Last Call Review of draft-ietf-mpls-spring-lsp-ping-11
review-ietf-mpls-spring-lsp-ping-11-secdir-lc-farrell-2017-10-06-00

Request Review of draft-ietf-mpls-spring-lsp-ping
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-10-06
Requested 2017-09-22
Authors Nagendra Kumar, Carlos Pignataro, George Swallow, Nobo Akiya, Sriganesh Kini, Mach Chen
Draft last updated 2017-10-06
Completed reviews Rtgdir Early review of -06 by Tony Przygienda (diff)
Rtgdir Last Call review of -06 by Sasha Vainshtein (diff)
Secdir Last Call review of -11 by Stephen Farrell (diff)
Genart Last Call review of -11 by Wassim Haddad (diff)
Assignment Reviewer Stephen Farrell
State Completed
Review review-ietf-mpls-spring-lsp-ping-11-secdir-lc-farrell-2017-10-06
Reviewed rev. 11 (document currently at 13)
Review result Ready
Review completed: 2017-10-06

Review
review-ietf-mpls-spring-lsp-ping-11-secdir-lc-farrell-2017-10-06

Hiya,

The document describes yet another variant of ping and traceroute for 
MPLS, which is fine. The security considerations text is probably right
in saying there's no big delta here vs. RFC 8029.

I do have one query:

The "protocol" field in the requests here seems like it's maybe a new
thing, that wasn't in 8029 (or at least wasn't clearly there from my
fairly uninformed read:-). That's defined as:

      Set to 1, if the Responder MUST perform FEC validation using OSPF
      as IGP protocol.  Set to 2, if the Responder MUST perform Egress
      FEC validation using ISIS as IGP protocol.

I don't know what's required for those validation steps, nor if there's 
any chance that doing such validation could form a new DoS vector,
or if it could (interestingly) affect the interpretation of the information 
in the responses (say if validation can affect response timing in some
weird way), so this is just to check if there's anything more to be said
about that. I assume the authors' answer will be that implementers
of this will know what validation means here, that it's no big deal as
a DoS vector and that the timing effects are not a problem. If so,
that's probably fine, but it might be good to verify that.

Cheers,
S.