Last Call Review of draft-ietf-karp-ospf-analysis-05

Request Review of draft-ietf-karp-ospf-analysis
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2012-10-17
Requested 2012-10-04
Authors Sam Hartman, Dacheng Zhang
Draft last updated 2012-11-05
Completed reviews Genart Last Call review of -05 by Elwyn Davies (diff)
Genart Telechat review of -?? by Elwyn Davies
Secdir Last Call review of -05 by Shawn Emery (diff)
Assignment Reviewer Elwyn Davies 
State Completed
Review review-ietf-karp-ospf-analysis-05-genart-lc-davies-2012-11-05
Reviewed rev. 05 (document currently at 06)
Review result Ready with Issues
Review completed: 2012-11-05


I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at


Please resolve these comments along with any other Last Call comments
you may receive. (Sorry it is rather late).

Document: draft-ietf-karp-ospf-analysis-05
Reviewer: Elwyn Davies
Review Date: 5 November 2012
IETF LC End Date: 2012-10-17
IESG Telechat date: (if known) -

Summary: Almost ready.  Just a couple of minor nits.

Major issues:

Minor issues:

Nits/editorial comments:
> RFC 4552 [RFC4552] describes how the authentication header and
>    encapsulating security payload mechanism can be used to protect
>    OSPFv3 packets.
I guess this piece ought to say that AH, ESP, SPI etc come out of IPsec
and give a reference a bit earlier in the section - IPsec is mentioned
but no reference given in the 2nd para of the section.

s3, para 1: 
>    As discussed, neither version of OSPF meets the requirements of
>    inter-connection or intra-connection replay protection.
Neither of the discussions above mention the phrases 'inter-connection'
or 'intra-connection'.  For OSPFv3 this is implicit because 'no replay
protection is provided'.  For OSPFv2 it would be desirable to explain
how the problems outlined in s2.1 relate to these terms. 
s3, para 4: The first two sentences contain the phrase 
'a number of attacks that are possible because of a per-packet replay.'
Ther sentences can be easily combined

s3, para 5:
>    Unfortunately, OSPFv2 does
>    not have a procedure for dealing with sequence numbers reaching the
>    maximum age.
Is 'age' the correct term here?  'maximum value' perhaps?