[secdir] Secdir last call review of draft-ietf-6man-segment-routing-header-22

Liang Xia via Datatracker <noreply@ietf.org> Thu, 15 August 2019 03:39 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EE40120F46; Wed, 14 Aug 2019 20:39:55 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Liang Xia via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: draft-ietf-6man-segment-routing-header.all@ietf.org, ipv6@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Liang Xia <frank.xialiang@huawei.com>
Message-ID: <156584039497.2287.2516898029582755543@ietfa.amsl.com>
Date: Wed, 14 Aug 2019 20:39:55 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/smmpXMczpdpRPaSEWs0v3auDH8Y>
Subject: [secdir] Secdir last call review of draft-ietf-6man-segment-routing-header-22
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 03:39:55 -0000

Reviewer: Liang Xia
Review result: Has Issues

Some nits:
1. title of Section 4.3.2: /FIB Entry is a Local Interface/FIB Entry Is A Local
Interface 2. title of Section 5.2: /SR Domain as a single system with
delegation among components/SR Domain as A Single System with Delegation among
Components 3. Section 2.1.1: /There are two types of padding TLVs, pad1 and
padN, the following applies to both/There are two types of Padding TLVs, pad1
and padN, the following applies to both 4. Section 2.1.2: "Alignment
requirement: 8n". What is 8n? For better readability, can you give a more clear
clarification text? 5. Section 4.1: /HMAC TLV may be set according to Section
7./HMAC TLV may be set according to Section 2.1.2./? 6. Section 4.3: have a "*"
before every item of "A FIB entry..." ?

1 issue:
The Security Considerations Section mainly clarifies the security protection
based on the strict SR Domain boundary protection paradigm, and the
considerations of some identified attacks. They are valuable, but maybe not
complete in scope. I noticed 2 SR related security consideration drafts
(draft-perkins-sr-security-00 and
draft-li-spring-srv6-security-consideration-00), which are trying to summarize
all the possible vulnerabilities in SR network. I personally suggests the
authors to review them and consider how to reference or incorporate the
valuable considerations from them.