Telechat Review of draft-ietf-mpls-ldp-hello-crypto-auth-08
review-ietf-mpls-ldp-hello-crypto-auth-08-opsdir-telechat-dunbar-2014-06-11-00

Request Review of draft-ietf-mpls-ldp-hello-crypto-auth
Requested rev. no specific revision (document currently at 10)
Type Telechat Review
Team Ops Directorate (opsdir)
Deadline 2014-06-10
Requested 2014-06-11
Draft last updated 2014-06-11
Completed reviews Genart Last Call review of -05 by Vijay Gurbani (diff)
Secdir Last Call review of -05 by Yaron Sheffer (diff)
Opsdir Telechat review of -08 by Linda Dunbar (diff)
Assignment Reviewer Linda Dunbar
State Completed
Review review-ietf-mpls-ldp-hello-crypto-auth-08-opsdir-telechat-dunbar-2014-06-11
Reviewed rev. 08 (document currently at 10)
Review result Ready
Review completed: 2014-06-11

Review
review-ietf-mpls-ldp-hello-crypto-auth-08-opsdir-telechat-dunbar-2014-06-11






As OpArea Directorate, I was asked to review the draft-mpls-ldp-hello-crypto-auth-08.





The authors have made good changes to address the comments that I give to draft-mpls-ldp-hello-crypto-auth-05.





 




No further comments anymore. 




 




Linda Dunbar




 




 




 




 










From:

 Linda Dunbar





Sent:

 Friday, May 23, 2014 10:53 AM




To:

 Operations Directorate; 'draft-mpls-ldp-hello-crypto-auth.all at tools.ietf.org'; ops-ads at tools.ietf.org




Subject:

 comments to draft-mpls-ldp-hello-crypto-auth-05










 




As OpArea Directorate, I was asked to review the draft-mpls-ldp-hello-crypto-auth-05. Here are my comments:




 




I think the draft is written very clear. The algorithm described is pretty straight forward. Just a few comments:




 




Page 3 states that “filtering using access lists requires LSR resource”.  But I see the authentication process for the proposed Security TLV may consume more LSR resource.





 







 




I suggest having a paragraph to compare the LSR resource consumed by using access lists with the LSR resource consumed by the proposed Authentication.





Alternatively, change the wording to simply say that “Filtering using access lists are NOT effective because it can’t prevent IP-address spoofing”.





 




 




Linda