Skip to main content

Telechat Review of draft-ietf-6man-sids-05
review-ietf-6man-sids-05-secdir-telechat-dunbar-2024-02-05-00

Request Review of draft-ietf-6man-sids
Requested revision No specific revision (document currently at 06)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2024-01-30
Requested 2024-01-08
Authors Suresh Krishnan
I-D last updated 2024-02-05
Completed reviews Dnsdir Telechat review of -05 by Petr Špaček (diff)
Secdir Telechat review of -05 by Linda Dunbar (diff)
Intdir Telechat review of -05 by Juan-Carlos Zúñiga (diff)
Opsdir Last Call review of -03 by Yingzhen Qu (diff)
Secdir Last Call review of -03 by Linda Dunbar (diff)
Genart Last Call review of -03 by Reese Enghardt (diff)
Assignment Reviewer Linda Dunbar
State Completed
Request Telechat review on draft-ietf-6man-sids by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/LQV2jyke4JOXS3h2qNIxXrpIQ_U
Reviewed revision 05 (document currently at 06)
Result Has issues
Completed 2024-02-05
review-ietf-6man-sids-05-secdir-telechat-dunbar-2024-02-05-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last-call comments.

Summary: the document compares the SRv6 SIDs and the IPv6 addresses.

It would be very helpful to add the following explanation to the Security
Consideration section: - From the Security perspective, is it beneficial to
have some mechanism to detect Man-in-the-middle that tamper with the SIDs list
in the SRH?

Can you add some explanation for the following in Section 3?
-There are lots of studies showing that IPv6 packets with Extension Headers
tend to be dropped in the network. Does it happen to IPv6 packets with SRH?

- If IPv6 addresses not compliant with the requirements set forth in RFC4291
get forwarded without error, why do we need the requirements of RFC4291?

Thank you very much,

Linda Dunbar