Hi Yoav,
Thank you for the review. Please find comments inline.
On 6/8/17, 2:47 PM, "Yoav Nir" <ynir(_dot_)ietf(_at_)gmail(_dot_)com> wrote:
Reviewer: Yoav Nir
Review result: Has Nits
I have reviewed this document as part of the security directorate's
ongoing
effort to review all IETF documents being processed by the IESG. These
comments
were written primarily for the benefit of the security area directors.
Document
editors and WG chairs should treat these comments just like any other
last call
comments.
My biggest issue with this document is that it is hard to read. For
example,
the Introduction expands tLDP to "targeted LDP", and the Introduction
begins
with "LDP uses extended discovery...", but LDP itself is only expanded to
"label distribution protocol" in the IANA considerations section.
Updated text as “Recent targeted Label Distribution Protocol (tLDP)
applications .."
Similarly,
the much-overloaded term "application" is never explained except that some
applications are "targeted" and that "FEC 128 pseudowire" is an example
of an
application. I am sure this makes sense to participants of the MPLS
working
group, but to others this is much harder. There needs to be at least a
reference to RFC 5036 where these terms are better explained (RFC 5036 is
referenced but only as the document where tLDP adjacency is described).
Referenced RFC5036 in the second paragraph that introduces the application
keyword.
"Applications [RFC5036] such as Remote LFA and BGP auto discovered…"
Nits:
The Security Considerations section begins with "The Capability procedure
described in this document will apply and does not introduce any change
to LDP
Security Considerations". The procedure will apply what? Or will apply
to
what? I think the words "will apply and" are superfluous.
Correct :) Removed. Now it reads as "The Capability procedure described in
this
document does not introduce any change to.."
The second paragraph seems to be repeating part of the (rather extensive)
security considerations of RFC 5036, but it does not say why (or even
whether)
that particular anti-DoS measure applies in particular to the mechanism
described in this document. IOW why is this measure singled out from
among the
three pages of security considerations from RFC 5036?
This part of security considerations is repeated as it is related to
extended
hellos that are required to establish tLDP session. The mechanism
described in
this document updates tLDP session establishment procedures. The text is
updated
to covey the intention.
The third paragraph is not clear to me. It talks about two nodes not
establishing a tLDP session if they don't support the same application. I
don't
know why that belongs in the security considerations section. The SHOULD
NOT
(establish a session) mandate definitely does not belong there.
Removed the entire line that stated the 'SHOULD NOT part'. Agree, that
text
does not belong here. The third paragraph is added to address Bruno’s
comments
during routing directorate review. The intention is to state clearly - The
Initiating and receiving LSR MUST only advertise TA-Ids that they support.
The updated security paragraph reads as follows -
The Capability procedure described in this document does not
introduce any change to LDP Security Considerations section described
in [RFC5036].
As described in [RFC5036], DoS attacks via Extended Hellos, which are
required to establish a tLDP session, can be addressed by filtering
Extended Hellos using access lists that define addresses with which
Extended Discovery is permitted. Further, as described in section
5.2 of this document, a LSR can employ a policy to accept all auto-
discovered Extended Hellos from the configured source addresses
list.
Also for the two LSRs supporting TAC, the tLDP session is only
established after successful negotiation of the TAC. The initiating
and receiving LSR MUST only advertise TA-Ids that they support. In
other words, what they are configured for over the tLDP session.
Thanks,
Santosh (On behalf of Authors)