Re: [secdir] Secdir review of draft-ietf-karp-isis-analysis-04
"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Fri, 03 July 2015 13:39 UTC
Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6228F1B2FDB; Fri, 3 Jul 2015 06:39:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.598
X-Spam-Level:
X-Spam-Status: No, score=0.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-GbcGOZLRAv; Fri, 3 Jul 2015 06:39:42 -0700 (PDT)
Received: from ns1.nict.go.jp (ns1.nict.go.jp [IPv6:2001:df0:232:300::1]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D30311B2FB5; Fri, 3 Jul 2015 06:39:41 -0700 (PDT)
Received: from gw1.nict.go.jp (gw1.nict.go.jp [133.243.18.250]) by ns1.nict.go.jp with ESMTP id t63Dddkn026253; Fri, 3 Jul 2015 22:39:39 +0900 (JST)
Received: from TakeVaioVJP13 (vrrp.ssh.nict.go.jp [133.243.3.48] (may be forged)) by gw1.nict.go.jp with ESMTP id t63DdcwN026250; Fri, 3 Jul 2015 22:39:39 +0900 (JST)
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: draft-ietf-karp-isis-analysis.all@tools.ietf.org
References:
In-Reply-To:
Date: Fri, 03 Jul 2015 22:39:47 +0900
Message-ID: <006f01d0b595$baae8b20$300ba160$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdC1RZp1NKJ94rslRLaB6U6NutZdxQAT8Zqg
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.98.5 at zenith1
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Kjf1J_HcF4aFpzYS78NbHjbl6rY>
Cc: karp-chairs@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-karp-isis-analysis-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2015 13:39:43 -0000
Let me add one more comment here. We could probably discourage the use of HMAC-MD5, and encourage the use of HMAC-SHA family instead. Take > -----Original Message----- > From: Takeshi Takahashi [mailto:takeshi_takahashi@nict.go.jp] > Sent: Friday, July 3, 2015 1:10 PM > To: 'draft-ietf-karp-isis-analysis.all@tools.ietf.org' > Cc: 'iesg@ietf.org'; 'secdir@ietf.org'; 'karp-chairs@tools.ietf.org' > Subject: Secdir review of draft-ietf-karp-isis-analysis-04 > > Hello, > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. > Document editors and WG chairs should treat these comments just like any other > last call comments. > > This document is ready for publication. > > [summary of this document] > > This document analyzes the threats of IS-IS protocol. > It first summarizes the current state of the IS-IS protocol, with special focus > on key usage and key management (in section 2), and then analyzes the security > gaps in order to identify security requirements (in section 3). > > In the summary of the current state of the protocol (section 2), it already > mentioned the threats of the protocol, i.e. replay attack and spoofing attack, > for each of the three message types of IS-IS protocol. > Section 3 summarizes, organizes, and develops the threat analysis and provides > candidate direction to cope with the threats by listing requirements and by > listing related I-D works. > > [minor comment] > > As mentioned in the security consideration section, this draft does not modify > any of the existing protocols. > It thus does not produce any new security concerns. > So, the security consideration section seems adequate. > The authors could consider citing RFC 5310 in Section 5, since I feel like that > this draft does not discuss all the content of the consideration section of > the rfc (it does discuss major parts of the section, though). > > Cheers, > Take >
- [secdir] Secdir review of draft-ietf-karp-isis-an… Takeshi Takahashi
- Re: [secdir] Secdir review of draft-ietf-karp-isi… Takeshi Takahashi
- Re: [secdir] Secdir review of draft-ietf-karp-isi… Uma Chunduri
- Re: [secdir] Secdir review of draft-ietf-karp-isi… Takeshi Takahashi