[secdir] Secdir review of draft-ietf-karp-isis-analysis-04
"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Fri, 03 July 2015 04:09 UTC
Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B22B51B2B3B; Thu, 2 Jul 2015 21:09:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.598
X-Spam-Level:
X-Spam-Status: No, score=0.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FUfyly_BRqrS; Thu, 2 Jul 2015 21:09:38 -0700 (PDT)
Received: from ns2.nict.go.jp (ns2.nict.go.jp [IPv6:2001:df0:232:300::2]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2970A1A9250; Thu, 2 Jul 2015 21:09:38 -0700 (PDT)
Received: from gw2.nict.go.jp (gw2.nict.go.jp [133.243.18.251]) by ns2.nict.go.jp with ESMTP id t6349aUU022953; Fri, 3 Jul 2015 13:09:36 +0900 (JST)
Received: from TakeVaioVJP13 (vrrp.ssh.nict.go.jp [133.243.3.48] (may be forged)) by gw2.nict.go.jp with ESMTP id t6349Zt5022937; Fri, 3 Jul 2015 13:09:35 +0900 (JST)
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: draft-ietf-karp-isis-analysis.all@tools.ietf.org
Date: Fri, 03 Jul 2015 13:09:44 +0900
Message-ID: <005801d0b546$17c06f90$47414eb0$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdC1RZp1NKJ94rslRLaB6U6NutZdxQ==
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.98.5 at zenith2
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/_sHLiRPiI7oedsBbxyhz6T2h2t8>
Cc: karp-chairs@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: [secdir] Secdir review of draft-ietf-karp-isis-analysis-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2015 04:09:39 -0000
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is ready for publication. [summary of this document] This document analyzes the threats of IS-IS protocol. It first summarizes the current state of the IS-IS protocol, with special focus on key usage and key management (in section 2), and then analyzes the security gaps in order to identify security requirements (in section 3). In the summary of the current state of the protocol (section 2), it already mentioned the threats of the protocol, i.e. replay attack and spoofing attack, for each of the three message types of IS-IS protocol. Section 3 summarizes, organizes, and develops the threat analysis and provides candidate direction to cope with the threats by listing requirements and by listing related I-D works. [minor comment] As mentioned in the security consideration section, this draft does not modify any of the existing protocols. It thus does not produce any new security concerns. So, the security consideration section seems adequate. The authors could consider citing RFC 5310 in Section 5, since I feel like that this draft does not discuss all the content of the consideration section of the rfc (it does discuss major parts of the section, though). Cheers, Take
- [secdir] Secdir review of draft-ietf-karp-isis-an… Takeshi Takahashi
- Re: [secdir] Secdir review of draft-ietf-karp-isi… Takeshi Takahashi
- Re: [secdir] Secdir review of draft-ietf-karp-isi… Uma Chunduri
- Re: [secdir] Secdir review of draft-ietf-karp-isi… Takeshi Takahashi