Last Call Review of draft-ietf-mpls-tp-aps-updates-03
review-ietf-mpls-tp-aps-updates-03-secdir-lc-huitema-2017-05-16-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document is: Ready.

This document, draft-ietf-mpls-tp-aps-updates-03, describes a set of fixes to
the MPLS Transport Profile (MPLS-TP) Linear Protection defined in RFC 6378.
Linear Protection is meant to provide rapid and simple protection switching.
MPLS-TP allows end-points in a "protected domain" to coordinate when the
traffic shall be sent on the normal path, or switched to the pre-established
protection path. The protocol was updated in RFC 7271. The current document
updates RFC 7271. It adds a better definition for the initialization of the
protocol state, and defines a limited set of changes in the state machine.

The security sections states that "No specific security issue is raised in
addition to those ones already documented in [RFC7271].  It may be noted that
tightening the description of initializing behavior may help to protect
networks from re-start attack." I agree with that assessment.