Warren Kumari has entered the following ballot position for draft-ietf-spring-sr-replication-segment-15: Abstain
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-spring-sr-replication-segment/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I am balloting Abstain (in the "I oppose this document but understand that others differ and am not going to stand in the way of the others." sense) on this document as I cannot in good conscience ballot NoObj. The Security Consideration hinge on "An SR domain operates within an assumed trust domain as specified in Security Considerations of RFC 8402. Traffic must be filtered at SR domain boundaries to prevent malicious replication of packets." Firstly I'll note that this isn't really what the Security Considerations section of RFC8042 actually says (it is really short, but says: "**By default**, SR operates within a trusted domain. Traffic MUST be filtered at the domain boundaries." (emphasis mine)), but secondly, this talks about replication of traffic (AKA a DoS amplifier). I believe that the document (and SR in general) needs to do a much better job of discussing the security / DoS implications of what happens when an attacker is able to inject traffic into the SR domain (e.g because they have 0wned a node within the network. I'm balloting Abstain instead of DISCUSS because I've raised this objection multiple times on multiple document, and no longer have the stomach to have this fight yet again. _______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
