[secdir] secdir review of draft-ietf-isis-sbfd-discriminator-02

Tom Yu <tlyu@mit.edu> Wed, 18 November 2015 03:06 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 42D221A9027; Tue, 17 Nov 2015 19:06:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.786
X-Spam-Status: No, score=-4.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id RRqjaXat9-nG; Tue, 17 Nov 2015 19:06:24 -0800 (PST)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 928CF1A901E; Tue, 17 Nov 2015 19:06:24 -0800 (PST)
X-AuditID: 1209190c-f79c96d00000038e-d7-564beb2e7088
Received: from mailhub-auth-4.mit.edu ( []) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id E7.0A.00910.E2BEB465; Tue, 17 Nov 2015 22:06:22 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu []) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id tAI36LQC007223; Tue, 17 Nov 2015 22:06:22 -0500
Received: from localhost (sarnath.mit.edu []) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id tAI36JIP026165; Tue, 17 Nov 2015 22:06:20 -0500
From: Tom Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-isis-sbfd-discriminator.all@tools.ietf.org
Date: Tue, 17 Nov 2015 22:06:19 -0500
Message-ID: <ldv4mgk2ehg.fsf@sarnath.mit.edu>
Lines: 33
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrIIsWRmVeSWpSXmKPExsUixG6nrqv32jvM4NMVZYt3636zWMz4M5HZ 4sPChywOzB5Llvxk8vhy+TNbAFMUl01Kak5mWWqRvl0CV8bXM03sBRt4Kja3N7M0ME7i6mLk 5JAQMJF42vKKDcIWk7hwbz2QzcUhJLCYSeLr7A4mCGcjo8S6mdPZIZw3jBLT/3YxgbSwCUhL HL+8C8wWEUiS+D1jJzOILSxgL/F4+3lWEJtFQFXi5M9ZYDW8AroSn7esBarh4OAR4JRo3+gD ERaUODnzCQuIzSygJXHj30umCYy8s5CkZiFJLWBkWsUom5JbpZubmJlTnJqsW5ycmJeXWqRr qJebWaKXmlK6iREUUpySPDsY3xxUOsQowMGoxMObsNg7TIg1say4MvcQoyQHk5Io7+8HQCG+ pPyUyozE4oz4otKc1OJDjBIczEoivJqvgHK8KYmVValF+TApaQ4WJXHeTT/4QoQE0hNLUrNT UwtSi2CyMhwcShK82SCNgkWp6akVaZk5JQhpJg5OkOE8QMO/vQQZXlyQmFucmQ6RP8WoKCXO yw3SLACSyCjNg+sFx7wQ475XjOJArwjzPgJp5wGmC7juV0CDmYAGn2jwBBlckoiQkmpgLJz6 0S35ZuhbN4aw/BcTZNWK2f89X9m59ieHls6Ri7WOp/7oL2Y4Ok9f94g5X4vLQteDek9+LokQ 2Lon6fWr0wwywiL/nCLXGpkdlXBZHL0jdvZOdsmrj2bPMHz3p5Z/vdjZ95+nnYj5NjG4ne1M 0f7nR7dLLmXinfTj4On0b+EzrjWsL1yt067EUpyRaKjFXFScCACea44O1AIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/DCeP00D_QWWq1DFBNBBxxSEbr-4>
Subject: [secdir] secdir review of draft-ietf-isis-sbfd-discriminator-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2015 03:06:26 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Summary: ready with nits

I agree with the first paragraph of the Security Considerations, in that
I think it's unlikely that this document introduces security risks for
IS-IS, which as I understand it, effectively transports the proposed
S-BFD discriminators as an uninterpreted opaque payload.

The second paragraph

   Advertisement of the S-BFD discriminators does make it possible for
   attackers to initiate S-BFD sessions using the advertised
   information.  The vulnerabilities this poses and how to mitigate them
   are discussed in the Security Considerations section of [S-BFD].

refers to the Security Considerations of the [S-BFD] base document.  The
[S-BFD] Security Considerations describe some strengthening practices,
but doesn't seem to describe the vulnerabilities in significant detail.
[S-BFD] Security Considerations seems to describe an attack where
someone impersonates the responder, but not one where someone
impersonates an initiator.

Other sections of [S-BFD] might imply the existence of this sort of
vulnerability, but the Security considerations seems not to mention it
explicitly.  I'm not sure whether it's best to leave things alone,
revise this document, or revise [S-BFD].