Re: Genart last call review of draft-ietf-isis-auto-conf-04
"Alvaro Retana (aretana)" <aretana@cisco.com> Mon, 10 April 2017 17:32 UTC
Return-Path: <aretana@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B06FC1294EC; Mon, 10 Apr 2017 10:32:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ndt6fal-EbCI; Mon, 10 Apr 2017 10:32:32 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4ED012947E; Mon, 10 Apr 2017 10:32:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2094; q=dns/txt; s=iport; t=1491845549; x=1493055149; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ilKWlMmlgb0EuOMIUmF06s8jkmHQOgPCZo0Kx+dFWHw=; b=SXFt2KXtQrOv5pNVuc1/OssVYEsI9BT1wHprifpRpVxkb5ErG+ZVVtzF SKPNbj62jpge/AZrMjgWI1x6Izc//Z7lPSGKOA1qf2SaKk93XA/J/3kkX xigCLaClhA6jBqqvSDruGYo1yEYw+CH9klCmXGr1OZze8kLuiDs2d2+UU A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DEAQBiwOtY/49dJa1cGQEBAQEBAQEBAQEBBwEBAQEBg1OBbAeDX4oTpx+CD4YkAhqDTT8YAQIBAQEBAQEBayiFFgYjEUUQAgEIGgImAgICMBUQAgQBDQWKD6kMgiaKfQEBAQEBAQEBAQEBAQEBAQEBAQEBAR2BC4VFggWCa4dcLoIxAQSWIIZbAZJYkUGTfwEfOEo7WxVSAYZIdYhSgQ0BAQE
X-IronPort-AV: E=Sophos;i="5.37,182,1488844800"; d="scan'208";a="229072990"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Apr 2017 17:32:28 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v3AHWSsC029910 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 10 Apr 2017 17:32:28 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 10 Apr 2017 12:32:28 -0500
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1210.000; Mon, 10 Apr 2017 12:32:28 -0500
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>, "Liubing (Leo)" <leo.liubing@huawei.com>, Robert Sparks <rjsparks@nostrum.com>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "draft-ietf-isis-auto-conf.all@ietf.org" <draft-ietf-isis-auto-conf.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "isis-wg@ietf.org" <isis-wg@ietf.org>
Subject: Re: Genart last call review of draft-ietf-isis-auto-conf-04
Thread-Topic: Genart last call review of draft-ietf-isis-auto-conf-04
Thread-Index: AQHSr90HdNwrO1bKAUiTTjwvgN+2naG6trYAgAAGPoCAAANsAP//wPeAgABTw4CAA+NsAIAASqUA///utoA=
Date: Mon, 10 Apr 2017 17:32:27 +0000
Message-ID: <DC9299D1-F989-471C-A7AC-1A5E9C9288AB@cisco.com>
References: <149159669211.11107.3275242226580240988@ietfa.amsl.com> <814d03ced1c64f18b20d23c65e7cdf04@XCH-ALN-001.cisco.com> <8469f915-7e13-dead-7a4e-ab36506948da@nostrum.com> <1fd1507c9d5442d0a944e35da9b38b1d@XCH-ALN-001.cisco.com> <EDD33B73-CDF2-42AB-AE8A-96073F449997@cisco.com> <db59f122a2d84c28851944a50f1564a2@XCH-ALN-001.cisco.com> <8AE0F17B87264D4CAC7DE0AA6C406F45C2ED8506@nkgeml514-mbs.china.huawei.com> <c3a3a16110cb44c182413d993377de6d@XCH-ALN-001.cisco.com>
In-Reply-To: <c3a3a16110cb44c182413d993377de6d@XCH-ALN-001.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1f.0.170216
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.117.15.6]
Content-Type: text/plain; charset="utf-8"
Content-ID: <BCEC487E835CFC4387DBE1CB06065FF2@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/uINYedQYURVnLenllYQb8C_R2kE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2017 17:32:34 -0000
Works for me! Thanks! Alvaro. On 4/10/17, 10:34 AM, "Les Ginsberg (ginsberg)" <ginsberg@cisco.com> wrote: Bing/Robert/Alvaro - Here is the existing text of the Security Section: "In general, the use of authentication is incompatible with auto- configuration as it requires some manual configuration. For wired deployment, the wired connection itself could be considered as an implicit authentication in that unwanted routers are usually not able to connect (i.e. there is some kind of physical security in place preventing the connection of rogue devices); for wireless deployment, the authentication could be achieved at the lower wireless link layer." Proposed revision: "In the absence of cryptographic authentication it is possible for an attacker to inject a PDU falsely indicating there is a duplicate system-id. This may trigger automatic restart of the protocol using the duplicate-id resolution procedures defined in this document. Note that the use of authentication is incompatible with auto- configuration as it requires some manual configuration. For wired deployment, the wired connection itself could be considered as an implicit authentication in that unwanted routers are usually not able to connect (i.e. there is some kind of physical security in place preventing the connection of rogue devices); for wireless deployment, the authentication could be achieved at the lower wireless link layer." ???
- Genart last call review of draft-ietf-isis-auto-c… Robert Sparks
- Re: Genart last call review of draft-ietf-isis-au… Alvaro Retana (aretana)
- RE: Genart last call review of draft-ietf-isis-au… Les Ginsberg (ginsberg)
- RE: Genart last call review of draft-ietf-isis-au… Les Ginsberg (ginsberg)
- Re: Genart last call review of draft-ietf-isis-au… Robert Sparks
- RE: Genart last call review of draft-ietf-isis-au… Les Ginsberg (ginsberg)
- RE: Genart last call review of draft-ietf-isis-au… Liubing (Leo)
- RE: Genart last call review of draft-ietf-isis-au… Les Ginsberg (ginsberg)
- Re: Genart last call review of draft-ietf-isis-au… Alvaro Retana (aretana)
- Re: Genart last call review of draft-ietf-isis-au… Alvaro Retana (aretana)
- Re: Genart last call review of draft-ietf-isis-au… Robert Sparks
- RE: Genart last call review of draft-ietf-isis-au… Liubing (Leo)