Last Call Review of draft-ietf-pwe3-pw-typed-wc-fec-
review-ietf-pwe3-pw-typed-wc-fec-secdir-lc-orman-2012-03-16-00

Security review of draft-ietf-pwe3-pw-typed-wc-fec-03.txt

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call
comments.

The abstract:
   The "Typed Wildcard Forwarding Equivalence Class (FEC) Element" 
   defines an extension to the Label Distribution Protocol (LDP) that 
   can be used when it is desired to request or withdraw or release all 
   label bindings for a given FEC Element type.  However, a typed 
   wildcard FEC element must be individually defined for each FEC 
   element type.  This specification defines the typed wildcard FEC 
   elements for the PWid (0x80) and Generalized PWid (0x81) FEC element 
   types. 

In doing an SR for a WC semantic one has to be mindful of the overall
ops SC.  The TM might be insider MW or external DDoS.  In this case,
the chances for semantic ambiguity and resulting misconfiguration
could be significant, or not.  Users should invest in an RA before
accepting these types.

The sec5's of all predecessor documents have sufficient handwaving
to cover the basic ideas of this draft.  See my earlier review of
draft-ietf-pwe3-segmented-pw-13.txt.

Hilarie