Early Review of draft-ietf-bier-ping-08
review-ietf-bier-ping-08-secdir-early-mandelberg-2023-04-21-00

Request Review of draft-ietf-bier-ping
Requested revision No specific revision (document currently at 21)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2023-04-28
Requested 2023-04-07
Requested by Tony Przygienda
Authors Nagendra Kumar Nainar , Carlos Pignataro , Mach Chen , Greg Mirsky
I-D last updated 2026-03-30 (Latest revision 2026-03-30)
Completed reviews Intdir Early review of -08 by Brian Haberman (diff)
Secdir Early review of -08 by David Mandelberg (diff)
Rtgdir Early review of -14 by Dhruv Dhody (diff)
Secdir IETF Last Call review of -16 by David Mandelberg (diff)
Tsvart IETF Last Call review of -16 by Marcus Ihlar (diff)
Genart IETF Last Call review of -16 by Roni Even (diff)
Opsdir Telechat review of -16 by Will (Shucheng) LIU (diff)
Intdir Telechat review of -16 by Brian Haberman (diff)
Assignment Reviewer David Mandelberg
State Completed
Request Early review on draft-ietf-bier-ping by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/xM-yWmnlUfoU__yfofbY-QRjGfU
Reviewed revision 08 (document currently at 21)
Result Has nits
Completed 2023-04-21
review-ietf-bier-ping-08-secdir-early-mandelberg-2023-04-21-00
This mostly looks good, I think.

My only concern is about if/how this could be exploited to DDoS third parties.
It looks like there are a few ways that the responses can be larger than the
requests, either by responders adding additional TLVs, or by multiple
responders responding to the same request. I'm not sure how much of a risk
source address spoofing is in the request's outer header, but it looks like the
Reply-To TLV can be used to send responses to another address anyway,
regardless of the source address. So if this were on the open internet, I'd
expect attackers to abuse it to send lots of data to their targets. But from
the mentions of MPLS, I'm guessing that this is not meant to be used on the
open internet? So it might not be an issue in the environments this is intended
to be deployed in, or there might be some other mitigation.