Last Call Review of draft-ietf-teas-te-express-path-03

Request Review of draft-ietf-teas-te-express-path
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-09-29
Requested 2015-09-17
Authors Alia Atlas, John Drake, Spencer Giacalone, Stefano Previdi
Draft last updated 2015-10-01
Completed reviews Genart Last Call review of -03 by Robert Sparks (diff)
Genart Telechat review of -03 by Robert Sparks (diff)
Secdir Last Call review of -03 by Christian Huitema (diff)
Opsdir Last Call review of -03 by Susan Hares (diff)
Assignment Reviewer Christian Huitema 
State Completed
Review review-ietf-teas-te-express-path-03-secdir-lc-huitema-2015-10-01
Reviewed rev. 03 (document currently at 05)
Review result Ready
Review completed: 2015-10-01


I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the 

IESG.  These comments were written primarily for the benefit of the 

security area directors.  Document editors and WG chairs should treat 

these comments just like any other last call comments.


This document is ready for publication as an informational RFC.


Draft-ietf-teas-te-express-path provides considerations on the use of performance criteria such as delay, loss and jitter when performing path selection when using routing protocols IS-IS or OSPF. The document  warns developers against using poor criteria and causing oscillation. It provides guidance on the handling of paths whose measured criteria have changed.


The security section states that “This document is not currently believed to introduce new security concerns.” Well, I currently believe that the authors may be correct about that. The only potential attack that I can think of would involve subtle manipulations of the criteria measurements in order to induce path oscillations. Such attack scenario does not feel very realistic or very serious. In any case that would not be a “new” attack due to this specific draft, but rather an existing attack on IS-IS or OSPF.


-- Christian Huitema