[secdir] Secdir review of draft-ietf-karp-isis-analysis-04

"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Fri, 03 July 2015 04:09 UTC

Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B22B51B2B3B; Thu, 2 Jul 2015 21:09:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.598
X-Spam-Level:
X-Spam-Status: No, score=0.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FUfyly_BRqrS; Thu, 2 Jul 2015 21:09:38 -0700 (PDT)
Received: from ns2.nict.go.jp (ns2.nict.go.jp [IPv6:2001:df0:232:300::2]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2970A1A9250; Thu, 2 Jul 2015 21:09:38 -0700 (PDT)
Received: from gw2.nict.go.jp (gw2.nict.go.jp [133.243.18.251]) by ns2.nict.go.jp with ESMTP id t6349aUU022953; Fri, 3 Jul 2015 13:09:36 +0900 (JST)
Received: from TakeVaioVJP13 (vrrp.ssh.nict.go.jp [133.243.3.48] (may be forged)) by gw2.nict.go.jp with ESMTP id t6349Zt5022937; Fri, 3 Jul 2015 13:09:35 +0900 (JST)
From: "Takeshi Takahashi" <takeshi_takahashi@nict.go.jp>
To: <draft-ietf-karp-isis-analysis.all@tools.ietf.org>
Date: Fri, 3 Jul 2015 13:09:44 +0900
Message-ID: <005801d0b546$17c06f90$47414eb0$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdC1RZp1NKJ94rslRLaB6U6NutZdxQ==
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.98.5 at zenith2
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/_sHLiRPiI7oedsBbxyhz6T2h2t8>
Cc: karp-chairs@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: [secdir] Secdir review of draft-ietf-karp-isis-analysis-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2015 04:09:39 -0000

Hello,

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.
Document editors and WG chairs should treat these comments just like any
other last call comments.

This document is ready for publication.

[summary of this document]

This document analyzes the threats of IS-IS protocol.
It first summarizes the current state of the IS-IS protocol, with special
focus on key usage and key management (in section 2), and then analyzes the
security gaps in order to identify security requirements (in section 3).

In the summary of the current state of the protocol (section 2), it already
mentioned the threats of the protocol, i.e. replay attack and spoofing
attack, for each of the three message types of IS-IS protocol.
Section 3 summarizes, organizes, and develops the threat analysis and
provides candidate direction to cope with the threats by listing
requirements and by listing related I-D works.

[minor comment]

As mentioned in the security consideration section, this draft does not
modify any of the existing protocols.
It thus does not produce any new security concerns.
So, the security consideration section seems adequate.
The authors could consider citing RFC 5310 in Section 5, since I feel like
that this draft does not discuss all the content of the consideration
section of the rfc (it does discuss major parts of the section, though).

Cheers,
Take