Skip to main content

Early Review of draft-ietf-manet-dlep-traffic-classification-12
review-ietf-manet-dlep-traffic-classification-12-secdir-early-emery-2024-08-10-00

Request Review of draft-ietf-manet-dlep-traffic-classification
Requested revision No specific revision (document currently at 13)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2024-08-13
Requested 2024-07-23
Requested by Jim Guichard
Authors Bow-Nan Cheng , David Wiggins , Lou Berger , Don Fedyk
I-D last updated 2024-08-10
Completed reviews Tsvart Early review of -06 by David L. Black (diff)
Opsdir Early review of -12 by Tina Tsou (Ting ZOU) (diff)
Rtgdir Early review of -12 by Darren Dukes (diff)
Secdir Early review of -12 by Shawn M Emery (diff)
Genart Last Call review of -12 by Stewart Bryant (diff)
Assignment Reviewer Shawn M Emery
State Completed
Request Early review on draft-ietf-manet-dlep-traffic-classification by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/YmUZiOaEfvWasXe0OprjCk_O1NU
Reviewed revision 12 (document currently at 13)
Result Has nits
Completed 2024-08-10
review-ietf-manet-dlep-traffic-classification-12-secdir-early-emery-2024-08-10-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This standards track draft specifies a protocol for identifying various link
control messages utilized by the Dynamic Link Exchange Protocol (DLEP).

The security considerations sections does exist and discloses that the protocol
opens up vulnerabilities for DoS by modifying or injecting protocol messages
(e.g., decrease the max window size to a unrealistically small value).  The
mitigation of said vulnerabilities is deferred to RFC 8175's security
considerations, which prescribes TLS for transport security and provides
IEEE-802.1AE and IEEE-802.1X as examples to protect Layer 2 from injecting or
altering messages.  I believe this to be an accurate assertion.

General comments:

In order to help me fully understand the concepts of this protocol I think it
would be nice to have examples for DSCP and PCP Sub-Data Items.

Editorial comments:

s/DLPE/DLEP/