Re: [secdir] secdir review of draft-ietf-mpls-ipv6-only-gap-02

"Carlos Pignataro (cpignata)" <> Tue, 28 October 2014 17:50 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6B00E1A90FF; Tue, 28 Oct 2014 10:50:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xvIdF_hnOY0w; Tue, 28 Oct 2014 10:50:29 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 296601A90F3; Tue, 28 Oct 2014 10:49:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=2202; q=dns/txt; s=iport; t=1414518549; x=1415728149; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=QPUCqTN981BWBb/8O5x+Sd0pcY9BlzNgM8hbUEvd1aE=; b=aPtxYVBHGsyivf4VogY1YujEDoY46ckrZ7r2Xupt3wZ2qRw2Sl8+85Nk Tg4exQcYvaWRr2Og4SyasAS++NbxyS0G3s+JmZrp2IBt6IP/cE00680gU omFeAr5ubrX12RLCj+cyfIaXuHoAfdYqOuvh2+bhcrpvDOb4t4YiFsUXk 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.04,804,1406592000"; d="scan'208";a="367217273"
Received: from ([]) by with ESMTP; 28 Oct 2014 17:49:08 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id s9SHn8BM008403 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 28 Oct 2014 17:49:08 GMT
Received: from ([fe80::8c1c:7b85:56de:ffd1]) by ([]) with mapi id 14.03.0195.001; Tue, 28 Oct 2014 12:49:08 -0500
From: "Carlos Pignataro (cpignata)" <>
To: Tobias Gondrom <>
Thread-Topic: secdir review of draft-ietf-mpls-ipv6-only-gap-02
Thread-Index: AQHP8td4tLW89gRha0aSOHC69VI04w==
Date: Tue, 28 Oct 2014 17:49:07 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>, "" <>, "" <>
Subject: Re: [secdir] secdir review of draft-ietf-mpls-ipv6-only-gap-02
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 28 Oct 2014 17:50:32 -0000


Many thanks for your review, and apologies for a delayed response. Please see inline.

> On Oct 22, 2014, at 6:15 PM, Tobias Gondrom <> wrote:
> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.
> The draft is informational and identifies and analyses gaps that must be addressed in order to allow MPLS-related protocols and applications to be used with IPv6-only networks.
> The document appears ready for publication.


> The security considerations section (section 8) only states that changing the address family used for MPLS network operation does not fundamentally alter the security considerations of the existing protocol. Which is basically correct. It could have been interesting to look at the gaps analysis from a security perspective and see which of the MPLS IPv6-only gaps has security implications that need to be addressed. I.e. which gaps are security related. However, that is not essential.


> Comment:
> 1. Abstract and Section 1:
> the sentence "This document is not intended to highlight a particular vendor's implementation (or lack thereof)" sounds odd. Is there a WG discussion background or why is this document speaking of one "particular vendor's implementation”?

We just wanted to proactively clarify that this gap analysis is one on specifications and not in implementations. The important part of that sentence is what follows: “, but rather to focus on gaps in the standards defining the MPLS suite."


> Nits:
> - section EVPN
> formating: do you want to add one line at the end of the section: "Gap: Minor….
> “

Good catch — fixed.

> I did not find anything else in my review.



> Thank you and best regards.
> Tobias