Last Call Review of draft-ietf-ospf-security-extension-manual-keying-09
review-ietf-ospf-security-extension-manual-keying-09-secdir-lc-cooley-2014-10-28-00

Request Review of draft-ietf-ospf-security-extension-manual-keying
Requested revision No specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-10-28
Requested 2014-10-09
Authors Manav Bhatia , Sam Hartman , Dacheng Zhang , Acee Lindem
I-D last updated 2014-10-28
Completed reviews Genart Last Call review of -09 by Suresh Krishnan (diff)
Genart Last Call review of -11 by Suresh Krishnan
Secdir Last Call review of -09 by Shaun Cooley (diff)
Opsdir Last Call review of -09 by Linda Dunbar (diff)
Assignment Reviewer Shaun Cooley
State Completed
Request Last Call review on draft-ietf-ospf-security-extension-manual-keying by Security Area Directorate Assigned
Reviewed revision 09 (document currently at 11)
Result Ready
Completed 2014-10-28
review-ietf-ospf-security-extension-manual-keying-09-secdir-lc-cooley-2014-10-28-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document
 editors and WG chairs should treat these comments just like any other last
 call comments.



This document addresses both inter-session and intra-session replay attacks
when using manual keying for OSPFv2 by changing the sequence numbers to be
64-bit, with the most significant 32-bits being a boot count and the least
significant
 32-bits to be an increasing sequence number.  The document also changes the
 Apad constant to match the source address of the IP header in order to extend
 authenticated data to prevent source address spoofing.



The document was well written and I very much appreciated the redline style
approach to the draft.



I consider this document ready for publication.



-Shaun