Last Call Review of draft-ietf-bier-oam-requirements-12
review-ietf-bier-oam-requirements-12-secdir-lc-leiba-2023-08-09-00

Request Review of draft-ietf-bier-oam-requirements
Requested revision No specific revision (document currently at 21)
Type IETF Last Call Review
Team Security Area Directorate (secdir)
Deadline 2023-08-31
Requested 2023-07-28
Requested by Tony Przygienda
Authors Greg Mirsky , Nagendra Kumar Nainar , Mach Chen , Santosh Pallagatti
I-D last updated 2026-06-26 (Latest revision 2025-11-23)
Completed reviews Opsdir IETF Last Call review of -13 by Gyan Mishra (diff)
Secdir IETF Last Call review of -12 by Barry Leiba (diff)
Genart IETF Last Call review of -18 by Dale R. Worley (diff)
Tsvart IETF Last Call review of -18 by Wesley Eddy (diff)
Rtgdir IETF Last Call review of -18 by Toerless Eckert (diff)
Assignment Reviewer Barry Leiba
State Completed
Request IETF Last Call review on draft-ietf-bier-oam-requirements by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/qWU_3ePC3YfDkp7wcRD_3PJihuI
Reviewed revision 12 (document currently at 21)
Result Has issues
Completed 2023-08-09
review-ietf-bier-oam-requirements-12-secdir-lc-leiba-2023-08-09-00
The only comment I have from a security standpoint is that the Security
Considerations seem basically absent, saying no more than "Nothing to see
here."  That's common and easy to say, but I expected some explanation of how
the requirements specified in the document are needed to ensure a robust and
secure BIER system.  I wouldn't expect pages of text, but I'm surprised to see
nothing at all.  Is it really the case that an OAM system for BIER would do
nothing to enhance security, nothing to alert us to BIER-specific attacks?