Skip to main content

Last Call Review of draft-ietf-mpls-return-path-specified-lsp-ping-12
review-ietf-mpls-return-path-specified-lsp-ping-12-secdir-lc-hoffman-2013-08-29-00

Request Review of draft-ietf-mpls-return-path-specified-lsp-ping
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-09-04
Requested 2013-08-22
Authors Mach Chen , Wei Cao , Ning So , Frederic JOUNAY , Simon DeLord
Draft last updated 2013-08-29
Completed reviews Genart Last Call review of -12 by Roni Even (diff)
Genart Telechat review of -13 by Roni Even (diff)
Secdir Last Call review of -12 by Paul E. Hoffman (diff)
Assignment Reviewer Paul E. Hoffman
State Completed
Review review-ietf-mpls-return-path-specified-lsp-ping-12-secdir-lc-hoffman-2013-08-29
Reviewed revision 12 (document currently at 15)
Result Ready
Completed 2013-08-29
review-ietf-mpls-return-path-specified-lsp-ping-12-secdir-lc-hoffman-2013-08-29-00
This document defines a set of extensions to MPLS to allow the failure
detection mode (basically, a ping) to know which path to use in the reply.
Given that MPLS is a protocol that is only run between gateways that fully
trust each other, there are not many security considerations for such an
extensions. The entire Security Considerations section reads:

   Security considerations discussed in [RFC4379] apply to this
   document.  In addition to that, in order to prevent using the
   extension defined in this document for "proxying" any possible
   attacks, the return path LSP MUST have destination to the same node
   where the forward path is from.

That actually seems sufficient, given that the underlying protocol is not meant
to have any non-administrative security features.

--Paul Hoffman