Early Review of draft-zheng-mpls-ldp-hello-crypto-auth-
As requested I have done an early review this document as part of the
security directorate's ongoing efforts.
There are no big problems with this draft but I have some medium,
small, and tiny comments below.
Suggest removing the last sentence of Section 4.1 and adding to end
of the first sentence of the second paragraph of the Security
Considerations section something like ", and proper key handling.
For example, unencrypted keys MUST NOT be exposed to adversaries
through inclusion in unencyrpted Hellos or other messages."
The draft is worded in such a way as to imply that only an "HMAC
hash" would ever be used for authentication. It would seem better
to word things so as just to say that a Message Authentication Code
(MAC) will be calculated and verified. Then, somewhat separately,
say that the MAC algorithms currently specified for this use are
only HMACs based on the SHA family of hash algorithms. For example,
in the second paragraph of 4.1, replace "HMAC Hash" with "MAC" and
make other appropriate wording changes.
Section 4.1, second paragraph, suggest replaceing "current
authentication key" with "authentication key to be used".
Section 4.2, 2nd paragraph, suggest replacing "configured
authentication key" with "authentication key known to the
receiver". There might, in the future, be some mechanism to
neogitate a key rather than always having it configured.
In Security Considerations, suggest adding a reference after
"random values" to [RFC4086].
Suggest adding a reference to [RFC6234].
There should be postal addresses and phone numbers with the
Authors' Addresses information.
Last paragraph of Security Considerations, "represents a
significant increase in" -> "significantly increases".
There seems to be this empty "8.2 References" section between the
Normative References and Informative References Sections. It should
I really suggest striking both occurance of the word "really" in
I'm not sure all of Section 3 is needed, since it seems to me that
lots of it is duplicated from referenced documents...
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
d3e3e3 at gmail.com