Hi, See below some comments.
> On Feb 3, 2016, at 3:14 PM, Brian Haberman <br...@innovationslab.net> wrote: > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > The following is a training review from the Suresh Krishnan (incoming INT > AD) > > * Section 3.4 > > If the intent is to create a new RH type how will the interoperability or > backward compatibility be possible? Specifically because intermediate > nodes (that are segment routing hops) that encounter unknown RH types are > required to drop the packet and send an ICMPv6 Parameter Problem back. in fact, RFC2460 states that if a node is the destination of a packet with a unknown routing header type, it must inspect “segments_left” field and if its 0, then the RH is ignored (and the packet regularly processed). Therefore, as you pointed out, it is required and assumed that any intermediate segment supports the new RH type described in draft-ietf-6man-segment-routing-header. Still segment routing allows interoperability with non-SR nodes since only segment nodes must be SR capable. Text will be added to draft-ietf-6man-segment-routing-header in order to clarify this point but I’m not sure if draft-ietf-spring-problem-statement should incorporate this level of details. > * Security considerations > > In general this document does not talk anything about the security issues > with IPv6 routing headers and how they would be avoided. e.g. The > following paper describes an attack. > > [CanSecWest07] Biondi, P. and A. Ebalard, "IPv6 Routing Header > Security", CanSecWest Security Conference 2007, > April 2007. > http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf > > I think the security considerations are very light and need to be greatly > improved. Security aspects of the IPv6 Segment Routing Header are described in section 5 of draft-ietf-6man-segment-routing-header. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > * Section 2 > > This section talks about the Routing header defined in RFC2460 but does > not mention that the RH0 has been deprecated by RFC5095. Potentially > worth mentioning draft-ietf-6man-segment-routing-header-00. SR for IPv6 is implemented through a new type. As the problem-statement draft is not supposed to contain any solution description, all the aspects of the new routing header type are described in draft-ietf-6man-segment-routing-header. s. _______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
