The Generalized TTL Security Mechanism (GTSM) for the Label Distribution Protocol (LDP)
Summary: Needs a YES. Needs 5 more YES or NO OBJECTION positions to pass.
Note: This ballot was opened for revision 07 and is now closed.
( Stewart Bryant ) Yes
( Adrian Farrel ) Yes
( Ron Bonica ) No Objection
( Gonzalo Camarillo ) No Objection
Benoit Claise No Objection
( Ralph Droms ) No Objection
( Wesley Eddy ) No Objection
Stephen Farrell No Objection
Comment (2012-06-05 for -08)
(1) 5082 has a MUST for authentication if negotiating GSTM. I don't get why this "built-in" negotiation, which seems to me to be added post-facto, gets around this need for strong authentication. I'm not going to insist that you define such authentication, (be nice if someone did though), but I do think you need to say you're not adhering to the MUST from 5082. (2) When receiving an LDP Link Hello with G=1, what checks are to be made on the TTL for that packet? If you don't enforce GSTM on that, then presumably attacks could be mounted with a Link Hello that has G=0, defeating the negotiation (hence point (1) above I guess;-). Why is this ok? If you're really taking a "leap of faith" here, then that's probably fine, but should be stated IMO. In any case I think you need to be clear about whether the TTL on this packet needs checking or not. nits: - typo in section 3? "(i.e.,g G=1)" - s/g//? - typo in section 5: s/may cause LDP peering session/may cause an LDP peering session/
Brian Haberman No Objection
( Russ Housley ) No Objection
Barry Leiba No Objection
Comment (2012-06-05 for -08)
Substantive comments; these are non-blocking, but please consider them seriously, and feel free to chat with me about them: -- 2.1 -- The G flag is meaningful only if the T flag is set to 0 (which must be the case for Basic Discovery), otherwise, the value of G flag SHOULD be ignored on receipt. What happens if it isn't? SHOULD means, basically, MUST unless you fully understand the consequences... so what are the consequences, so that an implementor might have a chance to understand them? ======== Other comments; no need to respond to these. Take them or modify them as you please: -- 1 -- Therefore, GTSM can fully benefit LDP protocol peering session established using Basic Discovery. I don't understand this sentence; maybe there's a word missing. But it also seems awkward. Does it mean this?: NEW Therefore, GTSM can provide full benefit to an LDP protocol peering session that was established using Basic Discovery. That is, the desire to use GTSM (i.e., its negotiation mechanics) is enabled by default without any configuration. But you just said that RFC 5082 said not to do that. I understand what you're getting at, so maybe this will make it clear?: NEW That is, the desire to use GTSM (i.e., its negotiation mechanics) is enabled by default without any configuration, while retaining the spirit of the advice in RFC 5082.