Last Call Review of draft-ietf-mpls-gach-adv-06
review-ietf-mpls-gach-adv-06-secdir-lc-johansson-2013-02-21-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

The technology is somewhat outside my area of expertise but I found
the document relatively easy to follow anyway.

I'm a fan of writing crypto-related algorithms with very little left 
for the imagination of the reader. To that end I would strongly suggest 
specifying what goes into the GAP message hash even more clearly. 

In this case I suspect the intent is that the inner hash is over all 
bytes of GAP message except the GAP authentication TLV which is added 
to the message _after_ the hash is computed.

Conversely the validation phase needs to clearly say what bits of the
message are to be included in computing the hash.

Also I would change the timestamp verification step to use normative
language, eg: "... the receiver MUST, upon successfully authenticating
a message verify that the timestamp field corresponds... The receiver 
MUST silently discard a GAP message that fails timestamp verification."