Last Call Review of draft-ietf-bess-mvpn-mib-10
review-ietf-bess-mvpn-mib-10-secdir-lc-smyslov-2018-08-28-00
Request | Review of | draft-ietf-bess-mvpn-mib |
---|---|---|
Requested revision | No specific revision (document currently at 12) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2018-09-03 | |
Requested | 2018-08-20 | |
Authors | Hiroshi Tsunoda | |
I-D last updated | 2018-08-28 | |
Completed reviews |
Opsdir Last Call review of -10
by Joel Jaeggli
(diff)
Secdir Last Call review of -10 by Valery Smyslov (diff) Genart Last Call review of -10 by David Schinazi (diff) |
|
Assignment | Reviewer | Valery Smyslov |
State | Completed | |
Request | Last Call review on draft-ietf-bess-mvpn-mib by Security Area Directorate Assigned | |
Reviewed revision | 10 (document currently at 12) | |
Result | Has issues | |
Completed | 2018-08-28 |
review-ietf-bess-mvpn-mib-10-secdir-lc-smyslov-2018-08-28-00
Reviewer: Valery Smyslov Review result: Almost Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document provides a MIB module for Level 3 Multicast VPNs. The MIB Module passed a thorough MIB doctor review. The Security Considerations text follows the "Security Guidelines for IETF MIB Modules" (https://trac.ietf.org/trac/ops/wiki/mib-security). In particular, all the objects with read-write access from this MIB module are listed and the possible impact of manipulating their values is described. In addition, readable address-related objects from this MIB module that may reveal the locations of the peers are listed too. My only concern with the Security Considerations is that the latter list lacks mvpnMrouteRtAddr object, which in my opinion should be there, since it's also readable and contains address-related information. I think that once this issue is resolved the document will be ready for publication.