Re: Gen-ART LC review of draft-ietf-ospf-rfc6506bis-01.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Brian, 
Thanks much for the review. I believe I've added all your comments - see
inline. 

On 11/12/13 11:16 AM, "Brian E Carpenter" <brian.e.carpenter@xxxxxxxxx>
wrote:

>[Resending again with abject apologies for a typo in the To address.]
>
>[Resending with CC to the IETF list, since the ospf WG list
>automatically rejects non-subscriber messages.]
>
>I am the assigned Gen-ART reviewer for this draft. For background on
>Gen-ART, please see the FAQ at
><http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>
>Please resolve these comments along with any other Last Call comments
>you may receive.
>
>Document: draft-ietf-ospf-rfc6506bis-01.txt
>Reviewer: Brian Carpenter
>Review Date: 2013-11-12
>IETF LC End Date: 2013-11-26
>IESG Telechat date:
>
>Summary:  Ready with issues
>--------
>
>Major issue:
>------------
>
>The listed changes from RFC 6506 include:
>
>>    2.  Section 3 previously advocated usage of an expired key for
>>        transmitted OSPFv3 packets when no valid keys existed.  This
>>        statement has been removed.
>
>I cannot see where this has been removed. In the last paragraph of
>Section 3, the text starting:
>
>> In the event that the last key associated with an interface expires,...
>
>has not been changed. Isn't that the text that should be removed? In fact,
>shouldn't it be explicitly contradicted, to ensure that implementations
>are changed to fail-secure rather than run-insecure?

Sigh - good catch. We actually discussed the text on the list but I
neglected to update it in the final revision. This is how the paragraph
will read in the next revision.

Key storage SHOULD persist across a system restart, warm or cold, to
   avoid operational issues.  In the event that the last key associated
   with an interface expires, the network operator SHOULD be notified
   and the OSPFv3 packet MUST NOT be transmitted unauthenticated.









>
>
>Nits:
>-----
>
>"errata" is a plural, often misused in this draft as a singular. The
>singular
>noun is "erratum".

I replaced the 3 instances of "errata" with "erratum" in section 1.2. In
the acknowledgements, the instances of "errata" were correct.


>
>	
>> This document may contain material from IETF Documents or IETF	
>> Contributions published or made publicly available before November	
>> 10, 2008. The person(s) controlling the copyright in some of this	
>  ...
>
>This disclaimer logically cannot be needed, since RFC6506 was published
>after Nov. 10, 2008.

I've removed this by updating the xml ipr tag to simply "trust200902".


>
>
>
>> 6.  Security Considerations
>...
>>   It addresses all the security
>>   issues that have been identified in [RFC6039].
>
>and in [RFC6506] (judging by section 1.2).

Added the reference to RFC 6506.

Thanks,
Acee 




>
>






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]