[secdir] secdir review of draft-ietf-isis-ieee-aq-03

"Richard L. Barnes" <rbarnes@bbn.com> Tue, 18 January 2011 23:25 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4129028C145; Tue, 18 Jan 2011 15:25:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.72
X-Spam-Level:
X-Spam-Status: No, score=-102.72 tagged_above=-999 required=5 tests=[AWL=-0.121, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYhzXR4bvrU3; Tue, 18 Jan 2011 15:25:16 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 6D91828C13C; Tue, 18 Jan 2011 15:25:16 -0800 (PST)
Received: from [192.1.255.181] (port=49662 helo=col-raltmann-l1.nira.bbn.com) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.71 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1PfKxu-000CMu-NJ; Tue, 18 Jan 2011 18:27:54 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1082)
From: "Richard L. Barnes" <rbarnes@bbn.com>
In-Reply-To: <188D3671-05E9-40A2-9498-24BAE91B269E@bbn.com>
Date: Tue, 18 Jan 2011 18:27:53 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <4153935A-E8EE-4775-BEAE-3E695CDB0C5C@bbn.com>
References: <188D3671-05E9-40A2-9498-24BAE91B269E@bbn.com>
To: secdir@ietf.org, The IESG <iesg@ietf.org>
X-Mailer: Apple Mail (2.1082)
Subject: [secdir] secdir review of draft-ietf-isis-ieee-aq-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2011 23:25:17 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document defines a set of additional sub-TLVs for IS-IS that enable IS-IS nodes to communicate information related to the IEEE 802.1aq Shortest Path Bridging system. 
The Security Considerations section of the document claims that these extensions do not create any additional security risks.

This may be the case, but I found it difficult to evaluate this claim given a basic knowledge of IS-IS and none of 802.1aq.  My high-level impression is that the negotiations conducted through the mechanism defined in this document have the ability to affect layer-2 routing in new ways, with the implication that malicious actors in the protocol have new ways to influence traffic patterns or deny service to users.  

It would be helpful if the Security Considerations could explain why such manipulations are not possible using these extensions (which would seem to defeat the purpose of the extensions), or if they are, what assumptions need to be true in order for the protocol to operate properly.  Do all internal network elements need to behave as specified?  Only the SPB instances?

--Richard