Last Call Review of draft-ietf-teas-rfc3272bis-24
review-ietf-teas-rfc3272bis-24-secdir-lc-emery-2023-07-08-00
| Request | Review of | draft-ietf-teas-rfc3272bis |
|---|---|---|
| Requested revision | No specific revision (document currently at 27) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2023-07-11 | |
| Requested | 2023-06-27 | |
| Authors | Adrian Farrel | |
| I-D last updated | 2023-07-08 | |
| Completed reviews |
Secdir Last Call review of -24
by Shawn M Emery
(diff)
Artart Last Call review of -24 by Rich Salz (diff) Genart Last Call review of -24 by Behcet Sarikaya (diff) Tsvart Last Call review of -24 by Bob Briscoe (diff) Intdir Telechat review of -24 by Brian Haberman (diff) Rtgdir Early review of -21 by John Drake (diff) |
|
| Assignment | Reviewer | Shawn M Emery |
| State | Completed | |
| Request | Last Call review on draft-ietf-teas-rfc3272bis by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/QFnasdcL5mfrVBfTuyiH18urHZs | |
| Reviewed revision | 24 (document currently at 27) | |
| Result | Has nits | |
| Completed | 2023-07-08 |
review-ietf-teas-rfc3272bis-24-secdir-lc-emery-2023-07-08-00
This informational track draft provides an up-to-date description of common Internet traffic engineering concepts from the original RFC which was published in 2002. The security considerations section does exit and states that this draft doesn't introduce any new security issues, which I agree. The section discusses the implications of when an attacker does compromise the control and management protocols of TE networks. This could lead to the adversary diverting traffic to nodes controlled by the attacker, in which case the privacy of the transmitted data can be compromised. The traffic could also be sent to the wrong place or slower network in order to perform a DoS of the affected traffic. The document doesn't prescribe mitigating steps for said attacks. I find this appropriate given the intent of this draft, which is to describe a compilation of protocols. General comments: A well written and comprehensive document, however I mainly focused on the changes from RFC 3272 to this draft. Thank you for Appendix A. Editorial comments: s/example operating/example of operating/ s/Exampls/Examples/ s/netrok/network/ s/conforma/conforms/ s/determination of/determined by/ s/is conformed with for/conforms with/ s/enters a/enters/