Last Call Review of draft-ietf-ospf-security-extension-manual-keying-09
review-ietf-ospf-security-extension-manual-keying-09-secdir-lc-cooley-2014-10-28-00

Request Review of draft-ietf-ospf-security-extension-manual-keying
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-10-28
Requested 2014-10-09
Draft last updated 2014-10-28
Completed reviews Genart Last Call review of -09 by Suresh Krishnan (diff)
Genart Last Call review of -11 by Suresh Krishnan
Secdir Last Call review of -09 by Shaun Cooley (diff)
Opsdir Last Call review of -09 by Linda Dunbar (diff)
Assignment Reviewer Shaun Cooley
State Completed
Review review-ietf-ospf-security-extension-manual-keying-09-secdir-lc-cooley-2014-10-28
Reviewed rev. 09 (document currently at 11)
Review result Ready
Review completed: 2014-10-28

Review
review-ietf-ospf-security-extension-manual-keying-09-secdir-lc-cooley-2014-10-28






I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document
 editors and WG chairs should treat these comments just like any other last call comments.




 




This document addresses both inter-session and intra-session replay attacks when using manual keying for OSPFv2 by changing the sequence numbers to be 64-bit, with the most significant 32-bits being a boot count and the least significant
 32-bits to be an increasing sequence number.  The document also changes the Apad constant to match the source address of the IP header in order to extend authenticated data to prevent source address spoofing.





 




The document was well written and I very much appreciated the redline style approach to the draft.




 




I consider this document ready for publication.




 




-Shaun