Dear Linda, Thanks a lot for the review. We addressed your comment in revision -20. Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-opsawg-ipfix-on-path-telemetry-20 Doc: https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-ipfix-on-path-telemetry-20 Best wishes Thomas -----Original Message----- From: Linda Dunbar via Datatracker <noreply@xxxxxxxx> Sent: Saturday, July 19, 2025 4:21 AM To: secdir@xxxxxxxx Cc: draft-ietf-opsawg-ipfix-on-path-telemetry.all@xxxxxxxx; last-call@xxxxxxxx; opsawg@xxxxxxxx Subject: draft-ietf-opsawg-ipfix-on-path-telemetry-19 ietf last call Secdir review Be aware: This is an external email. Document: draft-ietf-opsawg-ipfix-on-path-telemetry Title: Export of Delay Performance Metrics in IP Flow Information eXport (IPFIX) Reviewer: Linda Dunbar Review result: Has Nits I have reviewed this document as part of the SEC area directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security area directors. Document editors and WG chairs should treat these comments just like any other last-call comments. Summary: This document is well-written and nearly ready for publication. One issue: The Security Considerations section does not explicitly mention the risk of accepting spoofed IPFIX messages from unauthenticated exporters. Since IPFIX collectors may receive telemetry data from multiple sources, there is a risk that a malicious or misconfigured node could inject false or misleading data. It would be useful to add something like: Collectors MUST ensure that telemetry originates from trusted sources. Accepting IPFIX messages from unauthenticated sources could lead to data spoofing, policy misapplication, or denial of service. Best Regards, Linda Dunbar
<<attachment: smime.p7s>>
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
