Dear Donald, Thanks for the thorough review. There is just one comment regarding your suggestions, marked [TM]. Regarding the rest of your comments, we agree and we will address them in the next version of the document. Cheers, Tal. On Thu, Sep 23, 2021 at 12:24 AM Donald Eastlake <d3e3e3@xxxxxxxxx> wrote: > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG.. Document editors and WG chairs should treat these comments > just like any other last call comments. > > The summary of the review is Ready with a minor issue. (really just > capitalization of key words) > > Security: > > I believe that the theme of the Security Considerations section, that > possible use of the IOAM flags specified in this document could be > used in amplification attacks, is correct and that the Security > Considerations section adequately explores this topic. > > Minor: > > Section 4.1.1: Both occurrences of "recommended" seem like they should > be in all capital letters. > > Section 4.2: Second paragraph, "recommended" should be all capital > letters. Also, this stuff about N seems to be redundantly included in > both 4.1.1 and 4.2 which are adjacent sections. Maybe the second > paragraph in 4.2 could be replaced by a tweaked version of its first > sentence something like: "An IOAM node that supports the reception and > processing of the Loopback flag MUST support the ability to limit the > rate of the looped back packets as discussed in Section 4.1.1.". > [TM] There is a slight difference between the requirement in Section 4.1.1., and the requirement in Section 4.2. Specifically, 4.1.1 calls for considering the number of transit nodes (if this number is known) in the packet selection, while this is not required in Section 4.2. Therefore it looks like having slightly different text in each of the sections is required. > Section 5: last paragraph, "It is recommended to use N>100." -> "Using > N>100 is RECOMMENDED." > > Nits: > > Section 2.2: Suggest adding reference to the Terminology entry for > OAM: [RFC6291] > > Section 4.1: last sentence of 2nd paragraph (first full sentence of > page 5): Somehow "allowing a single data field" does not sound quite > strong enough to me. Suggest "allowing only a single data field" or > "limiting to a single data field" or some other stronger and clearer > wording. > > Section 4.1.1: Remove superfluous wording: "It is noted that this > requirement..." -> "This requirement..." > Section 4.1.1: Grammar and incorporating capitalization point from > above: "it is recommended to use N>100." -> "using N>100 is > RECOMMENDED." (and same change in Section 4.2 if Section 4.2 is not > modified as suggested above) > > Section 5: third bullet point "one or more IOAM option," -> "one or > more IOAM options," Also, in the same bullet point, remove superfluous > wording "It should be noted that the current..." -> "The current..." > > Multiple places "to avoid loading" would be a little better as "to > avoid overloading" or "to avoid excessively loading". > > There are almost twice as many authors as the guideline maximum of 5. > > Thanks, > Donald > =============================== > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 2386 Panoramic Circle, Apopka, FL 32703 USA > d3e3e3@xxxxxxxxx -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
