[secdir] SECDIR review of draft-ietf-isis-auto-conf-04
Radia Perlman <radiaperlman@gmail.com> Wed, 29 March 2017 04:50 UTC
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFC12129432; Tue, 28 Mar 2017 21:50:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Sqb0hp8jPak; Tue, 28 Mar 2017 21:50:20 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FD2D127B31; Tue, 28 Mar 2017 21:50:20 -0700 (PDT)
Received: by mail-oi0-x235.google.com with SMTP id o67so2322683oib.1; Tue, 28 Mar 2017 21:50:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=IgzGD9vXh/9qt5I7ls7R/4SdfS1fXigU0FVS1KZd/qo=; b=j/02zG3UBWIdc/aV8XwLAoWLlYu6GJOSn+Yl/slKIo71JylwDLnwNvBfk/Ua1faTzr ODjNjVg9S+3PPnq+L0Uxi/geMcsTiRX7SAqWKndysjS5WU+E7hGv/DiHNGZMubtxwlRx wanKSdDf/Tl+LZfFv9wkiCDE7IkqL42lP8fE/Edwvd08tV0NLr1iQVKEgrM1INAVLA2z qR2oSwpHfeWhKXJf4GbOowra5xlirRzNKzlJaTbI2IUDLCfPX9TfUTaL4Jjlq00Om8Q+ KcJEJd5v6UAB5vr+VwKtcJldEBDXhb9YsyUHOVF2mLbDGLd+klCpCL149S2EiNbM03cO kGzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=IgzGD9vXh/9qt5I7ls7R/4SdfS1fXigU0FVS1KZd/qo=; b=Q/xdqCMmepezhtNlbMz7T3jnAjYxaP0USNi69cuwEOqKlRg2ehVnaQ7FwemdRsDlr8 GzIZgg0l+aiO1z5M3G6IYtLGLse71gLuFmPRADU+twxRZtCQzKDGHEsRud0uPs+qFDHU LznoEUMTo3qzOGANSinNtLvuSn3697OgbWmT/71gI2Y/DyhaSHcRsJ6titATSVTX5VjF NQj0Hrrm5kk44kSVbCjj220nlMyQQitoZwuPLqB8NH9Xlqc9vNM5C92T6JPqzQUocvw+ sHnCt5X+hesMXYS0qftoo5Jo5CBiVJCJvyeqmLNZDffXbx1GAatKSZuMnT/xTC+OORBm RpzQ==
X-Gm-Message-State: AFeK/H2jrxBsPfqG0IXjAWt4cDWTr1WP+L+8iOpQQBM/Q2kKofBIH9EvSSldTTQ6BzsBE/mMdnW5Zgu7D0ELjQ==
X-Received: by 10.202.72.7 with SMTP id v7mr2214721oia.175.1490763019755; Tue, 28 Mar 2017 21:50:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.146.74 with HTTP; Tue, 28 Mar 2017 21:50:19 -0700 (PDT)
From: Radia Perlman <radiaperlman@gmail.com>
Date: Tue, 28 Mar 2017 21:50:19 -0700
Message-ID: <CAFOuuo5FQHFBgiNnn6g3Qx1Cby6JUKS533LxWe=cKneeDBD9gQ@mail.gmail.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-isis-auto-conf.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="001a113db20c3ca83e054bd75025"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/5ezENQmi8dHLXrS2jtLsuGqQMro>
Subject: [secdir] SECDIR review of draft-ietf-isis-auto-conf-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 04:50:22 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a touchless (autoconfiguring) implementation of IS-IS. I don't have any security comments, but I have some other comments. They use the term "Double-Duplication". I don't know what that is. I think they mean "both the system ID and router fingerprint are duplicated". To me "double duplicate" would be that there were 3 or more systems with the same information. The terminology "NET" and "NSAP" have always been very confusing to most IETF'ers (including me!). Might it be possible to stop using those terms? Of course, it's not fair to pick on this document to start doing that. In the early days of IS-IS, some implementations decided that NET should be the NSAP minus the last byte. Others thought it should be a full size NSAP, but with the last byte 0. The formal ISO definition in CLNP did not clarify this sort of thing, at least to me. Anyway, is there an IETF IS-IS document that explains what NET and NSAPs are, as opposed to saying (as in this document) that "an NET is a type of NSAP", which I find very confusing. In section 3.4.2, it says " Routers operating in auto-configuration mode MUST NOT form adjacencies with routers which are NOT operating in auto-configuration mode. " Why is that? I'd think it would be easier to deploy if you could gradually introduce autoconfiguring routers in with existing implementations that don't know about the A bit. Are you concerned about an actual area 0? Other than those (mostly) editorial comments, which are only suggestions anyway, this is ready for publication. I haven't been following IS-IS recently, and I'm actually surprised that there hasn't been totally autoconfiguring implementations up until now. Radia
- [secdir] SECDIR review of draft-ietf-isis-auto-co… Radia Perlman
- Re: [secdir] SECDIR review of draft-ietf-isis-aut… Les Ginsberg (ginsberg)
- Re: [secdir] SECDIR review of draft-ietf-isis-aut… Liubing (Leo)