Last Call Review of draft-ietf-opsec-protect-control-plane-
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
Section 3.1 says:
o Permit RADIUS authentication and accounting replies from RADIUS
servers 198.51.100.9, 198.51.100.10, 2001:DB8:100::9, and 2001:
DB8:100::10 that are listening on UDP ports 1645 and 1646. Note
that this doesn't account for a server using Internet Assigned
Numbers Authority (IANA) ports 1812 and 1813 for RADIUS.
So, in other words, RADIUS traffic on the ports (officially assigned for
more than ten years now) will be blocked. This seems like a very poor