Last Call Review of draft-ietf-teas-p2mp-loose-path-reopt-08
review-ietf-teas-p2mp-loose-path-reopt-08-secdir-lc-johansson-2017-02-16-00

Reviewer: Leif Johansson
Review result: Minor issues

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The draft describes a way to handle groupings of large sets of sub-
LSPs in a P2MP GMPLS setup for the purpose of traffic engineering
(re-)optimization by introducing the concept of "fragment identifiers"

Let me state up front that the topic is outside my normal area of
expertise. My only question is this: could an attacker fake messages
that would (to the receiver ingress node) appear to be part of a
fragmented group of sub-LSPs so as to trigger a full re-computation
of the tree? The text in the last but one paragraph of 4.2 would
seem to suggest that this attack is a possibility. At "worst" this
would be a denial-of-service attack but it should perhaps be addressed
in the security considerations section anyway.
	
	Cheers Leif