Last Call Review of draft-ietf-bier-oam-requirements-12
review-ietf-bier-oam-requirements-12-secdir-lc-leiba-2023-08-09-00
| Request | Review of | draft-ietf-bier-oam-requirements |
|---|---|---|
| Requested revision | No specific revision (document currently at 15) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2023-08-31 | |
| Requested | 2023-07-28 | |
| Requested by | Tony Przygienda | |
| Authors | Greg Mirsky , Nagendra Kumar Nainar , Mach Chen , Santosh Pallagatti | |
| I-D last updated | 2023-08-09 | |
| Completed reviews |
Opsdir Last Call review of -13
by Gyan Mishra
(diff)
Secdir Last Call review of -12 by Barry Leiba (diff) |
|
| Assignment | Reviewer | Barry Leiba |
| State | Completed | |
| Request | Last Call review on draft-ietf-bier-oam-requirements by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/qWU_3ePC3YfDkp7wcRD_3PJihuI | |
| Reviewed revision | 12 (document currently at 15) | |
| Result | Has issues | |
| Completed | 2023-08-09 |
review-ietf-bier-oam-requirements-12-secdir-lc-leiba-2023-08-09-00
The only comment I have from a security standpoint is that the Security Considerations seem basically absent, saying no more than "Nothing to see here." That's common and easy to say, but I expected some explanation of how the requirements specified in the document are needed to ensure a robust and secure BIER system. I wouldn't expect pages of text, but I'm surprised to see nothing at all. Is it really the case that an OAM system for BIER would do nothing to enhance security, nothing to alert us to BIER-specific attacks?