Last Call Review of draft-ietf-mpls-return-path-specified-lsp-ping-12
review-ietf-mpls-return-path-specified-lsp-ping-12-secdir-lc-hoffman-2013-08-29-00
| Request | Review of | draft-ietf-mpls-return-path-specified-lsp-ping |
|---|---|---|
| Requested revision | No specific revision (document currently at 15) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2013-09-04 | |
| Requested | 2013-08-22 | |
| Authors | Mach Chen , Wei Cao , Ning So , Frederic JOUNAY , Simon DeLord | |
| I-D last updated | 2020-01-21 (Latest revision 2013-10-21) | |
| Completed reviews |
Genart IETF Last Call review of -12
by Roni Even
(diff)
Genart Telechat review of -13 by Roni Even (diff) Secdir IETF Last Call review of -12 by Paul E. Hoffman (diff) |
|
| Assignment | Reviewer | Paul E. Hoffman |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-mpls-return-path-specified-lsp-ping by Security Area Directorate Assigned | |
| Reviewed revision | 12 (document currently at 15) | |
| Result | Ready | |
| Completed | 2013-08-29 |
review-ietf-mpls-return-path-specified-lsp-ping-12-secdir-lc-hoffman-2013-08-29-00
This document defines a set of extensions to MPLS to allow the failure detection mode (basically, a ping) to know which path to use in the reply. Given that MPLS is a protocol that is only run between gateways that fully trust each other, there are not many security considerations for such an extensions. The entire Security Considerations section reads: Security considerations discussed in [RFC4379] apply to this document. In addition to that, in order to prevent using the extension defined in this document for "proxying" any possible attacks, the return path LSP MUST have destination to the same node where the forward path is from. That actually seems sufficient, given that the underlying protocol is not meant to have any non-administrative security features. --Paul Hoffman