On Wed, Aug 21, 2019 at 8:07 AM Acee Lindem (acee) wrote:
> Hi. Kathleen,
>
> On 8/21/19, 7:42 AM, "Kathleen Moriarty via Datatracker" <
> nore...@ietf.org> wrote:
>
> Reviewer: Kathleen Moriarty
> Review result: Has Nits
>
> I apologize for the very late review. I see you are already working
> on Roman's
> discuss, so perhaps this nit could be addressed still.
>
> In the security considerations section, the following text is included:
>
>As such, no new
>security threats are introduced beyond the considerations in OSPFv2
>[RFC2328], OSPFv3 [RFC5340], and [RFC5786].
>
> However, new considerations follow and as such, the above statement
> isn't
> entirely accurate. I do agree that no security is provided in these
> protocols,
> and that is not new, but new information is exposed. Perhaps saying
> additional
> considerations follow would be better than saying "no new security
> threats are
> introduced".
>
> As document shepherd and LSR WG Co-Chair, I disagree. There is no new
> information exposed. This draft simply enables the TE endpoints from both
> IPv4 and IPv6 to be advertised in either OSPFv2 or OSPFv3 rather than
> relegating advertisement of IPv4 TE information to OSPFv2 and IPv6 TE
> information to OSPFv3. If anything, it improves security by reducing the
> surface area for attacks to a single protocol rather than both protocols.
>
> I won't fight it and it is really too late, but I dislike the sentence
especially when used on a protocol with no security properties. If someone
doesn't realize the current state and overall lack of security, this
sentence doesn't help.
Best regards,
Kathleen
> Thanks,
> Acee
>
> Thank you,
> Kathleen
>
>
>
>
--
Best regards,
Kathleen
___
Lsr mailing list
Lsr@ietf.org
https://www.ietf.org/mailman/listinfo/lsr