FYI
-----Original Message-----
From: Klaas Wierenga (kwiereng) [mailto:[email protected]]
Sent: Monday, January 04, 2016 2:25 PM
To: [email protected]; [email protected];
[email protected]
Subject: review of draft-ietf-spring-problem-statement-06
Hi,
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.
This document provides a problem statement for source based unicast routing
architecture. The document examines a number of typical use cases in order to
come up with the requirements for the target architecture.
I believe the document is clear and well-written and ready for publication,
with one small nit, see below.
The Security Considerations section is a little bit light, but in line with the
rest of the document, so I believe sufficient, provided that a more detailed
analysis is done in forthcoming documents. I have one small nit, in the
document it says:
—
There is an assumed trust model such that the source imposing an
explicit route on a packet is assumed to be allowed to do so. It is
assumed that the default behavior is to strip any internal routing
information from the packet before the packet is forwarded outside
the domain. In such context trust boundaries SHOULD strip explicit
routes from a packet.
—
It is unclear to me whether the idea is that if that *only internal* info is
stripped, or *all*, i.e. if the provided route is {internal host 1, internal
host 2, internal host 3, external host 1, external host 2}, is the idea that at
egress the whole specific route is tripped or that what remains is {external
host 1, external host 2), with leaving up to the transit or destination network
to apply “stripping policy” on the remainder. Please clarify.
Klaas
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
_______________________________________________
spring mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/spring
