Last Call Review of draft-ietf-teas-rsvp-egress-protection-09
review-ietf-teas-rsvp-egress-protection-09-secdir-lc-shekh-yusef-2018-02-20-00

Request Review of draft-ietf-teas-rsvp-egress-protection
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-02-27
Requested 2018-02-13
Authors Huaimo Chen, Autumn Liu, Tarek Saad, Fengman Xu, Lu Huang
Draft last updated 2018-02-20
Completed reviews Rtgdir Last Call review of -09 by Russ White (diff)
Genart Last Call review of -09 by Stewart Bryant (diff)
Secdir Last Call review of -09 by Rifaat Shekh-Yusef (diff)
Secdir Telechat review of -13 by Rifaat Shekh-Yusef (diff)
Genart Telechat review of -14 by Stewart Bryant (diff)
Assignment Reviewer Rifaat Shekh-Yusef 
State Completed
Review review-ietf-teas-rsvp-egress-protection-09-secdir-lc-shekh-yusef-2018-02-20
Reviewed rev. 09 (document currently at 16)
Review result Has Issues
Review completed: 2018-02-20

Review
review-ietf-teas-rsvp-egress-protection-09-secdir-lc-shekh-yusef-2018-02-20

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

   "A backup egress MUST be configured on the ingress of an LSP to
   protect a primary egress of the LSP if and only if the backup egress
   is not indicated in another place."

Can you define "another place"? Is it the "primary egress"? others?
 

   "To protect a primary egress of an LSP, a backup egress MUST be
   configured on the primary egress of the LSP to protect the primary
   egress if and only if the backup egress is not indicated in another
   place."   

Can you define "another place"? Is it the "ingress"? others?
   

   "Note that protecting a primary egress of a P2P LSP carrying service
   traffic through a backup egress requires that the backup egress trust
   the primary egress for the information received for a service label
   as UA label."
   
Can you elaborate on this statement? 
How would the backup egress trust the primary egress?

Regards,
 Rifaat