Last Call Review of draft-ietf-ospf-dynamic-hostname-
review-ietf-ospf-dynamic-hostname-secdir-lc-weiler-2009-07-02-00

Request Review of draft-ietf-ospf-dynamic-hostname
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-06-30
Requested 2009-06-05
Authors Subbaiah Venkata, Sanjay, Carlos Pignataro, Danny McPherson
Draft last updated 2009-07-02
Completed reviews Secdir Last Call review of -?? by Samuel Weiler
Assignment Reviewer Samuel Weiler 
State Completed
Review review-ietf-ospf-dynamic-hostname-secdir-lc-weiler-2009-07-02
Review completed: 2009-07-02

Review
review-ietf-ospf-dynamic-hostname-secdir-lc-weiler-2009-07-02

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the 


IESG. These comments were written primarily for the benefit of the 


security area directors.  Document editors and WG chairs should treat 


these comments just like any other last call comments.







The dynamic hostname TLV is an optional in-band mechanism to provide 


human-friendly symbolic names that map to router IDs.






The security considerations section 1) encourages the use of OSPF 


authentication and 2) calls out the grand fun possible if a 


misconfigured or compromised router sends bad mappings.  While that's 


probably less fun than could be had from just sending bad routing 


data, it adds an extra level of complexity to the debugging when these 


new symbolic names, as shown in config and debugging tools, don't 


match the expected router IDs.  But I'm not sure anything more really 


needs to be said here.






Resource exhaustion, as raised by Robert Sparks, looks to be a 


possibility, but I could go either way on whether it's worth adding 


words about it specifically -- do we need to call out the potential 


for resource exhaustion for every field in every protocol?




I'd let the doc go as-is.

-- Sam