Skip to main content

Last Call Review of draft-ietf-pce-rfc7150bis-01

Request Review of draft-ietf-pce-rfc7150bis
Requested revision No specific revision (document currently at 01)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-12-24
Requested 2014-12-11
Authors Fatai Zhang , Adrian Farrel
I-D last updated 2015-01-02
Completed reviews Genart Last Call review of -01 by Peter E. Yee
Secdir Last Call review of -01 by Phillip Hallam-Baker
Assignment Reviewer Phillip Hallam-Baker
State Completed
Review review-ietf-pce-rfc7150bis-01-secdir-lc-hallam-baker-2015-01-02
Reviewed revision 01
Result Ready
Completed 2015-01-02
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call

The document is making an essentially syntactic modification to an existing
specification so that the suite of specifications applies a uniform approach to
extension syntax.

As such, the proposal does not raise new security concerns beyond the normal
concerns raised by syntax.

One concern that is raised is the risk of attack through construction of an
attribute with a Tag-Length-Value such that the specified length is invalid
being either negative (in signed arithmetic) or greater than the size of the
enclosing construct.

While both concerns can be avoided through appropriate coding techniques, a
note to remind implementers that caution is required is appropriate.