IETF Logo Mail Archive

[Isis-wg] Review of draft-ietf-isis-extended-sequence-no-tlv-04

Nevil Brownlee <n.brownlee@auckland.ac.nz> Thu, 26 March 2015 16:47 UTC

Return-Path: <n.brownlee@auckland.ac.nz>
X-Original-To: expand-draft-ietf-isis-extended-sequence-no-tlv.all@virtual.ietf.org
Delivered-To: isis-wg@ietfa.amsl.com
Received: by ietfa.amsl.com (Postfix, from userid 65534) id C02921A88AF; Thu, 26 Mar 2015 09:47:06 -0700 (PDT)
X-Original-To: xfilter-draft-ietf-isis-extended-sequence-no-tlv.all@ietfa.amsl.com
Delivered-To: xfilter-draft-ietf-isis-extended-sequence-no-tlv.all@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 915141A87E0 for <xfilter-draft-ietf-isis-extended-sequence-no-tlv.all@ietfa.amsl.com>; Thu, 26 Mar 2015 09:47:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cM-173CO9o44 for <xfilter-draft-ietf-isis-extended-sequence-no-tlv.all@ietfa.amsl.com>; Thu, 26 Mar 2015 09:47:04 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (zinfandel.tools.ietf.org [IPv6:2001:1890:123a::1:2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B3831A8897 for <draft-ietf-isis-extended-sequence-no-tlv.all@ietf.org>; Thu, 26 Mar 2015 09:46:51 -0700 (PDT)
Received: from mx2.auckland.ac.nz ([130.216.125.245]:51884) by zinfandel.tools.ietf.org with esmtps (TLS1.0:RSA_ARCFOUR_128_SHA1:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from <n.brownlee@auckland.ac.nz>) id 1YbAvh-0002KJ-Bm for draft-ietf-isis-extended-sequence-no-tlv.all@tools.ietf.org; Thu, 26 Mar 2015 09:46:51 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1427388410; x=1458924410; h=message-id:date:from:mime-version:to:subject: content-transfer-encoding; bh=4GDF/LtMKgq3spIzLRN3vdKPYK4Ubcl4ZOKTs8Zuzj8=; b=GOexvpqLPJxpyYjDh13RbzxQRQ4bgmdmnCu14/tcG6HsAUftcwON/bIw kgHvn1YMvchpmOPyAZGZZH89DisiViInTVGh/vqBxBtVyLW+HM1PTvG2/ YhyOX5YQjlByoXQKXd2ixk0W8TiYvS4nl1o5koepl7tslNAY80xxgaCP7 w=;
X-IronPort-AV: E=Sophos;i="5.11,473,1422874800"; d="scan'208";a="317057606"
X-Ironport-HAT: None - $RELAY-AUTH
X-Ironport-Source: 31.133.142.198 - Outgoing - Outgoing-SSL
Received: from dhcp-8ec6.meeting.ietf.org (HELO [31.133.142.198]) ([31.133.142.198]) by mx2-int.auckland.ac.nz with ESMTP; 27 Mar 2015 05:46:34 +1300
Message-ID: <551437E7.9030406@auckland.ac.nz>
Date: Fri, 27 Mar 2015 05:46:31 +1300
From: Nevil Brownlee <n.brownlee@auckland.ac.nz>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: ops-dir@ietf.org, draft-ietf-isis-extended-sequence-no-tlv.all@tools.ietf.org
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 130.216.125.245
X-SA-Exim-Rcpt-To: draft-ietf-isis-extended-sequence-no-tlv.all@tools.ietf.org
X-SA-Exim-Mail-From: n.brownlee@auckland.ac.nz
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on zinfandel.tools.ietf.org)
Resent-To: draft-ietf-isis-extended-sequence-no-tlv.all@ietf.org
Resent-Message-Id: <20150326164654.3B3831A8897@ietfa.amsl.com>
Resent-Date: Thu, 26 Mar 2015 09:46:51 -0700
Resent-From: n.brownlee@auckland.ac.nz
Archived-At: <http://mailarchive.ietf.org/arch/msg/draft-ietf-isis-extended-sequence-no-tlv.all@tools/CzDO60_dreleGtNpKt0FmWdN5LQ>
Archived-At: <http://mailarchive.ietf.org/arch/msg/isis-wg/YvUmMDAlBZBkA_8IiDDXvVWgsyc>
X-Mailman-Approved-At: Sun, 29 Mar 2015 04:04:47 -0700
Subject: [Isis-wg] Review of draft-ietf-isis-extended-sequence-no-tlv-04
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 16:47:06 -0000

Hi all:

I have reviewed this document as part of the Operational directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
operational area directors.  Document editors and WG chairs should
treat these comments just like any other last call comments.

Overall, it seems fine to me.

Abstract:
   "This document defines Extended Sequence number TLV to protect
    Intermediate System to Intermediate System (IS-IS) PDUs from replay
    attacks."

Draft addresses Security concerns raised by the use of IS-IS in
Data Centre environments, and by the use of SDN in Data Centres.

"This document defines Extended Sequence number (ESN) TLV to protect
Intermediate System to Intermediate System (IS-IS) PDUs from replay
attacks."

I presume that the ESSN will be given a random (but non-zero) when the
router boots up, then increments from there?  This is covered in
detail in Appendix A, but perhaps a forward reference to that in
section 3 would be helpful.

Section 5 on Backward Compatibility and Deployment seems clear
to me, and should help Operators to use this new feature.

Cheers, Nevil
Co-chair, EMAN WG

-- 
---------------------------------------------------------------------
  Nevil Brownlee                    Computer Science Department | ITS
  Phone: +64 9 373 7599 x88941             The University of Auckland
  FAX: +64 9 373 7453   Private Bag 92019, Auckland 1142, New Zealand

v2.23.0 | Report a Bug | By Email