Last Call Review of draft-ietf-bfd-seamless-base-08
review-ietf-bfd-seamless-base-08-secdir-lc-emery-2016-05-05-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a version of Bidirectional Forwarding Detection (BFD) that
allows for better efficiencies in provisioning and path monitoring of network
node infrastructure.

The security considerations section does exist and asserts that the security
considerations that pertains to the base BFD protocol, RFC 5880, also applies
to this protocol.  The section continues with guidance on authenticating data,
replay, and DoS avoidance, specific to this protocol.  I agree with most of the
recommendations outlined and assertions presented in this section.  5880 is
forthcoming with the various vulnerabilities/limitations of the base protocol.
However, the draft does not cover the case where an attacker impersonates the
SBFDInitiator, but does cover the SBFDReflector scenario.

General comments:

None.

Editorial comments:

s/Once above setup/Once the above setup/
s/it can quickly/can quickly/
s/and IS-IS will advertises/and IS-IS advertises/
s/then response S-BFD/then a response S-BFD/
s/allocated a same/allocated the same/
s/Remainder of this/The remainder of this/
s/for above suggestions/for the suggestions above/
s/that discriminator/that the discriminator/
s/for a same/for the same/
s/is to have following/has the following/
... I stopped after this.  Please have someone review the rest of the draft for
grammar.  It will be hard to read w/o these updates.

Shawn.
--