Last Call Review of draft-ietf-mboned-multicast-telemetry-09
review-ietf-mboned-multicast-telemetry-09-secdir-lc-montville-2024-05-20-00

Request Review of draft-ietf-mboned-multicast-telemetry
Requested revision No specific revision (document currently at 12)
Type IETF Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-05-22
Requested 2024-05-08
Authors Haoyu Song , Mike McBride , Greg Mirsky , Gyan Mishra , Hitoshi Asaeda , Tianran Zhou
I-D last updated 2024-08-27 (Latest revision 2024-06-25)
Completed reviews Genart IETF Last Call review of -09 by Roni Even (diff)
Secdir IETF Last Call review of -09 by Adam W. Montville (diff)
Tsvart IETF Last Call review of -09 by Dr. Bernard D. Aboba (diff)
Assignment Reviewer Adam W. Montville
State Completed
Request IETF Last Call review on draft-ietf-mboned-multicast-telemetry by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/D2TIcQfV6qYRxfDR4dzG13Btlqc
Reviewed revision 09 (document currently at 12)
Result Ready
Completed 2024-05-20
review-ietf-mboned-multicast-telemetry-09-secdir-lc-montville-2024-05-20-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

I believe this document is ready.

The security considerations section refers to RFC9197 and RFC9326 for complete
treatment of packet amplification, integrity, and covert channel risks. The
last half of the security considerations paragraph does allude to a multicast
tree configuration preference that would be better as a non-option (strictly
from a security perspective - why allow a non-/less-secure state at all if you
can avoid it?). But, I don't know enough about the challenges of achieving
and/or enforcing that configuration option.