Early Review of draft-ietf-bfd-large-packets-11
review-ietf-bfd-large-packets-11-secdir-early-salowey-2024-06-07-00
| Request | Review of | draft-ietf-bfd-large-packets-07 |
|---|---|---|
| Requested revision | 07 (document currently at 16) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2024-06-07 | |
| Requested | 2024-05-10 | |
| Requested by | Reshad Rahman | |
| Authors | Jeffrey Haas , Albert Fu | |
| I-D last updated | 2025-04-04 (Latest revision 2025-01-15) | |
| Completed reviews |
Yangdoctors IETF Last Call review of -07
by Jürgen Schönwälder
(diff)
Secdir Early review of -11 by Joseph A. Salowey (diff) Genart IETF Last Call review of -13 by Dan Romascanu (diff) Secdir IETF Last Call review of -14 by Joseph A. Salowey (diff) Tsvart IETF Last Call review of -14 by Brian Trammell (diff) |
|
| Comments |
Hi, Going through WGLC right now. I'd like to get an early review from secdir. Regards, Reshad. |
|
| Assignment | Reviewer | Joseph A. Salowey |
| State | Completed | |
| Request | Early review on draft-ietf-bfd-large-packets by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/BawXxx8OVCOuTDt517A6Tm8s48A | |
| Reviewed revision | 11 (document currently at 16) | |
| Result | Has issues | |
| Completed | 2024-06-07 |
review-ietf-bfd-large-packets-11-secdir-early-salowey-2024-06-07-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is the document has minor issue. The document is well written and fairly simple. Referencing the previous security considerations does provide some good advice, but it seems that this document perhaps adds some considerations about the size of BPDU packets. It seems that it would be possible for excessively large packets could cause problems for the sender or receiver. Perhaps add something to the security considerations about: Implementations should consider this and set appropriate upper bounds on amount of padding added to these messages and on the length of received messages.