Return-Path: <suresh.krishnan@gmail.com>
X-Original-To: srv6ops@mail2.ietf.org
Delivered-To: srv6ops@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1])
	by mail2.ietf.org (Postfix) with ESMTP id 47648F7DA434
	for <srv6ops@mail2.ietf.org>; Fri, 29 May 2026 19:40:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
	t=1780108809; bh=uZ33uPKTNpd2LhbEi/npI03fNdoPRCmkXLg95tE6riw=;
	h=Subject:From:In-Reply-To:Date:Cc:References:To;
	b=XzNCucdXG1+UwbDAIgLT0v9YWyi+Y4WYHWn3d20re7xwE+HLHFDrkZFN0HSSHBAYR
	 HnlWlj5s0XYoAAelYVfRB2L5v1zYeNbFy6fp/m4idFhpCTe48UrkLpXRyI8/IB1jr4
	 HfkSkmFubMEInuMYGVLCp8CoJQ3G3XJGkfZND5Fg=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
	RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
	autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key)
	header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31])
	by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Hquf4RIQYuM1 for <srv6ops@mail2.ietf.org>;
	Fri, 29 May 2026 19:40:04 -0700 (PDT)
Received: from mail-yx1-xb133.google.com (mail-yx1-xb133.google.com
 [IPv6:2607:f8b0:4864:20::b133])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by mail2.ietf.org (Postfix) with ESMTPS id 388A3F7DA3D2
	for <srv6ops@ietf.org>; Fri, 29 May 2026 19:40:04 -0700 (PDT)
Received: by mail-yx1-xb133.google.com with SMTP id
 956f58d0204a3-66036d6bcb3so2959849d50.0
        for <srv6ops@ietf.org>; Fri, 29 May 2026 19:40:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1780108804; x=1780713604; darn=ietf.org;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=E15XunEu7fH7f3PQDVMR6ArMw4aGbU5O8DuKZ7pvnfU=;
        b=WfY4KXC5ltkgqyvAf4qCGzS2/d3/hHTx/mc7LLvVWM/uZnbjNF9/esmR9JhPZ70vzH
         TNqZ1Yx0wgUqXFO6JqPWzcX6PRmSF9vjk1EeX4me89ShTaxpbjdv5Qn/IZLfZcvUpHqw
         zcsp18u3yx18X8UVhJMxl5EwjSAAOfJWdODIGNA/AZvXxZFuT49+OVkakNpTpFfrQeSb
         e+gWNUPwW83khg4ediHZy4j5C5otcWNbg91KW7mcjQSZKrtyxV7n0M74tUFY8eawK8S9
         OlcQkf4HGcpmWqpa9/fHICOu6GkBUlgeBp+GuHJ44N+5KsacWDVWmRZRrtnrgZXpdgPL
         F24Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780108804; x=1780713604;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=E15XunEu7fH7f3PQDVMR6ArMw4aGbU5O8DuKZ7pvnfU=;
        b=d1dJeyVdadP35vmxNf8LZPFPXR3H7KPYLmJ6C7pOKsT7OyZvI22s0G4DMDigxIhVfZ
         exB4lxBs65RE77+mZZBLtKw/vGhh4KkNadVyOA62q5x26iWNSE9gYMK/Q68fOr/k7YLt
         5APzJf5kc2r9pQQt6nK7mrXGKqsO2lf7JLZ/rHgmJZ0NPNALh0my8P5aLGWtVBsG5rZ+
         dihDfkJdWGBL1G5E9eLX3h+T4mti5vt/EiEvUtkM2lJQqK95c0g2ybWfkIQQb2Tnev8L
         iz3Kq+lc8rvUPOFBR8co47fyXGkjzWkUdb79psNGatE91xo3kH4q4B/VLmb2G073OG4V
         vW/A==
X-Forwarded-Encrypted: i=1;
 AFNElJ+iQFXpn4dlamGpJJxyF6sDkVeA4J4YjGbtCYIIKwGHRz1qcrx2kcs9s3qzRVct41Lk28vsPlm5@ietf.org
X-Gm-Message-State: AOJu0YzU8fjjH8JqBm2yjHUFTYAZfPSexKTyCon2hKxa8yKWDYphGDLu
	DG5EHeZodZJWrUSW9Az/kujJHHmO0kPCb0r11SEeeGBshp67zDqXaLqA
X-Gm-Gg: Acq92OEAkd3e806PR6kX6yAr7el1KDpeRFvi/XeQJzZOhkskDwIRlXgzGDPIGha8asx
	gIdJUjXlLMiDC9es5wx3E8l6ZX5612LyD+U6AZEx8JNsX15FlfXY3jx7Xc+Dcj/Pr9uLcTv7p20
	+wdGoGbeqeFvto++dos6XjLStVziD/0Mn3nAfB4dlW5RNvTdKK8s3jeiW79Fh9Rea8NarqUyQKi
	hUEo6FkoCrQR1Y0NfSF+RSHLAuAknuPrkyTrxgGE6pGN6rSpTVhOQugdrxPp6OMgJts9lmYVSo1
	ZS7Tb/XD725iURmxi107jomLWG7EKaOzsPQMz/fdNSa3q94yYn/rR1B/EXRuWFX4kCGmRtktt0m
	seQwWRqd1ri13eWPu6b7xdghzUI0qUWVqAeZase/gCr28iwSyyxyfrk1S3RDkOoqrJH61u5lGQR
	ybUwQTtO3Xy0B2rtYQy7wiCn8BSaFoF5XGfIINeoAEYschJYsGjT6B+/TbyH0B
X-Received: by 2002:a05:690e:13c4:b0:652:f16e:952e with SMTP id
 956f58d0204a3-6605ee2eb28mr1912462d50.14.1780108803607;
        Fri, 29 May 2026 19:40:03 -0700 (PDT)
Received: from smtpclient.apple ([45.19.110.76])
        by smtp.gmail.com with ESMTPSA id
 956f58d0204a3-66069709976sm10700d50.2.2026.05.29.19.40.01
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 29 May 2026 19:40:02 -0700 (PDT)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.600.51.1.1\))
From: Suresh Krishnan <suresh.krishnan@gmail.com>
In-Reply-To: 
 <177913349668.557208.2581503410373976317@dt-datatracker-7688897f84-l74h4>
Date: Fri, 29 May 2026 22:39:50 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <DB88EDDE-48A0-4FEA-9A9E-933860B15D19@gmail.com>
References: 
 <177913349668.557208.2581503410373976317@dt-datatracker-7688897f84-l74h4>
To: Alvaro Retana <aretana.ietf@gmail.com>
X-Mailer: Apple Mail (2.3864.600.51.1.1)
Message-ID-Hash: XGQIIKEOX7AR6JQ5TR24RRWUMKHDL6T5
X-Message-ID-Hash: XGQIIKEOX7AR6JQ5TR24RRWUMKHDL6T5
X-MailFrom: suresh.krishnan@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: draft-ietf-spring-srv6-security@ietf.org, spring-chairs@ietf.org,
 spring@ietf.org, zali@cisco.com, srv6ops@ietf.org, ipv6@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: =?utf-8?q?=5BSRv6OPS=5D_Re=3A_=5Bspring=5D_Second_WG_Last_Call=3A_draft-ietf?=
 =?utf-8?q?-spring-srv6-security-14_=28Ends_2026-06-02=29?=
List-Id: "SRv6 Operations (SRv6OPS) Working Group List" <srv6ops.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/srv6ops/qENMXP4tV_Jzj-Kxu1T2R77O990>
List-Archive: <https://mailarchive.ietf.org/arch/browse/srv6ops>
List-Help: <mailto:srv6ops-request@ietf.org?subject=help>
List-Owner: <mailto:srv6ops-owner@ietf.org>
List-Post: <mailto:srv6ops@ietf.org>
List-Subscribe: <mailto:srv6ops-join@ietf.org>
List-Unsubscribe: <mailto:srv6ops-leave@ietf.org>

Hi chairs/authors,
  Thank you for your hard work on this important document. I have =
reviewed draft-ietf-spring-srv6-security-14 and I think it is ready to =
progress further in the IETF process. I do have some minor comments that =
you may want to address

* Section 6.1.

This sentence is missing a verb and does not read right. Suggest =
rewording to

OLD:
While it is possible for packet manipulation and processing attacks =
against all the fields of the IPv6 header and its extension headers, =
this document limits itself to the IPv6 header and the SRH.

NEW:
While packet manipulation and processing attacks are possible against =
all the fields of the IPv6 header and its extension headers, this =
document limits itself to attacks on the IPv6 header and the SRH.

* Section 6.2.1.1.

This sentence is a bit confusing. Suggest rewording=20

OLD:
However, it facilitates more complex on-path attacks by redirecting =
traffic to another node that the attacker has access to with more =
processing resources.

NEW:
However, it facilitates more complex on-path attacks by redirecting =
traffic to another node, with more processing resources, that the =
attacker has access to.

* Section 8.1.

Not sure what "take care of=E2=80=9D means here? I would suggest using =
=E2=80=9Chandle=E2=80=9D or =E2=80=9Cinspect=E2=80=9D depending on what =
you intend to say here.

Regards
Suresh

> On May 18, 2026, at 3:44=E2=80=AFPM, Alvaro Retana via Datatracker =
<noreply@ietf.org> wrote:
>=20
> This message starts a Second WG Last Call for:
> draft-ietf-spring-srv6-security-14
>=20
> This Working Group Last Call ends on 2026-06-02
>=20
> Abstract:
>   SRv6 is a traffic engineering, encapsulation and steering mechanism
>   utilizing IPv6 addresses to identify segments in a pre-defined
>   policy.  This document discusses security considerations in SRv6
>   networks, including the potential threats and the possible =
mitigation
>   methods.  The document does not define any new security protocols or
>   extensions to existing protocols.
>=20
> File can be retrieved from:
>=20
> Please review and indicate your support or objection to proceed with =
the
> publication of this document by replying to this email keeping
> spring@ietf.org in copy. Objections should be explained and =
suggestions to
> resolve them are highly appreciated.
>=20
> Authors, and WG participants in general, are reminded of the =
Intellectual
> Property Rights (IPR) disclosure obligations described in BCP 79 [1].
> Appropriate IPR disclosures required for full conformance with the =
provisions
> of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any.
> Sanctions available for application to violators of IETF IPR Policy =
can be
> found at [3].
>=20
> Thank you.
>=20
> [1] https://datatracker.ietf.org/doc/bcp78/
> [2] https://datatracker.ietf.org/doc/bcp79/
> [3] https://datatracker.ietf.org/doc/rfc6701/
>=20
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-spring-srv6-security/
>=20
> There is also an HTML version available at:
> =
https://www.ietf.org/archive/id/draft-ietf-spring-srv6-security-14.html
>=20
> A diff from the previous version is available at:
> =
https://author-tools.ietf.org/iddiff?url2=3Ddraft-ietf-spring-srv6-securit=
y-14
>=20
> _______________________________________________
> spring mailing list -- spring@ietf.org
> To unsubscribe send an email to spring-leave@ietf.org