Last Call Review of draft-ietf-karp-ospf-analysis-05
review-ietf-karp-ospf-analysis-05-secdir-lc-emery-2012-11-18-00
Request | Review of | draft-ietf-karp-ospf-analysis |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2012-11-13 | |
Requested | 2012-10-04 | |
Authors | Sam Hartman , Dacheng Zhang | |
I-D last updated | 2012-11-18 | |
Completed reviews |
Genart Last Call review of -05
by Elwyn B. Davies
(diff)
Genart Telechat review of -?? by Elwyn B. Davies Secdir Last Call review of -05 by Shawn M Emery (diff) |
|
Assignment | Reviewer | Shawn M Emery |
State | Completed | |
Request | Last Call review on draft-ietf-karp-ospf-analysis by Security Area Directorate Assigned | |
Reviewed revision | 05 (document currently at 06) | |
Result | Ready | |
Completed | 2012-11-18 |
review-ietf-karp-ospf-analysis-05-secdir-lc-emery-2012-11-18-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This informational draft describes security issues associated with manual keying in OSPF. The draft then provides guidance to counter these security threats. The security considerations section does exist and reiterates what is discussed in the main document, given that this is essentially a security draft. The security points discussed deal with replay, protecting routing data, and DoS attacks. For the former two the draft suggests the use of digital signatures as described in RFC2154. In regards to the latter, the draft proposes a solution utilizing RFC5082 . I believe the guidance given does not yield any security concerns and would be an improvement over the existing OSPF protocol. General comments: None. Editorial comments: s/RFC 2154 [RFC2154] provides/[RFC 2154] provides/ Shawn. --