Last Call Review of draft-ietf-bess-evpn-irb-mcast-08
review-ietf-bess-evpn-irb-mcast-08-secdir-lc-reddyk-2022-12-24-00
| Request | Review of | draft-ietf-bess-evpn-irb-mcast-07 |
|---|---|---|
| Requested revision | 07 (document currently at 11) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2022-07-08 | |
| Requested | 2022-06-24 | |
| Requested by | Andrew Alston | |
| Authors | Wen Lin , Zhaohui (Jeffrey) Zhang , John Drake , Eric C. Rosen , Jorge Rabadan , Ali Sajassi | |
| I-D last updated | 2022-12-24 | |
| Completed reviews |
Intdir Telechat review of -09
by Brian Haberman
(diff)
Genart Last Call review of -09 by Stewart Bryant (diff) Secdir Last Call review of -08 by Tirumaleswar Reddy.K (diff) Rtgdir Last Call review of -07 by Acee Lindem (diff) |
|
| Comments |
Requesting security and routing area directorate reviews on this one before I push it into last call. |
|
| Assignment | Reviewer | Tirumaleswar Reddy.K |
| State | Completed | |
| Request | Last Call review on draft-ietf-bess-evpn-irb-mcast by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/zlDd4iZNapCokLzDKOqA45pEQJo | |
| Reviewed revision | 08 (document currently at 11) | |
| Result | Has issues | |
| Completed | 2022-12-20 |
review-ietf-bess-evpn-irb-mcast-08-secdir-lc-reddyk-2022-12-24-00
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in the last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Reviewer: Tirumaleswar Reddy Review result: Ready with issues Summary: The document covers the procedure for multicast advertisement and forwarding among BDs. I don't see any major security issues presented in the security considerations and I I have the following comments : This document uses protocols and procedures defined in the normative references, and inherits the security considerations of those references. Comment> I suggest adding more details to how the security considerations in the normative references are applicable to this draft. Incorrect addition, removal, or modification of those flags and/or ECs will cause the procedures defined herein to malfunction, in which case loss or diversion of data traffic is possible. Comment> The above text discusses the attacks but not possible mitigations. Please add more details on how the above attack can be prevented. Cheers, -Tiru