Oops, sent to wrong list. -------- Original Message -------- Subject: Last Call review of draft-ietf-karp-bfd-analysis-05 Date: Thu, 07 Aug 2014 14:14:42 -0400 From: Tom Taylor To: Gen Art , draft-ietf-karp-bfd-analysis-05 at tools.ietf.org I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the operational area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: this document is almost ready to publish as an Informational document with a minor issue and editorial suggestions. Minor issue: Section 2 identifies vulnerability to DoS attacks as a gap, but there is no follow-up in the rest of the document. Editorial: in the middle paragraph of Section 1, change "require" to "allow". OLD Moving the routing protocols to a stronger algorithm while using weaker algorithm for BFD would require the attacker to bring down BFD in order to bring down the routing protocol. NEW Moving the routing protocols to a stronger algorithm while using weaker algorithm for BFD would *allow* the attacker to bring down BFD in order to bring down the routing protocol. Editorial: I have trouble parsing the first sentence of the fourth paragraph of Section 3. It currently reads: Note that when using authentication mechanisms, BFD requests the sequence of a received BFD packets drops with a limited range (3* Detection time multiplier). Do you mean to say that BFD requests retransmission of BFD packets that were received but dropped, and whose sequence numbers lie in a limited range (3* Detection time multiplier)? Editorial: same paragraph, next sentence, drop the "of": OLD (3 times of the detect interval of the session) NEW (3 times the detect interval of the session) Editorial: next paragraph, third sentence: OLD If a node will randomly select a new discriminator for a new session and use authentication mechanism to secure the control packets, inter-session replay attacks can be mitigated to some extent. NEW If a node randomly selects a new discriminator for a new session and uses an authentication mechanism to secure the control packets, inter-session replay attacks can be mitigated to some extent. Editorial: same paragraph, fourth line from bottom: s/reasons/reason/ Editorial: Section 4, third paragraph: s/elaborately/carefully/ Editorial: Section 6, second paragraph: s/relative effective/relatively effective/