Re: [secdir] Security directorate review of draft-ietf-lsr-yang-isis-reverse-metric-04
"Acee Lindem (acee)" <acee@cisco.com> Mon, 15 November 2021 22:21 UTC
Return-Path: <acee@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 489D33A0BCC; Mon, 15 Nov 2021 14:21:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=CsF23V0I; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=p3bu0H/8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GWBTn94HVEZ2; Mon, 15 Nov 2021 14:21:19 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70E753A0BC8; Mon, 15 Nov 2021 14:21:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1984; q=dns/txt; s=iport; t=1637014879; x=1638224479; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=GGOjYLs7gt180L2ofvJUC6usvgYSwQZXroVOm2Jh2s8=; b=CsF23V0IncOxxhWaVdWhD0I0Yp304dmdHn8ZLRnBwWWedh0RU+UdGl8u lH/Jyyf5biDNlDSvLl+wedir75Y/wrpl/QUlL31el2wf4u66G16RcZF+r FtJpgzdsD29VNBCBsmPqV5yELMCWn/WFPeuiTbkXCO9mWaQzC8yy9NoE2 A=;
IronPort-PHdr: A9a23:hIvZQRy2BSeu1l3XCzPZngc9DxPP8534PQ8Qv5wgjb8GMqGu5I/rM0GX4/JxxETIUoPW57Mh6aLWvqnsVHZG7cOHt3YPI5BJXgUO3MMRmQFoCcWZCEr9efjtaSFyHMlLWFJ/uX+hNk0AE8flbFqUqXq3vlYv
IronPort-Data: A9a23:xViL26+UCBJ3tOumk+pwDrUDdnyTJUtcMsCJ2f8bNWPcYEJGY0x3zDEeXz3Qa/iDYDPyetolYIS+9x4GsZ/dndI2QQs9/39EQiMRo6IpJzg2wmQcns+qw0aqoHtPt63yUfGdapBrJpPgjk31aOG49CAhjfvgqofUUYYoBAggHWeIdw954f5Ts7ZRbr9A2bBVMSvU0T/Bi5W31Gue5tJBGjl8B5RvB/9YlK+aVDsw5jTSbB3Q1bPUvyF94Jk3fcldI5ZkK7S4ENJWR86bpF241mrd+xFoAdS/n/OrNEYLWbXVewOJjxK6WYD73UME/XJ0i/19baZFAatUo23hc9RZwd5AuLS7SBwiOevHn+F1vxxwQnwkYfMdoOSWSZS4mYnJp6HcSFPg2fxgEAQ3MJEWv+JsGyRf/PoXbTEWbwvGne+ozaigR6xpi9g5LcKtNYcbknBt0T+fCuwpKbjYTq7G5MVw3TosiIZJB/m2T8sUcjVHbRncbVtIIFh/IJI/mO6yh3TXayBCsFaYvrYt7mHQigd21dDQ3HD9EjCRbcxRmkDdrWXc8iGpRBobL9eYjzGC9xqRaib0tXuTcOov+HeQr5aGWGGu+1E=
IronPort-HdrOrdr: A9a23:nwVg/qxPuF/911e1fJtHKrPxfOgkLtp133Aq2lEZdPULSK2lfpGV8sjziyWatN9IYgBepTiBUJPwJk81bfZOkMks1MSZLXfbUQyTXcJfBOrZsnzd8kjFltK1up0QCJSWZOeAaGSSyPyKnDVQcOxQguVvkprY/9s2pk0FJWoBBs0QjHYaNu/YKDwKeOAsP+teKHPo3Ls+m9PWQwVvUi3UPAhgY8Hz4/nw0L72ax8PABAqrCOUiymz1bL8Gx+Emj8DTjJm294ZgC34uj28wp/mn+Cwyxfa2WOWxY9RgsHdxtxKA9HJotQJKw/rlh2jaO1aKvm/VXEO0aaSAWQR4YDxSiQbTpxOArTqDzqISC7Wqk/dOfAVmiXfIBGj8CbeSIfCNUMH4oJ69PJkm13imhYdVBUW6tMU44pf3KAnUi8o1R6NleQhHXtR5zmJiGtnnugJg3NFV4wCLLdXsIwE5UtQVIwNBSTg9ekcYaVT5eznlbxrmGmhHj3kV6hUsaqRd2V2Gg3DTlkJu8ST3TQTlHdlz1EAzMhamnsb7poyR5RN+uyBa81T5f9zZ95Tabg4CPYKQMOxBGCISRXQMHiKKVCiEK0cIXrCp5P+/b1w7uC3f54Dyoc0hf36IRxlnH93f1irBdyF3ZVN/ByISGKhXS71wsUb/JR9sq2UfsuhDcRCciFnryKNmYRqPiTrYYf7BHsNOY6XEYLHI/c/4zHD
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CmCACB3JJh/40NJK1agQmBWYFSUQeBUTcxhEeDRwOFOYUOgwKbD4JTA1QLAQEBDQEBQQQBAYUEAheCSwIlNwYOAQIEAQEBEgEBBQEBAQIBBgSBEROFaA2GQwIBAxIREQwBATcBDwIBCBoCJgICAjAVEAIEAQ0FIoJPglYDLwFQn1cBgToCih96gTGBAYIIAQEGBASFChiCNQmBECqDDIQchwQnHIINgRQBJwwQgmc+h103gi6QQDYBAxSBIIEDLwIXlW+pIAqDOZ8CBS2nLJYUH6VkAgQCBAUCDgEBBoEwRyWBWXAVZQGCPlEZD44sFoNQil50OAIGAQoBAQMJkgwBAQ
X-IronPort-AV: E=Sophos;i="5.87,237,1631577600"; d="scan'208";a="952463039"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Nov 2021 22:21:17 +0000
Received: from mail.cisco.com (xbe-aln-005.cisco.com [173.36.7.20]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 1AFMLHWe031886 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Mon, 15 Nov 2021 22:21:17 GMT
Received: from xfe-aln-004.cisco.com (173.37.135.124) by xbe-aln-005.cisco.com (173.36.7.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Mon, 15 Nov 2021 16:21:17 -0600
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xfe-aln-004.cisco.com (173.37.135.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Mon, 15 Nov 2021 16:21:16 -0600
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Mon, 15 Nov 2021 16:21:16 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EaUH4YIGlkmGlD9Gic7OuG/j3DWzVKofdoJQARzbfiYweB4CpJa91m6Wt1MwdcycGuAt6Yh6ws14Ijk93mPkdNi8plXsQlyYFxee4GlXUsm43a9E1iWlP6Wov8UokkeHsgqveYdZ9hPlfrwOdO44DUyTpyLMH2ylxbAke69vY3hUxkGzQ/d7Mhuv5S24KSPZkPYoRhG9FjlAIApOTS03KLFzMwAhTFAFqVJqj7AHEUyfOyTw5L7YGOmMKDLzT7D3LGkb4RsbO7t3nSKX2T1hG05vWO6gcGyewAWcoL2rOK326ZJexIU+62ZFHwEWr0T+4sukGq5CYtUS70WnpqKFww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GGOjYLs7gt180L2ofvJUC6usvgYSwQZXroVOm2Jh2s8=; b=iXAwCDIjKcBxFDqKrnHtgSRkSWA62wbygy85e4Vp3joXG4WMWBdKUSdvGStyLGskz6JBtg11vktZH+ls4s+Kfa4eEBr/Nztyt6KlMwrERrxROmI4EnVzUtsRq+RxkO2yiTWDJY5GG1rQKbEAfSkM5QvD9on+k/QZGjgKThBAd4NyIQ9OrNoJjC0M5RGY9H9u1GBOepefnPi+/rFJ7vXnSZNlXCXRIbG4KtUMT5e64mave5wzeqDiUwltxyr11V7wSO8c8KGcpTdTYBniOUgDEECnUR1YHPLNuhHGks64SdJNsz4DC8hGO2ZhW9AhxVuxMREXtOENl67N8gWvzVIj/g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GGOjYLs7gt180L2ofvJUC6usvgYSwQZXroVOm2Jh2s8=; b=p3bu0H/8W5Abmj7f7FMOzHOr+m3r7/Zh60njjpf+FhGXgcH3PTvzKaLlEpbTm4USpsv1YNb8oGG58ksztu5XijnburAJ6sBs1sOkt0P4Z6bSC1oFjCbK25Ae9KnSbVKvIPDKDZzI2cLi5K5Sr++SDDVlW38vcb3zeVWxxDyvvpo=
Received: from BL0PR11MB2884.namprd11.prod.outlook.com (2603:10b6:208:72::25) by BL0PR11MB3123.namprd11.prod.outlook.com (2603:10b6:208:7b::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Mon, 15 Nov 2021 22:21:13 +0000
Received: from BL0PR11MB2884.namprd11.prod.outlook.com ([fe80::a5ed:5b5b:79ad:9c67]) by BL0PR11MB2884.namprd11.prod.outlook.com ([fe80::a5ed:5b5b:79ad:9c67%7]) with mapi id 15.20.4690.027; Mon, 15 Nov 2021 22:21:11 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Hilarie Orman <hilarie@purplestreak.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-lsr-yang-isis-reverse-metric.all@ietf.org" <draft-ietf-lsr-yang-isis-reverse-metric.all@ietf.org>
Thread-Topic: Security directorate review of draft-ietf-lsr-yang-isis-reverse-metric-04
Thread-Index: AQHX2kzCTzlE/Fo62k+xv/gbtNjlyKwE1cKA
Date: Mon, 15 Nov 2021 22:21:11 +0000
Message-ID: <355CA216-A282-4391-BB46-DB27C637CA50@cisco.com>
References: <202111151813.1AFIDQkh002872@rumpleteazer.rhmr.com>
In-Reply-To: <202111151813.1AFIDQkh002872@rumpleteazer.rhmr.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.54.21101001
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6ed92a00-1c53-41a7-9308-08d9a8863ade
x-ms-traffictypediagnostic: BL0PR11MB3123:
x-microsoft-antispam-prvs: <BL0PR11MB31230F8EE387395C9CC69F3FC2989@BL0PR11MB3123.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RMICThvnHYO5u6PsWZKGKEhMQCkBvMUEJw1dhS9FCEMb/LHcOHINPSyNAwXYVKvVQTvGZraxBPV4l1JyCxMifoGK3kXN0yOQbla5SVPx6k/Cp0PE2Gx7FHFU/93C9pZ/SOCPFhj6hcaHB6Ytce5LYKv74hOaRHWprM9OWPMzXDSNhx1mX2RkrFQ1jTd5VAJc4w60rete/J49X7x6viNG//jxOdSyCIVD2jgPkpQVHZLv0ItjT572SVbME3k+Ptqpf47fM1m+B9Tyw3AYdYNDDL9RISYcquL9gjzKMumDNhMVncpvfUArBnaBkP+PpHa8ydRV7c7OR/evMI8HEMxUmp61DWZDYZI7Ty6lfpP9ZGefYs1jd+a9upGWh1V21AVMJPzVwOdAGF8OSD2vqoiJOkkAr0n/BsbjnGxYRD4w7kfT+3SaKeAafcwRtkBBlvLwy7nxGx9ZVQ0TFN5GUKCh/hzaIAhSzoC5KDlDxCjGafNIlWDIeZlUOrcvdtYlFjvkVL0gZQ9TEvIQSp2Ov4bZr1uaS5vy39WBJCSjdZlE7eXHiedmH6bwohHZBaEkF0t5pm8yLmz76ma2RA77iLYNbE6UfbSbwD0169F1wKpcO+R6T56nsqOyRsLUVOptPHNhV3J4hZ3q7WFjXa+q6nfwFWtlYxn0iUTvq4jg8vwyZI94ppSGFd11oaI+Jwm+SCiBfHM0DZrynq2ZBdeRhVfV80nW4oZp2MkqJaImPRd1yqYgwp9zWqInXUDNuCiOv36J
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB2884.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(110136005)(38070700005)(36756003)(66476007)(26005)(186003)(76116006)(71200400001)(316002)(508600001)(6486002)(15650500001)(91956017)(2906002)(6512007)(66946007)(8676002)(2616005)(38100700002)(64756008)(5660300002)(33656002)(66446008)(83380400001)(6506007)(4326008)(8936002)(66556008)(86362001)(122000001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eMLuuAZGB6T6/DR0N9fsSkTBpC43VwsW/x5VhjEAENFOmj+D/Ze5FxMOHFufMfIhG1Xzd6Bve0Ahp7WgBny+g/+x+1qMe5Pxka1i6TF9KaYTC8dGKLvZ7wHpEyvl6GUMyZZ+UK9YKM/cXrbRx2O8YMZ3juRGia+jhkyHOR+pAQJ20M4BlObovBq+H/wjq/KoSpdQA94FQjaEYTBbzyDXqiO6e3MpSCkbRtqB65xanCvI4b7eyJdY8Ss1LzQWGhihfnK0+H8Ud3YSwhf1bGT+KGIt/mrkAwLcBC9wzflyJB191RqyFQVIoWn6mGDzsT1Mas+RjG/6tS+5+N7IvOONd4kvwNuU4rbXy2YVckwmH1N+deUoA9TOQ8ql49++8aUbVAqAcnCr+X8Fh/Dm8PSLbw9eTlNLckf/7nBcl9hMOqr826ETBatBgRp1CDqYhR0ORKZdVg/cqNkfSexLkFMWFznez6kfnJM/pWD8EVWi450jI9oMyxMrB5LI3wgz7ARkgj6lcAbE0+sZId1GbmOQGw8r+ABrgvbZFYBRgDRffxU9zbjPXWWNhN/qLHBDF1pYZbOmy2edJgpRSnM/NO76wRiQu/HkEarKAKUldqBVbR4HC3eU5meViVTMAVYDVIXP4sCan2ToeD94MRgucPvJKTICKVjlTa7WFZaA1JE9cIw1zLOIlfpup2AQwu78SFqJunfGSKuxx+J83yecBvhGfOeLuQtrxImqSZR41EQo6dagUeg/12nvp/cT4Ighdy10SeeWngiTRoyXZ10LbMmmRrwagtsDCNhCT00SSbc+umJt2nGJHfqqT1Os0Sb9b8v9s618SS20JgRDh9rXK1LnLuSwiQCNXalTZSC0xchAKSnzJ7A1VRp8R/Y0re3ErNHyHme5ZI+x/3zFfp0DpoMEuWtOosR8h0D5c2PMq050MKsSKQCJAd7LpYo6OwwGQ1tm1F+U6n8Pb80HpjPq5UkAi2AQX+78XuMDwIw7aGmkj9oWTWgrFy/DbiRJ1sM21dqG/zEKCijX5FkeGUIM7mdAOcYXmNb/83moIi9o7sBokLwDfo9AF/8dCU2A2gVNE4iHFA6h0oD6vwEHYeo8LeMEKpcldFvIiFR9QH/brahhBGXy4OyHVGkxQ+8y/+SU25MMD0LnScfQEYjIoD5Di4cXf3DR5LxAktudH2NCkkO3xjOfgA014FiYRw1sJOgvC5aLob3BAnGS3+VdvV5vYZOz0bGh6OdJl2GXGJA1NJSJckaWHKFr/jBsld7UoLO9eNFj59zbkGb/nCf18F79o7LXqT5aDXIBBpF0Pgt1MkVqGe/xOXjSQstNbPDfkaqoRtwwjbDb7WmCxh2J0FcYhsT+S5pWlvnF3Sh3zx2pXFQMBcJ7VtQdegrsqZAT/pES5PJDYHnEzlYzxYhwMK67/KAyLT8llGRkUAYx8l4zi3ge1HgB3puvl9vn+zXmUa7oXmGm9B4pKRv840iXhypUvKvHgYdkNXuXMqdVnWLWsEdBEt6M4qHYEP6BmJ4hBUN47a3Tc0QWzNrlJ1GMGILxlW6thv1K8rsuv8l3uxKGw+cTY3Q=
Content-Type: text/plain; charset="utf-8"
Content-ID: <4A47C6D74EC881469E5B631A85780F05@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB2884.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6ed92a00-1c53-41a7-9308-08d9a8863ade
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2021 22:21:11.4925 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2gvJiMzZPUp6CasNhlzOv1QxkEGITAVtMenyowFW+q5sY1QDq93cR5UQ43D1/xJl
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3123
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.20, xbe-aln-005.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/JHeMZqK_b8PaaERzmAi0G__U_d4>
Subject: Re: [secdir] Security directorate review of draft-ietf-lsr-yang-isis-reverse-metric-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 22:21:34 -0000
Speaking as Document Shepherd: Hi Hilarie, On 11/15/21, 1:15 PM, "Hilarie Orman" <hilarie@purplestreak.com> wrote: Security review of YANG Module for IS-IS Reverse Metric draft-ietf-lsr-yang-isis-reverse-metric-04 Do not be alarmed. I generated this review of this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. The abstract (with typo noted): This document defines a YANG module for managing the reverse metric extension to the Intermediate System to Intermediate System intra- domain routeing information exchange protocol (IS-IS). ^ The spelling error seems to have been copied from ISO Standard 10589:2002. There's no need to continue propagating it. This could be said for many things in IS-IS but that has never dissuaded us. __ Thanks, Acee The draft has a decent discussion of security considerations regarding the privacy of the information expressed in the data. The document is READY. Hilarie
- [secdir] Security directorate review of draft-iet… Hilarie Orman
- Re: [secdir] Security directorate review of draft… Acee Lindem (acee)