[secdir] Secdir review of draft-ietf-rtgwg-remote-lfa-09

Simon Josefsson <simon@josefsson.org> Sun, 28 December 2014 23:37 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 9F68D1AC3B6; Sun, 28 Dec 2014 15:37:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.348
X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id lcUkXQ4sU1V3; Sun, 28 Dec 2014 15:37:46 -0800 (PST)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0602A1AC3AB; Sun, 28 Dec 2014 15:37:45 -0800 (PST)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se []) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id sBSNbeFR008976 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 29 Dec 2014 00:37:43 +0100
Date: Mon, 29 Dec 2014 00:37:39 +0100
From: Simon Josefsson <simon@josefsson.org>
To: iesg@ietf.org, draft-ietf-rtgwg-remote-lfa.all@tools.ietf.org, secdir@ietf.org
Message-ID: <20141229003739.60427218@latte.josefsson.org>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/H4Ba_MCCLIa6HQzZo3qdrg3"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.5 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/uPDIm6DexHr70nr4zOLamU1rwfw
Subject: [secdir] Secdir review of draft-ietf-rtgwg-remote-lfa-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 23:37:47 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes an extension to a part of RFC5286.  It does not
claim to update RFC 5286 (or any other document) so any security
considerations introduced would only affect implementations of this
document, which is a good sanity check. I did not digest the algorithm
itself enough to analyse any security aspects of it.  The document
title is 'Remote LFA FRR' and I suggest to expand the acronyms, or
consider a more descriptive title.  The document is hard to read for
someone not familiar with the area, but there is a decent Terminology
and Introduction section to smoothen things out.

I believe the document has no issues.