Last Call Review of draft-ietf-mpls-self-ping-04
review-ietf-mpls-self-ping-04-secdir-lc-johansson-2015-10-15-00
| Request | Review of | draft-ietf-mpls-self-ping |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2015-10-13 | |
| Requested | 2015-09-24 | |
| Authors | Ron Bonica , Ina Minei , Michael Conn , Dante Pacella , Luis Tomotaki | |
| I-D last updated | 2015-10-15 | |
| Completed reviews |
Genart Last Call review of -04
by Russ Housley
(diff)
Secdir Last Call review of -04 by Leif Johansson (diff) Opsdir Last Call review of -04 by Bert Wijnen (diff) Rtgdir Early review of -04 by John Drake (diff) |
|
| Assignment | Reviewer | Leif Johansson |
| State | Completed | |
| Request | Last Call review on draft-ietf-mpls-self-ping by Security Area Directorate Assigned | |
| Reviewed revision | 04 (document currently at 06) | |
| Result | Has issues | |
| Completed | 2015-10-15 |
review-ietf-mpls-self-ping-04-secdir-lc-johansson-2015-10-15-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments that arrive in timely manner, and not significantly belated. First of all - pls apologize for being very late with this review! The field is also well outside my area of expertise which may make my review moot. My one comment is that the Security Considerations section identifies the Session-ID as sensitive and sais that implementations SHOULD NOT be assigned in a predictable manner. Given the security implications of Session-ID forgery (also clearly stated in the SC section) it might be worth recommending the use of a CSPRNG to generate the Session-IDs I'm curious about how this is done in implementations today though... Cheers Leif