Last Call Review of draft-ietf-ospf-ospfv3-segment-routing-extensions-16
review-ietf-ospf-ospfv3-segment-routing-extensions-16-secdir-lc-sheffer-2018-11-04-00
Request | Review of | draft-ietf-ospf-ospfv3-segment-routing-extensions |
---|---|---|
Requested revision | No specific revision (document currently at 23) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2018-11-16 | |
Requested | 2018-10-23 | |
Authors | Peter Psenak , Stefano Previdi | |
I-D last updated | 2018-11-04 | |
Completed reviews |
Genart Telechat review of -19
by Pete Resnick
(diff)
Genart Last Call review of -18 by Pete Resnick (diff) Secdir Last Call review of -16 by Yaron Sheffer (diff) Rtgdir Last Call review of -17 by Tomonori Takeda (diff) Opsdir Last Call review of -16 by Joe Clarke (diff) |
|
Assignment | Reviewer | Yaron Sheffer |
State | Completed | |
Request | Last Call review on draft-ietf-ospf-ospfv3-segment-routing-extensions by Security Area Directorate Assigned | |
Reviewed revision | 16 (document currently at 23) | |
Result | Has nits | |
Completed | 2018-11-04 |
review-ietf-ospf-ospfv3-segment-routing-extensions-16-secdir-lc-sheffer-2018-11-04-00
Summary: document has non-security related nits. Details * The definition of "segment" is different here from the one used in the architecture RFC. The RFC is more abstract, quoting: A node steers a packet through an ordered list of instructions, called "segments". Whereas here a segment is simply a sub-path. This is confusing to a non-expert, and perhaps indicates a change in the group's thinking. * SID/Label Sub-TLV: is it Mandatory? If so, please point it out. * "The SR-Algorithm TLV is optional" - I find this sentence confusing. Maybe replace by "The SR-Algorithm TLV is mandatory for routers that implement segment routing"? * The reference under "IGP Algorithm Type" registry should be to the IANA registry itself, not to the I-D that defines it. (In particular since the IANA registry has already been established, https://www.iana.org/assignments/igp-parameters/igp-parameters.xhtml#igp-algorithm-types). * OSPFv3 Extended Prefix Range TLV Flags octet: add the usual incantation about reserved bits. * In general I agree with the reasoning in the Security Considerations. I would like to raise the question if, in addition to mis-routing, this adds a threat of massive denial-of-service on MPLS endpoints, e.g. by allowing an attacker who has OSPF access to introduce routing loops. (This may be completely bogus, I am far from expert with either of these protocols).