Re: [secdir] secdir review of draft-ietf-isis-genapp

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Mon, 09 August 2010 23:15 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 310633A6831; Mon, 9 Aug 2010 16:15:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.339
X-Spam-Level:
X-Spam-Status: No, score=-11.339 tagged_above=-999 required=5 tests=[AWL=1.260, BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7RICqa3vFVIP; Mon, 9 Aug 2010 16:15:18 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 8C3843A67B2; Mon, 9 Aug 2010 16:15:17 -0700 (PDT)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEABEpYEyrR7Hu/2dsb2JhbACgUXGoD5tfhToEhCaHYw
X-IronPort-AV: E=Sophos;i="4.55,345,1278288000"; d="scan'208";a="570996643"
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-6.cisco.com with ESMTP; 09 Aug 2010 23:15:52 +0000
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id o79NFqcW018172; Mon, 9 Aug 2010 23:15:52 GMT
Received: from xmb-sjc-222.amer.cisco.com ([128.107.191.106]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 9 Aug 2010 16:15:52 -0700
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 9 Aug 2010 16:15:51 -0700
Message-ID: <AE36820147909644AD2A7CA014B1FB520B98B241@xmb-sjc-222.amer.cisco.com>
In-Reply-To: <AANLkTint4pXA-ia_NPC+bP6skrZYmHxhASq0wz0_ioc0@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: secdir review of draft-ietf-isis-genapp
Thread-Index: Acs4EcJ8WEGiy6h+QxS6qTqD+UZDIgABR6Vg
References: <AANLkTint4pXA-ia_NPC+bP6skrZYmHxhASq0wz0_ioc0@mail.gmail.com>
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: "Radia Perlman" <radiaperlman@gmail.com>, <draft-ietf-isis-genapp@tools.ietf.org>, <iesg@ietf.org>, <secdir@ietf.org>
X-OriginalArrivalTime: 09 Aug 2010 23:15:52.0147 (UTC) FILETIME=[CF7A7230:01CB3818]
X-Mailman-Approved-At: Wed, 11 Aug 2010 08:03:59 -0700
Subject: Re: [secdir] secdir review of draft-ietf-isis-genapp
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2010 23:15:25 -0000

Radia -

The use of "D" and "S" is copied from RFCs 4971/5305. The initials were
not further identified there and we used identical text in describing
them. (That's my excuse anyway)

As a point of information:

"S" - flooding "Scope"
"D" - Indicates the TLV has been leaked "Down" from Level2 to level1

The choice of the letters "I" and "V" was arbitrary.

   Les

> -----Original Message-----
> From: Radia Perlman [mailto:radiaperlman@gmail.com]
> Sent: Monday, August 09, 2010 2:58 PM
> To: draft-ietf-isis-genapp@tools.ietf.org; iesg@ietf.org;
> secdir@ietf.org
> Subject: secdir review of draft-ietf-isis-genapp
> 
> This document is about using the reliable flooding mechanism of IS-IS
> to advertise information for applications unrelated to IS-IS in a way
> that doesn't use up "T" values in the TLV encoding.
> 
> So, since it's just syntax, there really aren't any security
> considerations.
> 
> It would have been nice if the authors explained what "V" "I" "D" and
> "S" mean in the context of the flags, as in, what word is "V" the
> first letter of, what word is "I" the first letter of...
> 
> Unless I missed it in the spec, the authors just give rules like:
> 
>                  D bit (0x02): When the GENINFO TLV is leaked from
>                  level-2 to level-1, the D bit MUST be set. Otherwise
>                  this bit MUST be clear. GENINFO TLVs with the D bit
> set
>                  MUST NOT be leaked from level-1 to level-2. This is
to
>                  prevent TLV looping.
> 
>                  I bit (0x04): When the I bit is set the 4 octet IPv4
>                  address associated with the application immediately
>                  follows the Application ID.
> 
> Radia