[secdir] secdir review of draft-ietf-isis-genapp

Radia Perlman <radiaperlman@gmail.com> Mon, 09 August 2010 21:57 UTC

Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B69603A68D9; Mon, 9 Aug 2010 14:57:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.516
X-Spam-Level:
X-Spam-Status: No, score=-3.516 tagged_above=-999 required=5 tests=[AWL=1.083, BAYES_00=-2.599, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PqUYCNUlzMXX; Mon, 9 Aug 2010 14:57:50 -0700 (PDT)
Received: from mail-ew0-f44.google.com (mail-ew0-f44.google.com [209.85.215.44]) by core3.amsl.com (Postfix) with ESMTP id 752143A67D0; Mon, 9 Aug 2010 14:57:50 -0700 (PDT)
Received: by ewy22 with SMTP id 22so4133313ewy.31 for <multiple recipients>; Mon, 09 Aug 2010 14:58:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=iE2rIeJt6l+OzJLW4nxTDPDFvaWMmujYZNowIbuRUJQ=; b=RUX1xMMhsmQnH91HFpZR0ltxudXTYQ4JLdeUi/fSQOOQ7kZXrR49+scjy/kPpZcBmT jHK2l6kDPDh5vtWNPZsAwFPhGgLskOMmB2/l8f8GGIkPJ58YDHQQlwypmaeBcL0AmO2k opey2/75QyjAK70n2IRNy3sKxaDTWt1ZZ8lzY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=JNAipVEEBpiVIJ+b1UBMgUe5Hc7Bho/i1CkoAvCOfdkHaU4OtZeoKX6HTgLVXnS/HF wVyzUrs5T6Jx4wG1DIt/DcZkDKX/7S8MQkTVx9LrDR0KPBVPpZrICwWnPkOHjJrytLqN 7e7kftKULLSTJh8MUqxddv0YRA2gdCqt3W8lY=
MIME-Version: 1.0
Received: by 10.213.13.137 with SMTP id c9mr10206127eba.41.1281391104477; Mon, 09 Aug 2010 14:58:24 -0700 (PDT)
Received: by 10.213.21.25 with HTTP; Mon, 9 Aug 2010 14:58:24 -0700 (PDT)
Date: Mon, 9 Aug 2010 14:58:24 -0700
Message-ID: <AANLkTint4pXA-ia_NPC+bP6skrZYmHxhASq0wz0_ioc0@mail.gmail.com>
From: Radia Perlman <radiaperlman@gmail.com>
To: draft-ietf-isis-genapp@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: [secdir] secdir review of draft-ietf-isis-genapp
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2010 21:57:51 -0000

This document is about using the reliable flooding mechanism of IS-IS
to advertise information for applications unrelated to IS-IS in a way
that doesn't use up "T" values in the TLV encoding.

So, since it's just syntax, there really aren't any security considerations.

It would have been nice if the authors explained what "V" "I" "D" and
"S" mean in the context of the flags, as in, what word is "V" the
first letter of, what word is "I" the first letter of...

Unless I missed it in the spec, the authors just give rules like:

                 D bit (0x02): When the GENINFO TLV is leaked from
                 level-2 to level-1, the D bit MUST be set. Otherwise
                 this bit MUST be clear. GENINFO TLVs with the D bit set
                 MUST NOT be leaked from level-1 to level-2. This is to
                 prevent TLV looping.

                 I bit (0x04): When the I bit is set the 4 octet IPv4
                 address associated with the application immediately
                 follows the Application ID.

Radia