Last Call Review of draft-ietf-ospf-af-alt-
review-ietf-ospf-af-alt-secdir-lc-laganier-2009-10-22-00

Request Review of draft-ietf-ospf-af-alt
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-10-14
Requested 2009-09-30
Authors Michael Barnes, Sina Mirtorabi, Rahul Aggarwal, Abhay Roy, Acee Lindem
Draft last updated 2009-10-22
Completed reviews Secdir Last Call review of -?? by Julien Laganier
Assignment Reviewer Julien Laganier
State Completed
Review review-ietf-ospf-af-alt-secdir-lc-laganier-2009-10-22
Review completed: 2009-10-22

Review
review-ietf-ospf-af-alt-secdir-lc-laganier-2009-10-22

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This draft specifies a mechanism for supporting multiple address families (e.g., multicast IPv6, unicast IPv4, and multicast IPv4) in OSPFv3 using multiple instances of the protocol. An address family is mapped to an OSPFv3 instance via the Instance ID field included in the OSPFv3 header.

The security considerations sections seems adequate in pointing to existing OSPFv3 specifications since this extension does not seem to introduce additional security issues compared to that of basic OSPFv3, and the fact that the multiple instances supporting different address families will have to share the same IPsec SAs when IPsec is used to protect OSPFv3 (due to the absence of a traffic selector operating on the Instance ID field of the OSPFv3 header) is acknowledged.

Small typo in the sec-cons: s/IPsec [IPsec]. can/IPsec [IPsec] can/

--julien