Last Call Review of draft-ietf-rtgwg-ipfrr-notvia-addresses-10
review-ietf-rtgwg-ipfrr-notvia-addresses-10-secdir-lc-sheffer-2013-02-07-00

Request Review of draft-ietf-rtgwg-ipfrr-notvia-addresses
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-02-05
Requested 2013-01-25
Authors Stewart Bryant, Stefano Previdi, Mike Shand
Draft last updated 2013-02-07
Completed reviews Genart Last Call review of -10 by Suresh Krishnan (diff)
Secdir Last Call review of -10 by Yaron Sheffer (diff)
Assignment Reviewer Yaron Sheffer
State Completed
Review review-ietf-rtgwg-ipfrr-notvia-addresses-10-secdir-lc-sheffer-2013-02-07
Reviewed rev. 10 (document currently at 11)
Review result Ready
Review completed: 2013-02-07

Review
review-ietf-rtgwg-ipfrr-notvia-addresses-10-secdir-lc-sheffer-2013-02-07

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.



This document describes a method to protect a network from router/link 


failures by encapsulating packets in an envelope that denotes what nodes 


it should *not* be routed through. This is not a protocol definition 


(despite a few stray MUSTs), it is only an informational summary of 


design issues and a framework.




Summary

The document is good to go. In fact, a SecDir review is not applicable.

Details



The document does contain a Security Considerations section that goes 


through 3 potential security issues. But since the document in general 


is a high-level discussion, it is impossible to analyze whether all 


pertinent security issues are covered. If the not-via mechanism is ever 


specified as a protocol, the security analysis will need to be done from 


scratch.




Thanks,
     Yaron