Hi Eric,
Thanks much for incorporating my comments.
On 4/1/21, 11:54 AM, "Eric Vyncke (evyncke)" <evyncke@xxxxxxxxx> wrote:
Acee,
Big thank you on your nits review! As a non-English speaker, I always welcome (and learn from) such a detailed review. The just posted -25 has all the nits fixed (per your other email) and we took action on your two suggestions below.
BTW, we added a reference to RFC 8177 in section 2.5.3 'securing routing updates" as it seems more suitable.
It applies there. However, I was thinking of it in the context of this statement in 2.4.
"The control plane processor is then unable to process valid control packets and
the router can lose OSPF or BGP adjacencies which can cause a severe
network disruption."
If one supports a the key-chain mechanisms for rollover in their OSPF and BGP implementations, there will be no disruption. Anyway, it was only a suggestion.
Thanks,
Acee
Regards
-éric
PS: happy to have a April 1st I-D, which is NOT a joke ;-)
-----Original Message-----
From: Acee Lindem via Datatracker <noreply@xxxxxxxx>
Reply-To: "Acee Lindem (acee)" <acee@xxxxxxxxx>
Date: Tuesday, 23 March 2021 at 15:19
To: "rtg-dir@xxxxxxxx" <rtg-dir@xxxxxxxx>
Cc: "draft-ietf-opsec-v6.all@xxxxxxxx" <draft-ietf-opsec-v6.all@xxxxxxxx>, "last-call@xxxxxxxx" <last-call@xxxxxxxx>, "opsec@xxxxxxxx" <opsec@xxxxxxxx>
Subject: Rtgdir last call review of draft-ietf-opsec-v6-24
Resent-From: <alias-bounces@xxxxxxxx>
Resent-To: Eric Vyncke <evyncke@xxxxxxxxx>, Kiran Kumar Chittimaneni <kk.chittimaneni@xxxxxxxxx>, Merike Kaeo <merike@xxxxxxxxxxxxxxxxxxxxxx>, <erey@xxxxxxx>, <furry13@xxxxxxxxx>, Ron Bonica <rbonica@xxxxxxxxxxx>, <warren@xxxxxxxxxx>, <rwilton@xxxxxxxxx>, Gyan Mishra <hayabusagsm@xxxxxxxxx>, <hayabusagsm@xxxxxxxxx>
Resent-Date: Tuesday, 23 March 2021 at 15:19
Reviewer: Acee Lindem
Review result: Has Nits
Hello,
I have been selected as the Routing Directorate reviewer for this draft.
The Routing Directorate seeks to review all routing or routing-related
drafts as they pass through IETF last call and IESG review, and
sometimes on special request. The purpose of the review is to provide
assistance to the Routing ADs. For more information about the Routing
Directorate, please see
http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir
Although these comments are primarily for the use of the Routing ADs,
it would be helpful if you could consider them along with any other
IETF Early Review/Last Call comments that you receive, and strive to
resolve them through discussion or by updating the draft.
Document: draft-ietf-opsec-v6-24.txt
Reviewer: Acee Lindem
Review Date: 03/23/2021
IETF LC End Date: Soon
Intended Status: Informational
Summary: The document contains a lot of useful recommendations and
references for Operational Security in IPv6 networks. Since
the document has "Informational" status, none of the text is
normative.
The document is basically ready for publication. I have some
nits attached and a have couple suggested references for
IPv6 control plane security.
Major Issues: None
Minor Issues:
1. Section 2.4 - Recommend implementation of key-chains and graceful
key rollover as documented in section 2.2 of RFC 8177. This will
avoid the disruptions during key rollover.
2. Section 2.4 - Recommend implementation of SPF rate-limiting as
documented in RFC 8541. This is in the context of OSPFv3 protocol
specific mechanisms and the recommended rate-limiting.
Nits: Will send diffs in separate message.
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
