On Wed, Aug 21, 2019 at 8:07 AM Acee Lindem (acee) <a...@cisco.com> wrote:
> Hi. Kathleen, > > On 8/21/19, 7:42 AM, "Kathleen Moriarty via Datatracker" < > nore...@ietf.org> wrote: > > Reviewer: Kathleen Moriarty > Review result: Has Nits > > I apologize for the very late review. I see you are already working > on Roman's > discuss, so perhaps this nit could be addressed still. > > In the security considerations section, the following text is included: > > As such, no new > security threats are introduced beyond the considerations in OSPFv2 > [RFC2328], OSPFv3 [RFC5340], and [RFC5786]. > > However, new considerations follow and as such, the above statement > isn't > entirely accurate. I do agree that no security is provided in these > protocols, > and that is not new, but new information is exposed. Perhaps saying > additional > considerations follow would be better than saying "no new security > threats are > introduced". > > As document shepherd and LSR WG Co-Chair, I disagree. There is no new > information exposed. This draft simply enables the TE endpoints from both > IPv4 and IPv6 to be advertised in either OSPFv2 or OSPFv3 rather than > relegating advertisement of IPv4 TE information to OSPFv2 and IPv6 TE > information to OSPFv3. If anything, it improves security by reducing the > surface area for attacks to a single protocol rather than both protocols. > > I won't fight it and it is really too late, but I dislike the sentence especially when used on a protocol with no security properties. If someone doesn't realize the current state and overall lack of security, this sentence doesn't help. Best regards, Kathleen > Thanks, > Acee > > Thank you, > Kathleen > > > > -- Best regards, Kathleen
_______________________________________________ Lsr mailing list Lsr@ietf.org https://www.ietf.org/mailman/listinfo/lsr