Re: [secdir] [Lsr] Secdir last call review of draft-ietf-isis-reverse-metric-13

Tony Przygienda <tonysietf@gmail.com> Thu, 04 October 2018 17:43 UTC

Return-Path: <tonysietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 589A7130DCF; Thu, 4 Oct 2018 10:43:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LkPRbkNfn65P; Thu, 4 Oct 2018 10:43:10 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8552C12F1A2; Thu, 4 Oct 2018 10:43:07 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id g32-v6so9299197edg.13; Thu, 04 Oct 2018 10:43:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QZvNOXqgNjexi3oBlqYClOFv/nXqA++teTTtRV0AueQ=; b=WIPt0DkLn3LNrMpUV+mMOlRhkAHiGXT01r4Mwvbbm6/Ywo2XPUTSNn0S33PlQMgdqA 1bDoL5xuO7Wsd6V6yIsY/UqK3LT9rc1SEMV+V6joHLyKQf9wzjK3YIQ3XE6GOVY5j8WB Z+kzGKwUwuCwpRtdSTa80SsYIUm5vuBKzKhHk+/zavjxuQtiDoJfbbp9ktI/dLozxheB 7Z2qKpc4o2iK03izTDNM1xtaNzXYlArI2gIJgPbk4FCaq9adTGoV+jwxir0svtI95GUi JPV1xpzwIFkpqGToKKT/y9U+zxYkQjZNxKgiNjkUwBQi1ss5i2hraRnRV9+W+JKYezIW K2kg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QZvNOXqgNjexi3oBlqYClOFv/nXqA++teTTtRV0AueQ=; b=KJH8sdXE5ywU7LHyQvY9MFoBvO5M7izJZV+sK6m1FNS7mRKszWq9RWLfPk0wb3Qqw6 gd6arxNagss7jk+4mCMrB+OLaBYwmWJXzwmKU4u+D+XKZPKuOr24ZL9pFwT9ebmde7qB UXRvsjVrVDLR1XlDG8WlPBPRjkEDULmnjYQVHJqHbznlit2MGQaX+l2jZsyV6GO4WF2H 8D+95eq3Ml8/m4TUYVbW/fz/UpgEvQilUlQAJmpcP16xMzDZ4+Q2+/P7oQNnzbajaQjB nf9RFG3VpeZ0Vjqs9HRvrqmGUM1n6+vs5nNkCrSHAAanTHIS9XbpN6qzMPZpTsUg5Y2x jptQ==
X-Gm-Message-State: ABuFfoh5S+KBNYe/DiTbXUZVOV9/wMy1RlgZVYMyblZpbv2pNHtbGJ0o welVQ6CHWutLpYOvGP7BCfaMi5lwfV7u3ds7J6Y0Wch2
X-Google-Smtp-Source: ACcGV62yQ3/qF4FrCnwuoaTO+2eeGgKRxs8Ek/eF3pfPF3yAuY5MXVjG1Y5ung96saPNCEaqIi7QG68l7faL/KEJHJY=
X-Received: by 2002:a50:9886:: with SMTP id j6-v6mr10015932edb.160.1538674986056; Thu, 04 Oct 2018 10:43:06 -0700 (PDT)
MIME-Version: 1.0
References: <153867461977.4554.2419440769241572592@ietfa.amsl.com>
In-Reply-To: <153867461977.4554.2419440769241572592@ietfa.amsl.com>
From: Tony Przygienda <tonysietf@gmail.com>
Date: Thu, 4 Oct 2018 10:42:35 -0700
Message-ID: <CA+wi2hPdxW2cBFqSdAyaDaXHN1cHDmTne=tp97zD30tgeqE-5g@mail.gmail.com>
To: barryleiba@computer.org
Cc: secdir@ietf.org, lsr@ietf.org, ietf@ietf.org, draft-ietf-isis-reverse-metric.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f8006505776aafe8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/9CX1Hvoch5hs64hhFhkWMghjJNo>
Subject: Re: [secdir] [Lsr] Secdir last call review of draft-ietf-isis-reverse-metric-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Oct 2018 17:43:14 -0000

funny enough,
https://tools.ietf.org/html/draft-shen-isis-spine-leaf-ext-06#page-12 by
the overlaping author set seems already to circumvent this ;-)

On Thu, Oct 4, 2018 at 10:37 AM Barry Leiba <barryleiba@computer.org>; wrote:

> Reviewer: Barry Leiba
> Review result: Ready
>
> This document is well written and seems ready to go.  The only security
> issue I
> thought of as I read through it (attacking by spoofing a reverse metric) is
> covered in the Security Considerations section.
>
> I found one sentence to be slightly ambiguous, but only very slightly.  In
> Section 3.5:
>
>    A router MUST advertise a Reverse Metric TLV toward a neighbor only
>    for the operational maintenance window period during which it wants a
>    neighbor to temporarily update its IS-IS metric or Traffic
>    Engineering parameters towards it.
>
> It begins to look like it's saying that a router MUST advertise this under
> certain conditions, and it took me a moment to get that it's actually
> *limiting* when it should be advertised (the "MUST" applies to the "only"
> clause).  If you think my suggested replacement reads well, you might use
> it;
> if not, no problem:
>
>    A router MUST limit the period during which it advertises a Reverse
> Metric
>    TLV toward a neighbor only to the operational maintenance window period
>    during which it wants that neighbor to temporarily update its IS-IS
> metric
>    or Traffic Engineering parameters towards it.
>
> _______________________________________________
> Lsr mailing list
> Lsr@ietf.org
> https://www.ietf.org/mailman/listinfo/lsr
>