Last Call Review of draft-ietf-bfd-seamless-base-08
review-ietf-bfd-seamless-base-08-secdir-lc-emery-2016-05-05-00

Request Review of draft-ietf-bfd-seamless-base
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-05-03
Requested 2016-03-23
Draft last updated 2016-05-05
Completed reviews Genart Last Call review of -08 by Dan Romascanu (diff)
Genart Telechat review of -09 by Dan Romascanu (diff)
Secdir Last Call review of -08 by Shawn Emery (diff)
Opsdir Last Call review of -08 by Victor Kuarsingh (diff)
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-bfd-seamless-base-08-secdir-lc-emery-2016-05-05
Reviewed rev. 08 (document currently at 11)
Review result Has Nits
Review completed: 2016-05-05

Review
review-ietf-bfd-seamless-base-08-secdir-lc-emery-2016-05-05

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a version of Bidirectional Forwarding Detection (BFD) that
allows for better efficiencies in provisioning and path monitoring of network
node infrastructure.

The security considerations section does exist and asserts that the security
considerations that pertains to the base BFD protocol, RFC 5880, also applies
to this protocol.  The section continues with guidance on authenticating data,
replay, and DoS avoidance, specific to this protocol.  I agree with most of the
recommendations outlined and assertions presented in this section.  5880 is
forthcoming with the various vulnerabilities/limitations of the base protocol.
However, the draft does not cover the case where an attacker impersonates the
SBFDInitiator, but does cover the SBFDReflector scenario.

General comments:

None.

Editorial comments:

s/Once above setup/Once the above setup/
s/it can quickly/can quickly/
s/and IS-IS will advertises/and IS-IS advertises/
s/then response S-BFD/then a response S-BFD/
s/allocated a same/allocated the same/
s/Remainder of this/The remainder of this/
s/for above suggestions/for the suggestions above/
s/that discriminator/that the discriminator/
s/for a same/for the same/
s/is to have following/has the following/
... I stopped after this.  Please have someone review the rest of the draft for
grammar.  It will be hard to read w/o these updates.

Shawn.
--