Last Call Review of draft-ietf-mpls-tp-aps-updates-03
review-ietf-mpls-tp-aps-updates-03-secdir-lc-huitema-2017-05-16-00

Request Review of draft-ietf-mpls-tp-aps-updates
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-05-19
Requested 2017-05-05
Other Reviews Rtgdir Last Call review of -02 by Russ White (diff)
Opsdir Last Call review of -03 by Jürgen Schönwälder (diff)
Genart Last Call review of -03 by Roni Even (diff)
Review State Completed
Reviewer Christian Huitema
Review review-ietf-mpls-tp-aps-updates-03-secdir-lc-huitema-2017-05-16
Posted at https://mailarchive.ietf.org/arch/msg/secdir/6Tcpbaegx_LWwJPNvJAKdfw6tsw
Reviewed rev. 03 (document currently at 04)
Review result Ready
Draft last updated 2017-05-16
Review closed: 2017-05-16

Review
review-ietf-mpls-tp-aps-updates-03-secdir-lc-huitema-2017-05-16

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document is: Ready.

This document, draft-ietf-mpls-tp-aps-updates-03, describes a set of fixes to the MPLS Transport Profile (MPLS-TP) Linear Protection defined in RFC 6378. Linear Protection is meant to provide rapid and simple protection switching. MPLS-TP allows end-points in a "protected domain" to coordinate when the traffic shall be sent on the normal path, or switched to the pre-established protection path. The protocol was updated in RFC 7271. The current document updates RFC 7271. It adds a better definition for the initialization of the protocol state, and defines a limited set of changes in the state machine. 

The security sections states that "No specific security issue is raised in addition to those ones already documented in [RFC7271].  It may be noted that tightening the description of initializing behavior may help to protect networks from re-start attack." I agree with that assessment.