Re: [secdir] Secdir review of draft-ietf-karp-isis-analysis-04
Uma Chunduri <uma.chunduri@ericsson.com> Mon, 06 July 2015 19:55 UTC
Return-Path: <uma.chunduri@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC81B1B3169; Mon, 6 Jul 2015 12:55:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fqowKStYcOfq; Mon, 6 Jul 2015 12:55:39 -0700 (PDT)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 637FF1B316B; Mon, 6 Jul 2015 12:55:35 -0700 (PDT)
X-AuditID: c6180641-f794d6d000001dfb-82-559a75f923de
Received: from EUSAAHC001.ericsson.se (Unknown_Domain [147.117.188.75]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id 03.BA.07675.9F57A955; Mon, 6 Jul 2015 14:35:06 +0200 (CEST)
Received: from EUSAAMB105.ericsson.se ([147.117.188.122]) by EUSAAHC001.ericsson.se ([147.117.188.75]) with mapi id 14.03.0210.002; Mon, 6 Jul 2015 15:55:32 -0400
From: Uma Chunduri <uma.chunduri@ericsson.com>
To: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>, "draft-ietf-karp-isis-analysis.all@tools.ietf.org" <draft-ietf-karp-isis-analysis.all@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-karp-isis-analysis-04
Thread-Index: AdC1RZp1NKJ94rslRLaB6U6NutZdxQAT8ZqgAKKxUJA=
Date: Mon, 06 Jul 2015 19:55:32 +0000
Message-ID: <1B502206DFA0C544B7A60469152008633F749A8C@eusaamb105.ericsson.se>
References: <006f01d0b595$baae8b20$300ba160$@nict.go.jp>
In-Reply-To: <006f01d0b595$baae8b20$300ba160$@nict.go.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.10]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrELMWRmVeSWpSXmKPExsUyuXSPt+6v0lmhBm9O8Fr8+buF2WLGn4nM FnPfXmS3+LDwIYvF4v5QB1aPJUt+Mnm8OLqd3ePL5c9sAcxRXDYpqTmZZalF+nYJXBm9M+4y FayXqHjZ3s3ewPhKuIuRk0NCwESia9EMJghbTOLCvfVsXYxcHEICRxklNr5czQzhLGOU2Plu BiNIFZuAnsTHqT/ZQWwRgfmMEi93JoLYzAKtjBLXNml1MXJwCAvYSRzvlYQosZeY0XeUDcK2 krj+9TZYK4uAisSSpX8ZQcp5BXwlJm30AAkLCVhInG3sA7uHU8BSovXRC2YQmxHotu+n1jBB bBKXuPVkPtTNAhJL9pxnhrBFJV4+/scKYStJTFp6jhWiXkdiwe5PbBC2tsSyha/B6nkFBCVO znzCMoFRbBaSsbOQtMxC0jILScsCRpZVjBylxalluelGhpsYgZF0TILNcQfjgk+WhxgFOBiV eHgTLWaGCrEmlhVX5h5ilOZgURLnlfbLCxUSSE8sSc1OTS1ILYovKs1JLT7EyMTBKdXAKGF2 8eDe3590z8xM3L5uq9OVhMOPjj5muGM0a5udBMOe4rb+kEVnvsnuCRATNfGoCF1xqqVB97HB j62thQsiTvySnfaZtVmsqiJIoNeAdfY39oTvOVsZX9VvfrKf7YJ0aNvZWbr5+tvV7t/2euQg m5zzuS1Hgdfrbb9Dc9rGoMsm28Ulw0rPKbEUZyQaajEXFScCAIccgP6FAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Y-m8Msn1xcMvImt641FhSSqf30Y>
Cc: "karp-chairs@tools.ietf.org" <karp-chairs@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-karp-isis-analysis-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 19:55:41 -0000
Hi Take, Thanks for your review and comments. Shall address both your comments in the next update i.e., a. Ref. to 5310 in Section 4 b. Shall recommend usage of RFC 5310 instead of RFC 5304 (HMAC-MD5) " In view of openly published attack vectors, as noted in Section 1 of [RFC5310] on HMAC-MD5 cryptographic authentication mechanism, IS-IS deployments SHOULD use HMAC-SHA family [RFC5310] instead of HMAC-MD5 [RFC5304] for protecting IS-IS PDUs." Please suggest if the above is sufficient to address #b (or happy to consider better text). Thx! -- Uma C. -----Original Message----- From: Takeshi Takahashi [mailto:takeshi_takahashi@nict.go.jp] Sent: Friday, July 03, 2015 6:40 AM To: draft-ietf-karp-isis-analysis.all@tools.ietf.org Cc: iesg@ietf.org; secdir@ietf.org; karp-chairs@tools.ietf.org Subject: RE: Secdir review of draft-ietf-karp-isis-analysis-04 Let me add one more comment here. We could probably discourage the use of HMAC-MD5, and encourage the use of HMAC-SHA family instead. Take > -----Original Message----- > From: Takeshi Takahashi [mailto:takeshi_takahashi@nict.go.jp] > Sent: Friday, July 3, 2015 1:10 PM > To: 'draft-ietf-karp-isis-analysis.all@tools.ietf.org' > Cc: 'iesg@ietf.org'; 'secdir@ietf.org'; 'karp-chairs@tools.ietf.org' > Subject: Secdir review of draft-ietf-karp-isis-analysis-04 > > Hello, > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. > Document editors and WG chairs should treat these comments just like > any other > last call comments. > > This document is ready for publication. > > [summary of this document] > > This document analyzes the threats of IS-IS protocol. > It first summarizes the current state of the IS-IS protocol, with > special focus > on key usage and key management (in section 2), and then analyzes the security > gaps in order to identify security requirements (in section 3). > > In the summary of the current state of the protocol (section 2), it already > mentioned the threats of the protocol, i.e. replay attack and spoofing attack, > for each of the three message types of IS-IS protocol. > Section 3 summarizes, organizes, and develops the threat analysis and provides > candidate direction to cope with the threats by listing requirements > and by > listing related I-D works. > > [minor comment] > > As mentioned in the security consideration section, this draft does > not modify > any of the existing protocols. > It thus does not produce any new security concerns. > So, the security consideration section seems adequate. > The authors could consider citing RFC 5310 in Section 5, since I feel > like that > this draft does not discuss all the content of the consideration > section of > the rfc (it does discuss major parts of the section, though). > > Cheers, > Take >
- [secdir] Secdir review of draft-ietf-karp-isis-an… Takeshi Takahashi
- Re: [secdir] Secdir review of draft-ietf-karp-isi… Takeshi Takahashi
- Re: [secdir] Secdir review of draft-ietf-karp-isi… Uma Chunduri
- Re: [secdir] Secdir review of draft-ietf-karp-isi… Takeshi Takahashi