IETF Logo Mail Archive

[SRv6OPS] Re: [spring] Second WG Last Call: draft-ietf-spring-srv6-security-14 (Ends 2026-06-02)

Suresh Krishnan <suresh.krishnan@gmail.com> Sat, 30 May 2026 02:40 UTC

Return-Path: <suresh.krishnan@gmail.com>
X-Original-To: srv6ops@mail2.ietf.org
Delivered-To: srv6ops@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 47648F7DA434 for <srv6ops@mail2.ietf.org>; Fri, 29 May 2026 19:40:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780108809; bh=uZ33uPKTNpd2LhbEi/npI03fNdoPRCmkXLg95tE6riw=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=XzNCucdXG1+UwbDAIgLT0v9YWyi+Y4WYHWn3d20re7xwE+HLHFDrkZFN0HSSHBAYR HnlWlj5s0XYoAAelYVfRB2L5v1zYeNbFy6fp/m4idFhpCTe48UrkLpXRyI8/IB1jr4 HfkSkmFubMEInuMYGVLCp8CoJQ3G3XJGkfZND5Fg=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hquf4RIQYuM1 for <srv6ops@mail2.ietf.org>; Fri, 29 May 2026 19:40:04 -0700 (PDT)
Received: from mail-yx1-xb133.google.com (mail-yx1-xb133.google.com [IPv6:2607:f8b0:4864:20::b133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 388A3F7DA3D2 for <srv6ops@ietf.org>; Fri, 29 May 2026 19:40:04 -0700 (PDT)
Received: by mail-yx1-xb133.google.com with SMTP id 956f58d0204a3-66036d6bcb3so2959849d50.0 for <srv6ops@ietf.org>; Fri, 29 May 2026 19:40:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780108804; x=1780713604; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=E15XunEu7fH7f3PQDVMR6ArMw4aGbU5O8DuKZ7pvnfU=; b=WfY4KXC5ltkgqyvAf4qCGzS2/d3/hHTx/mc7LLvVWM/uZnbjNF9/esmR9JhPZ70vzH TNqZ1Yx0wgUqXFO6JqPWzcX6PRmSF9vjk1EeX4me89ShTaxpbjdv5Qn/IZLfZcvUpHqw zcsp18u3yx18X8UVhJMxl5EwjSAAOfJWdODIGNA/AZvXxZFuT49+OVkakNpTpFfrQeSb e+gWNUPwW83khg4ediHZy4j5C5otcWNbg91KW7mcjQSZKrtyxV7n0M74tUFY8eawK8S9 OlcQkf4HGcpmWqpa9/fHICOu6GkBUlgeBp+GuHJ44N+5KsacWDVWmRZRrtnrgZXpdgPL F24Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780108804; x=1780713604; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=E15XunEu7fH7f3PQDVMR6ArMw4aGbU5O8DuKZ7pvnfU=; b=d1dJeyVdadP35vmxNf8LZPFPXR3H7KPYLmJ6C7pOKsT7OyZvI22s0G4DMDigxIhVfZ exB4lxBs65RE77+mZZBLtKw/vGhh4KkNadVyOA62q5x26iWNSE9gYMK/Q68fOr/k7YLt 5APzJf5kc2r9pQQt6nK7mrXGKqsO2lf7JLZ/rHgmJZ0NPNALh0my8P5aLGWtVBsG5rZ+ dihDfkJdWGBL1G5E9eLX3h+T4mti5vt/EiEvUtkM2lJQqK95c0g2ybWfkIQQb2Tnev8L iz3Kq+lc8rvUPOFBR8co47fyXGkjzWkUdb79psNGatE91xo3kH4q4B/VLmb2G073OG4V vW/A==
X-Forwarded-Encrypted: i=1; AFNElJ+iQFXpn4dlamGpJJxyF6sDkVeA4J4YjGbtCYIIKwGHRz1qcrx2kcs9s3qzRVct41Lk28vsPlm5@ietf.org
X-Gm-Message-State: AOJu0YzU8fjjH8JqBm2yjHUFTYAZfPSexKTyCon2hKxa8yKWDYphGDLu DG5EHeZodZJWrUSW9Az/kujJHHmO0kPCb0r11SEeeGBshp67zDqXaLqA
X-Gm-Gg: Acq92OEAkd3e806PR6kX6yAr7el1KDpeRFvi/XeQJzZOhkskDwIRlXgzGDPIGha8asx gIdJUjXlLMiDC9es5wx3E8l6ZX5612LyD+U6AZEx8JNsX15FlfXY3jx7Xc+Dcj/Pr9uLcTv7p20 +wdGoGbeqeFvto++dos6XjLStVziD/0Mn3nAfB4dlW5RNvTdKK8s3jeiW79Fh9Rea8NarqUyQKi hUEo6FkoCrQR1Y0NfSF+RSHLAuAknuPrkyTrxgGE6pGN6rSpTVhOQugdrxPp6OMgJts9lmYVSo1 ZS7Tb/XD725iURmxi107jomLWG7EKaOzsPQMz/fdNSa3q94yYn/rR1B/EXRuWFX4kCGmRtktt0m seQwWRqd1ri13eWPu6b7xdghzUI0qUWVqAeZase/gCr28iwSyyxyfrk1S3RDkOoqrJH61u5lGQR ybUwQTtO3Xy0B2rtYQy7wiCn8BSaFoF5XGfIINeoAEYschJYsGjT6B+/TbyH0B
X-Received: by 2002:a05:690e:13c4:b0:652:f16e:952e with SMTP id 956f58d0204a3-6605ee2eb28mr1912462d50.14.1780108803607; Fri, 29 May 2026 19:40:03 -0700 (PDT)
Received: from smtpclient.apple ([45.19.110.76]) by smtp.gmail.com with ESMTPSA id 956f58d0204a3-66069709976sm10700d50.2.2026.05.29.19.40.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 May 2026 19:40:02 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.600.51.1.1\))
From: Suresh Krishnan <suresh.krishnan@gmail.com>
In-Reply-To: <177913349668.557208.2581503410373976317@dt-datatracker-7688897f84-l74h4>
Date: Fri, 29 May 2026 22:39:50 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <DB88EDDE-48A0-4FEA-9A9E-933860B15D19@gmail.com>
References: <177913349668.557208.2581503410373976317@dt-datatracker-7688897f84-l74h4>
To: Alvaro Retana <aretana.ietf@gmail.com>
X-Mailer: Apple Mail (2.3864.600.51.1.1)
Message-ID-Hash: XGQIIKEOX7AR6JQ5TR24RRWUMKHDL6T5
X-Message-ID-Hash: XGQIIKEOX7AR6JQ5TR24RRWUMKHDL6T5
X-MailFrom: suresh.krishnan@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-spring-srv6-security@ietf.org, spring-chairs@ietf.org, spring@ietf.org, zali@cisco.com, srv6ops@ietf.org, ipv6@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [SRv6OPS] Re: [spring] Second WG Last Call: draft-ietf-spring-srv6-security-14 (Ends 2026-06-02)
List-Id: "SRv6 Operations (SRv6OPS) Working Group List" <srv6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/srv6ops/qENMXP4tV_Jzj-Kxu1T2R77O990>
List-Archive: <https://mailarchive.ietf.org/arch/browse/srv6ops>
List-Help: <mailto:srv6ops-request@ietf.org?subject=help>
List-Owner: <mailto:srv6ops-owner@ietf.org>
List-Post: <mailto:srv6ops@ietf.org>
List-Subscribe: <mailto:srv6ops-join@ietf.org>
List-Unsubscribe: <mailto:srv6ops-leave@ietf.org>

Hi chairs/authors,
  Thank you for your hard work on this important document. I have reviewed draft-ietf-spring-srv6-security-14 and I think it is ready to progress further in the IETF process. I do have some minor comments that you may want to address

* Section 6.1.

This sentence is missing a verb and does not read right. Suggest rewording to

OLD:
While it is possible for packet manipulation and processing attacks against all the fields of the IPv6 header and its extension headers, this document limits itself to the IPv6 header and the SRH.

NEW:
While packet manipulation and processing attacks are possible against all the fields of the IPv6 header and its extension headers, this document limits itself to attacks on the IPv6 header and the SRH.

* Section 6.2.1.1.

This sentence is a bit confusing. Suggest rewording 

OLD:
However, it facilitates more complex on-path attacks by redirecting traffic to another node that the attacker has access to with more processing resources.

NEW:
However, it facilitates more complex on-path attacks by redirecting traffic to another node, with more processing resources, that the attacker has access to.

* Section 8.1.

Not sure what "take care of” means here? I would suggest using “handle” or “inspect” depending on what you intend to say here.

Regards
Suresh

> On May 18, 2026, at 3:44 PM, Alvaro Retana via Datatracker <noreply@ietf.org> wrote:
> 
> This message starts a Second WG Last Call for:
> draft-ietf-spring-srv6-security-14
> 
> This Working Group Last Call ends on 2026-06-02
> 
> Abstract:
>   SRv6 is a traffic engineering, encapsulation and steering mechanism
>   utilizing IPv6 addresses to identify segments in a pre-defined
>   policy.  This document discusses security considerations in SRv6
>   networks, including the potential threats and the possible mitigation
>   methods.  The document does not define any new security protocols or
>   extensions to existing protocols.
> 
> File can be retrieved from:
> 
> Please review and indicate your support or objection to proceed with the
> publication of this document by replying to this email keeping
> spring@ietf.org in copy. Objections should be explained and suggestions to
> resolve them are highly appreciated.
> 
> Authors, and WG participants in general, are reminded of the Intellectual
> Property Rights (IPR) disclosure obligations described in BCP 79 [1].
> Appropriate IPR disclosures required for full conformance with the provisions
> of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any.
> Sanctions available for application to violators of IETF IPR Policy can be
> found at [3].
> 
> Thank you.
> 
> [1] https://datatracker.ietf.org/doc/bcp78/
> [2] https://datatracker.ietf.org/doc/bcp79/
> [3] https://datatracker.ietf.org/doc/rfc6701/
> 
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-spring-srv6-security/
> 
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-spring-srv6-security-14.html
> 
> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-spring-srv6-security-14
> 
> _______________________________________________
> spring mailing list -- spring@ietf.org
> To unsubscribe send an email to spring-leave@ietf.org

v2.46.0 | Report a Bug | By Email | System Status