[Last-Call] Re: Secdir last call review of draft-ietf-mpls-spring-inter-domain-oam-14

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Chris,

Thanks for the review.
Pls see inline <SH> for replies.
Version -15 will address your comments.

Rgds
Shraddha


Juniper Business Use Only
-----Original Message-----
From: Chris Lonvick via Datatracker <noreply@xxxxxxxx>
Sent: Wednesday, May 15, 2024 10:41 PM
To: secdir@xxxxxxxx
Cc: draft-ietf-mpls-spring-inter-domain-oam.all@xxxxxxxx; last-call@xxxxxxxx; mpls@xxxxxxxx
Subject: Secdir last call review of draft-ietf-mpls-spring-inter-domain-oam-14

[External Email. Be cautious of content]


Reviewer: Chris Lonvick
Review result: Ready

Hi,

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is Ready.

The day job has me going and I wasn't able to spend as much time with this that I would have preferred. However, I found it to be understandable and well thought-out.

I would like the Security Considerations section to include a more direct reference to RFC 8029 rather than just saying an implementation should have filter policies. Perhaps add the same paragraph that is used in the Security Considerations of RFC 8287 as a new paragraph.
<SH>Added above statement to last paragraph
All the security considerations
   defined in [RFC8029] will be applicable for this document

 Also, I think that the reference to MACsec should use a RECOMMENDED rather than a "suggested".
<SH> Ok fixed as below
An operator MUST deploy appropriate filter policies
    as described in [RFC8029] to restrict the LSP ping/traceroute packets based on origin.
    It is also RECOMMENDED that an operator deploy security mechanisms such as MACsec
    on inter-domain links or security-vulnerable links to prevent spoofing attacks.


I did see some nits in the document. Unfortunately, I didn't record them. I can point out the last sentence of the Security Considerations section needs some work. It currently has, "the network devices MUST have mechanisms to prevent of Denial-of-service attacks" Either delete the "of" or change it to "for the prevention of".
<SH> Fixed this one as well as other nits. Thanks for pointing out.

Best regards,
Chris


-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux