Last Call Review of draft-ietf-rtgwg-ipfrr-notvia-addresses-10
review-ietf-rtgwg-ipfrr-notvia-addresses-10-secdir-lc-sheffer-2013-02-07-00

Request Review of draft-ietf-rtgwg-ipfrr-notvia-addresses
Requested revision No specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-02-05
Requested 2013-01-25
Authors Stewart Bryant , Stefano Previdi , Mike Shand
I-D last updated 2013-02-07
Completed reviews Genart Last Call review of -10 by Suresh Krishnan (diff)
Secdir Last Call review of -10 by Yaron Sheffer (diff)
Assignment Reviewer Yaron Sheffer
State Completed
Request Last Call review on draft-ietf-rtgwg-ipfrr-notvia-addresses by Security Area Directorate Assigned
Reviewed revision 10 (document currently at 11)
Result Ready
Completed 2013-02-07
review-ietf-rtgwg-ipfrr-notvia-addresses-10-secdir-lc-sheffer-2013-02-07-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.



This document describes a method to protect a network from router/link 


failures by encapsulating packets in an envelope that denotes what nodes 


it should *not* be routed through. This is not a protocol definition 


(despite a few stray MUSTs), it is only an informational summary of 


design issues and a framework.




Summary

The document is good to go. In fact, a SecDir review is not applicable.

Details



The document does contain a Security Considerations section that goes 


through 3 potential security issues. But since the document in general 


is a high-level discussion, it is impossible to analyze whether all 


pertinent security issues are covered. If the not-via mechanism is ever 


specified as a protocol, the security analysis will need to be done from 


scratch.




Thanks,
     Yaron