Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in the last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments.
Reviewer: Tirumaleswar Reddy Review result: Ready with Nits Summary: It describes a set of LinkType values used in PCAP capture file formats and to create an IANA registry for those values. Nits and comment below: 1. While the text already covers buffer overreads due to truncated captures, I suggest broadening that to mention unbounded copies, where unverified length fields or captured lengths are used directly in memory allocations. Implementations will have to bound allocation sizes based on the actual buffer length and defined protocol limits. 2. Implementations will have to handle unknown/not-registered LinkType values. 3. LinkType metadata can reveal deployment details. For example, the presence of LINKTYPE_IEEE802_11 indicates wireless capture, while vendor-specific LinkTypes (e.g., LINKTYPE_JUNIPER_ATM1) disclose equipment type. When capture files are shared outside the organization, network administrators will have to review and, if necessary, anonymize LinkType values and related metadata to avoid leaking information about network topology and network vendor details. Best Regards, -Tiru
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
