Last Call Review of draft-ietf-teas-te-express-path-03
review-ietf-teas-te-express-path-03-secdir-lc-huitema-2015-10-01-00
Request | Review of | draft-ietf-teas-te-express-path |
---|---|---|
Requested revision | No specific revision (document currently at 05) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2015-09-29 | |
Requested | 2015-09-17 | |
Authors | Alia Atlas , John Drake , Spencer Giacalone , Stefano Previdi | |
I-D last updated | 2015-10-01 | |
Completed reviews |
Genart Last Call review of -03 by Robert Sparks
(diff)
Genart Telechat review of -03 by Robert Sparks (diff) Secdir Last Call review of -03 by Christian Huitema (diff) Opsdir Last Call review of -03 by Susan Hares (diff) |
|
Assignment | Reviewer | Christian Huitema |
State | Completed | |
Request | Last Call review on draft-ietf-teas-te-express-path by Security Area Directorate Assigned | |
Reviewed revision | 03 (document currently at 05) | |
Result | Ready | |
Completed | 2015-10-01 |
review-ietf-teas-te-express-path-03-secdir-lc-huitema-2015-10-01-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is ready for publication as an informational RFC. Draft-ietf-teas-te-express-path provides considerations on the use of performance criteria such as delay, loss and jitter when performing path selection when using routing protocols IS-IS or OSPF. The document warns developers against using poor criteria and causing oscillation. It provides guidance on the handling of paths whose measured criteria have changed. The security section states that “This document is not currently believed to introduce new security concerns.” Well, I currently believe that the authors may be correct about that. The only potential attack that I can think of would involve subtle manipulations of the criteria measurements in order to induce path oscillations. Such attack scenario does not feel very realistic or very serious. In any case that would not be a “new” attack due to this specific draft, but rather an existing attack on IS-IS or OSPF. -- Christian Huitema