Reviewer: Steve Hanna Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document adds integrity and optional encryption of sensitive metadata directly to the Network Service Header (NSH) protocol defined in RFC 8300, thus reducing or eliminating several attack vectors against Service Function Chaining (SFC). The document is well written and seems adequate for the goals articulated here and elsewhere in the SFC document suite. All of the issues, questions, and nits that I raised in my earlier secdir review (https://datatracker.ietf.org/doc/review-ietf-sfc-nsh-integrity-01-secdir-early-hanna-2020-12-24) have been well addressed in draft-ietf-sfc-nsh-integrity-04. From my perspective (as a security expert who has not previously worked with SFC), this latest version of that document seems to address all relevant security issues in an appropriate manner. I have no remaining concerns regarding this document and support its approval. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
