Telechat Review of draft-ietf-mpls-psc-updates-05
review-ietf-mpls-psc-updates-05-secdir-telechat-roca-2014-05-15-00
Request | Review of | draft-ietf-mpls-psc-updates |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2014-05-13 | |
Requested | 2014-05-02 | |
Authors | Eric Osborne | |
I-D last updated | 2014-05-15 | |
Completed reviews |
Genart Telechat review of -05
by Elwyn B. Davies
(diff)
Secdir Telechat review of -05 by Vincent Roca (diff) |
|
Assignment | Reviewer | Vincent Roca |
State | Completed | |
Request | Telechat review on draft-ietf-mpls-psc-updates by Security Area Directorate Assigned | |
Reviewed revision | 05 (document currently at 06) | |
Result | Has issues | |
Completed | 2014-05-15 |
review-ietf-mpls-psc-updates-05-secdir-telechat-roca-2014-05-15-00
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. IMHO, the document is Almost ready. The author claims this document "raise[s] no new security concerns". I think the author is right, however I have two comments: - it's preferable to mention explicitely that RFC 6378 provides the baseline security discussion and that it also applies to the present document. - Making sure an implementation behaves correctly in front of malformed messages is typically something that should be mentioned/discussed in the Security Section. This is the case in section 2.3 "Error handling". Can an attacker through malformed/unexpected messages (e.g., with fuzzing) launch a DoS? I don't suggest to move section 2.3 in the Security Discussion section, but rather to add a sentence in the Security Section explaining that this document in section 2.3 also clarifies how to react in front of malformed/unexpected messages (which is essential from a security point of view). Cheers, Vincent