Skip to main content

Last Call Review of draft-ietf-bfd-unaffiliated-echo-11
review-ietf-bfd-unaffiliated-echo-11-secdir-lc-farrell-2024-10-07-00

Request Review of draft-ietf-bfd-unaffiliated-echo
Requested revision No specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-10-09
Requested 2024-09-25
Authors Weiqiang Cheng , Ruixue Wang , Xiao Min , Reshad Rahman , Raj Chetan Boddireddy
I-D last updated 2024-10-07
Completed reviews Rtgdir Last Call review of -12 by Adrian Farrel (diff)
Intdir Last Call review of -11 by Tim Wicinski (diff)
Genart Last Call review of -12 by Gyan Mishra (diff)
Secdir Last Call review of -11 by Stephen Farrell (diff)
Opsdir Last Call review of -11 by Dhruv Dhody (diff)
Opsdir Telechat review of -12 by Dhruv Dhody (diff)
Tsvart Telechat review of -12 by Brian Trammell (diff)
Secdir Telechat review of -12 by Stephen Farrell (diff)
Assignment Reviewer Stephen Farrell
State Completed
Request Last Call review on draft-ietf-bfd-unaffiliated-echo by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/u_HwDrwJNPTnCjlXhefZ9694bwQ
Reviewed revision 11 (document currently at 14)
Result Has issues
Completed 2024-10-07
review-ietf-bfd-unaffiliated-echo-11-secdir-lc-farrell-2024-10-07-00
I'm not sure if this is a real issue or not. If not, which is quite possible, 
then this'd be ready.

I wondered if this setup might create potential reflection attacks, but am
not sure. The attack might happen if bad-device-A sends packets to B, as if
those are from real-A, and then B sends those back to real-A. If that could
happen, it would seem like a reflection attack vector that could be part of
a DoS. If that can't happen, it might be no harm to say why in the security
considerations section.