Last Call Review of draft-ietf-mpls-tp-aps-updates-03
review-ietf-mpls-tp-aps-updates-03-secdir-lc-huitema-2017-05-16-00

Request Review of draft-ietf-mpls-tp-aps-updates
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-05-19
Requested 2017-05-05
Draft last updated 2017-05-16
Completed reviews Rtgdir Last Call review of -02 by Russ White (diff)
Opsdir Last Call review of -03 by Jürgen Schönwälder (diff)
Genart Last Call review of -03 by Roni Even (diff)
Secdir Last Call review of -03 by Christian Huitema (diff)
Assignment Reviewer Christian Huitema
State Completed
Review review-ietf-mpls-tp-aps-updates-03-secdir-lc-huitema-2017-05-16
Reviewed rev. 03 (document currently at 04)
Review result Ready
Review completed: 2017-05-16

Review
review-ietf-mpls-tp-aps-updates-03-secdir-lc-huitema-2017-05-16

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document is: Ready.

This document, draft-ietf-mpls-tp-aps-updates-03, describes a set of fixes to the MPLS Transport Profile (MPLS-TP) Linear Protection defined in RFC 6378. Linear Protection is meant to provide rapid and simple protection switching. MPLS-TP allows end-points in a "protected domain" to coordinate when the traffic shall be sent on the normal path, or switched to the pre-established protection path. The protocol was updated in RFC 7271. The current document updates RFC 7271. It adds a better definition for the initialization of the protocol state, and defines a limited set of changes in the state machine. 

The security sections states that "No specific security issue is raised in addition to those ones already documented in [RFC7271].  It may be noted that tightening the description of initializing behavior may help to protect networks from re-start attack." I agree with that assessment.