On Wed, Aug 21, 2019 at 8:07 AM Acee Lindem (acee) <acee@xxxxxxxxx> wrote:
Hi. Kathleen,
On 8/21/19, 7:42 AM, "Kathleen Moriarty via Datatracker" <noreply@xxxxxxxx> wrote:
Reviewer: Kathleen Moriarty
Review result: Has Nits
I apologize for the very late review. I see you are already working on Roman's
discuss, so perhaps this nit could be addressed still.
In the security considerations section, the following text is included:
As such, no new
security threats are introduced beyond the considerations in OSPFv2
[RFC2328], OSPFv3 [RFC5340], and [RFC5786].
However, new considerations follow and as such, the above statement isn't
entirely accurate. I do agree that no security is provided in these protocols,
and that is not new, but new information is exposed. Perhaps saying additional
considerations follow would be better than saying "no new security threats are
introduced".
As document shepherd and LSR WG Co-Chair, I disagree. There is no new information exposed. This draft simply enables the TE endpoints from both IPv4 and IPv6 to be advertised in either OSPFv2 or OSPFv3 rather than relegating advertisement of IPv4 TE information to OSPFv2 and IPv6 TE information to OSPFv3. If anything, it improves security by reducing the surface area for attacks to a single protocol rather than both protocols.
I won't fight it and it is really too late, but I dislike the sentence especially when used on a protocol with no security properties. If someone doesn't realize the current state and overall lack of security, this sentence doesn't help.
Best regards,
Kathleen
Thanks,
Acee
Thank you,
Kathleen
Best regards,
Kathleen
