Last Call Review of draft-ietf-sfc-nsh-integrity-04
review-ietf-sfc-nsh-integrity-04-secdir-lc-hanna-2021-03-14-00
Request | Review of | draft-ietf-sfc-nsh-integrity |
---|---|---|
Requested revision | No specific revision (document currently at 09) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2021-03-12 | |
Requested | 2021-02-18 | |
Requested by | Joel M. Halpern | |
Authors | Mohamed Boucadair , Tirumaleswar Reddy.K , Dan Wing | |
I-D last updated | 2021-03-14 | |
Completed reviews |
Secdir Early review of -01
by Steve Hanna
(diff)
Secdir Last Call review of -04 by Steve Hanna (diff) Opsdir Last Call review of -05 by Jürgen Schönwälder (diff) Tsvart Last Call review of -06 by Dr. Joseph D. Touch (diff) |
|
Comments |
Given that this is a security document, and has just completed WG last call, it seems appropriate to ask for a revised security review to make sure we have not missed anything while we get a Document Shepherd writeup put together. Thank you. |
|
Assignment | Reviewer | Steve Hanna |
State | Completed | |
Request | Last Call review on draft-ietf-sfc-nsh-integrity by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/4y0kVwWAMv_bZirzCaz1RAGZ2rU | |
Reviewed revision | 04 (document currently at 09) | |
Result | Ready | |
Completed | 2021-03-14 |
review-ietf-sfc-nsh-integrity-04-secdir-lc-hanna-2021-03-14-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document adds integrity and optional encryption of sensitive metadata directly to the Network Service Header (NSH) protocol defined in RFC 8300, thus reducing or eliminating several attack vectors against Service Function Chaining (SFC). The document is well written and seems adequate for the goals articulated here and elsewhere in the SFC document suite. All of the issues, questions, and nits that I raised in my earlier secdir review (https://datatracker.ietf.org/doc/review-ietf-sfc-nsh-integrity-01-secdir-early-hanna-2020-12-24) have been well addressed in draft-ietf-sfc-nsh-integrity-04. From my perspective (as a security expert who has not previously worked with SFC), this latest version of that document seems to address all relevant security issues in an appropriate manner. I have no remaining concerns regarding this document and support its approval.