdir review of draft-ietf-mpls-ldp-ip-pw-capability-07

Radia Perlman <radiaperlman@gmail.com> Mon, 12 May 2014 13:43 UTC

Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 3873B1A0716; Mon, 12 May 2014 06:43:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ubVayc2DDJ-1; Mon, 12 May 2014 06:43:56 -0700 (PDT)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com [IPv6:2a00:1450:4010:c04::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 083461A029C; Mon, 12 May 2014 06:43:55 -0700 (PDT)
Received: by mail-lb0-f174.google.com with SMTP id n15so7393890lbi.5 for <multiple recipients>; Mon, 12 May 2014 06:43:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=jdgp2QHQvRKJUh413vcI5P0wS3dsCIPzKhQQJlC3mW0=; b=dcO0dBwMb1GQPdxeHHBvw4zaQqUP3814UZ7nv7v7Gr1KtRy4J2Wiw/O9JF8znztfMz eLAYD71eP00cB1uSikWGn8U0pdgx9FuxBACkQW0hDJQVQreR6lr/QegZeHkFgot9lFkR 27F872TzkBoRcYbpJLVgsf4PIVfGRQVDokvHI2dV7WTTPnTr1BJZ3ov2JrtpYPODJg83 YWeXiO+MmWXUtq6lZEsF/jTHw4PYMz6fG66zILV/CyME52y/q3rhhw/pNm3KIckpx58i NJ2NYv3TozfyP5BJlE2tkjMzebtcIQuHDkrxKXlC2rgN03yT7tvFlJqsgRTqbQHYn8gC oxpQ==
MIME-Version: 1.0
X-Received: by with SMTP id i7mr8428739lbz.32.1399902229333; Mon, 12 May 2014 06:43:49 -0700 (PDT)
Received: by with HTTP; Mon, 12 May 2014 06:43:49 -0700 (PDT)
Date: Mon, 12 May 2014 06:43:49 -0700
Message-ID: <CAFOuuo4wm4qLXNf0qhv44KCKP=-_BL4ScDw=sqVd_u0mtwDYXw@mail.gmail.com>
From: Radia Perlman <radiaperlman@gmail.com>
To: The IESG <iesg@ietf.org>, draft-ietf-mpls-ldp-ip-pw-capability.all@ietf.org, "secdir@ietf.org" <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="001a11346dde198a2104f93423ed"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/sbBj9sPzgWuoD8fkZTvbjIRF4NM
Subject: [secdir] secdir review of draft-ietf-mpls-ldp-ip-pw-capability-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 13:43:58 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document is about how label switching routers (LSRs) can tell their
neighbor not to advertise state about unsupported applications.  This
apparently was not thought of originally, and was introduced in RFC 5561.
 So this document introduces a way to turn off advertisement of earlier
applications (before RFC 5561).

As specified in the security considerations section, this certainly does
not introduce any security issues.  If the neighbor doesn't understand the
TLV , it will continue to advertise unwanted information, and apparently
what was done before this was through configuration.  This document allows
explicit advertisement of disinterest in applications before RFC 5561.
 This is an improvement over configuration..

There's a lot of awkward English here and there, but i assume it will be
fixed by the RFC editor.  For example, in the last line of the abstract
" which

   would have otherwise be advertised over the established LDP session"

"be" should be "been".