On 05/01/15 21:33, Randy Bush wrote:
and the new lsas could not be used in path shortening attacks,
right?
this document only defines the format of the LSA’s it does not talk
about processing by the routing engines.
so the secdir sees no need to warn about it. got it. </sarcasm>
If secdir is going to warn about it through this process, then surely
the right place to do that is in the comments on the document that
does talk about processing by the routing engines?
a naïve person might think that all documents in a series that have
security implications would be flagged in the security considerations
section.
but i have had my say. let's get back to work.
Yeah, I don't think arguing about it between secdir reviewers
will help us so much:-)
I noted that this had been raised in my ballot ([1] at the end)
and asked if text is needed. Randy - if you have suggested text
that could go in there that'd be good. I'm not clear enough
about the relationship between that attack and this draft to
know what'd be good to be honest.
Cheers,
S.
[1]
https://datatracker.ietf.org/doc/draft-ietf-ospf-te-metric-extensions/ballot/#stephen-farrell
randy