Skip to main content

Last Call Review of draft-ietf-ippm-stamp-on-lag-05
review-ietf-ippm-stamp-on-lag-05-secdir-lc-cam-winget-2023-12-11-00

Request Review of draft-ietf-ippm-stamp-on-lag
Requested revision No specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2023-11-01
Requested 2023-10-18
Authors Zhenqiang Li , Tianran Zhou , Guo Jun , Greg Mirsky , Rakesh Gandhi
I-D last updated 2023-12-11
Completed reviews Intdir Telechat review of -05 by Haoyu Song (diff)
Intdir Telechat review of -05 by Antoine Fressancourt (diff)
Secdir Last Call review of -05 by Nancy Cam-Winget (diff)
Assignment Reviewer Nancy Cam-Winget
State Completed
Request Last Call review on draft-ietf-ippm-stamp-on-lag by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/5mDx2JGX5y9FHAMKUJXJrW8YtMk
Reviewed revision 05 (document currently at 06)
Result Has issues
Completed 2023-12-11
review-ietf-ippm-stamp-on-lag-05-secdir-lc-cam-winget-2023-12-11-00
I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.


This document defines an extension to the Simple Two-Way Active 
Measurement Protocol (STAMP) to facilitate performance measurement
on every member link of a tag.  As such, the proposed extension is
to define a Micro-session identifier and a Session-Reflector member
link identifier.

Issue:
As this draft is now exposing identifiers to the actual nodes in 
the link, there must be inclusions that describe the potential exposure
of these nodes given their identifiers are now explicitly communicated.
RFC 8762 only addresses the integrity not the confidentiality of the
information disclosed which with the session identifier now needs
to be considered.  In addition, privacy considerations describing
the potential consequences of this disclosure can lead to.