Last Call Review of draft-ietf-sfc-nsh-tlv-08
review-ietf-sfc-nsh-tlv-08-secdir-lc-kaufman-2021-10-08-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

Summary: No security issues

This document specifies a syntax only and therefore has no security
considerations. The security considerations section points to the RFC8300 for
security considerations of the protocol in which these messages are used.

General comments:

I found no nits with the document.

Section 3 of the document repeats information from RFC8300 but in less detail.
I assume that's to set context and is non-normative. It omits important details
like processing of the "U" fields. Neither document says what to do on format
violations (e.g., Length=0).

I would have expected Section 4 to say what to do with format violations. For
example, if the Length is not the value the spec says it has to be, should the
length be ignored, or the extension be ignored, or the entire packet be
discarded. What if the sum of the lengths of the extensions exceeds the length
(in four octet groups) specified in the outer header?

This is common in specifications and does not lead to problems until someone
tries to extend the protocol later and discovers divergent behavior in
implementations. (Sadly, that's often true even if the specification does
define correct behavior because implementations often don't follow the
specifications, but you have to start somewhere).