Re: [Isis-wg] Secdir last call review of draft-ietf-isis-mi-bis-02

Joseph Salowey <joe@salowey.net> Wed, 12 April 2017 05:23 UTC

Return-Path: <joe@salowey.net>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 691F1129406 for <isis-wg@ietfa.amsl.com>; Tue, 11 Apr 2017 22:23:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbocjRFjDz5R for <isis-wg@ietfa.amsl.com>; Tue, 11 Apr 2017 22:23:12 -0700 (PDT)
Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7194F12940B for <isis-wg@ietf.org>; Tue, 11 Apr 2017 22:23:09 -0700 (PDT)
Received: by mail-pf0-x22a.google.com with SMTP id s16so8563769pfs.0 for <isis-wg@ietf.org>; Tue, 11 Apr 2017 22:23:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CLp50fAFCP4fMjgmmiGq8ogaM7D/vXEas5/KcoEXPG8=; b=esmV2vBTM0jVlltwd8efoyZ97leQ6gGOUKXaCew6Qmxd3JHcOa6ugO5vPHB0hCvX6R kYg1YjdHF4CQsOhIMRWICQZenXxj+upq1ikH58PWgLiCYnTqGLH/0JpFEtMm59+mDvOX lEAkvFeGL6jXZwpF1FgnX+kNEQD5UYOeIZDOTOdq4AKAJtYxw+oY+0014wtjqpKYnRiW zjS42h4J4a03QZ4kRCa8RTBvgMCyTXj17T0EJSDYmBsSXlj88zE4bEqEmV4W0iPmWn/r bpYYuhRKcQMDJ7ZHmqkRKroSOucsi9LlyFcHctBD+TGX68M4YBlIdaiHTSx+1FZ/iYqn brvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CLp50fAFCP4fMjgmmiGq8ogaM7D/vXEas5/KcoEXPG8=; b=CE65TOEXp+IYvsAoOLISFs+sZIdo9CJHvSHAHz9p/nRkjESPXUL1ZmzWFX2ci+6fPH 60jcAbsANEEf6m8favy3bHgkMuUDC3Odeg1lQUQtr/vY7XaI5vckSM1WkraXBbGC5twD Pt0TP/VSjn+Q9X2foLFukHCoMMZDzW5ZhL3SOInEjPi6pHUP7vBVFnJIgH4Alhdlrqgv KioeKMfrDhNpC3slxoxPdczwJ8ImQxZOMnQ+NjIGAJ/X1nBBaqAbDLTIvbnf024rd5BW VLDdDdHTHIMPZzdyNyqxMesyohQ9g1FBUTVLIpIMldiu7/z8IvDTv7lEPDZEokIRxsvu NP6Q==
X-Gm-Message-State: AFeK/H2OSWxBGIHKhG2TgiaAhm1andtXKc49MCKh/cgrjACc3xEaqJlxtnsUNlfbc/3O3JFE/daxJSNMmQz9rw==
X-Received: by 10.84.198.3 with SMTP id o3mr46077572pld.45.1491974588977; Tue, 11 Apr 2017 22:23:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.183.7 with HTTP; Tue, 11 Apr 2017 22:22:48 -0700 (PDT)
In-Reply-To: <59da15bc7fa64e9281b94a2694919105@XCH-ALN-001.cisco.com>
References: <149185541631.3069.18371935891180367330@ietfa.amsl.com> <59da15bc7fa64e9281b94a2694919105@XCH-ALN-001.cisco.com>
From: Joseph Salowey <joe@salowey.net>
Date: Tue, 11 Apr 2017 22:22:48 -0700
Message-ID: <CAOgPGoDSmG-=yfSPxEkwz1q3TX1c8wZP1HPi74rfMn01fra4rQ@mail.gmail.com>
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
Cc: "secdir@ietf.org" <secdir@ietf.org>, "isis-wg@ietf.org" <isis-wg@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-isis-mi-bis.all@ietf.org" <draft-ietf-isis-mi-bis.all@ietf.org>
Content-Type: multipart/alternative; boundary=94eb2c18938e63e727054cf16752
Archived-At: <https://mailarchive.ietf.org/arch/msg/isis-wg/jlZFV8BP_IpjPQDb7lNu7zSrIPo>
Subject: Re: [Isis-wg] Secdir last call review of draft-ietf-isis-mi-bis-02
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Apr 2017 05:23:13 -0000

I reread the introduction and it does mention isolating resources, but not
explicitly for security purposes.  I'm going to push back a bit on it being
a new requirement to discuss what is and is not intended.   We have had a
security considerations section in documents for a long time.   The draft
redirects security considerations to other documents which primarily talk
about authenticating messages.   The draft does include some discussion of
being able to select authentication parameters based on IID.  While this is
important, it doesn't really discuss why you would use this protection with
multi-instance IS-IS or what is different.

The document could include a statement that considerations to do with using
multi-instance IS-IS as a security isolation mechanism is outside the scope
of the document or, better yet, describe what the considerations unique to
multi-instance IS-IS are.   Since the primary uses do not have to do with
using this enhancement as a security mechanism I don't think it will cause
great harm to publish the document as is.

Cheers,

Joe




On Mon, Apr 10, 2017 at 2:28 PM, Les Ginsberg (ginsberg) <ginsberg@cisco.com
> wrote:

> Joseph -
>
> Thanx for the review.
>
> The introduction defines the purposes(sic) of the extensions . Please
> reread that and let me know if you still have concerns.
>
> The extensions are not for security purposes - as a matter of principle I
> am concerned if a new requirement of every draft is to explicitly state all
> the things that it is not intended to do. :-)
>
>    Les
>
>
>
>
> > -----Original Message-----
> > From: Joseph Salowey [mailto:joe@salowey.net]
> > Sent: Monday, April 10, 2017 1:17 PM
> > To: secdir@ietf.org
> > Cc: isis-wg@ietf.org; iesg@ietf.org; draft-ietf-isis-mi-bis.all@ietf.org
> > Subject: Secdir last call review of draft-ietf-isis-mi-bis-02
> >
> > Reviewer: Joseph Salowey
> > Review result: Has Issues
> >
> > I have reviewed this document as part of the security directorate's
> ongoing
> > effort to review all IETF documents being processed by the IESG.  These
> > comments were written primarily for the benefit of the security area
> > directors.  Document editors and WG chairs should treat these comments
> > just like any other last call comments.
> >
> > The document does not explicitly discuss the use-cases for multi
> instance IS-
> > IS.  Is this intended to be used a security mechanism for isolation?  The
> > document should provide some guidance here.
> >
> > If the mechanism is intended as an isolation mechanism for security
> > then I think more guidance is appropriate.   For example, in this case
> > shouldn't each instance have its own authentication configuration?
> >
> > If it is not intended as a security mechanism then the document probably
> say
> > so.
> >
>
>