[secdir] secdir review of draft-ietf-ospf-security-extension-manual-keying-09
"Shaun Cooley (shcooley)" <shcooley@cisco.com> Tue, 28 October 2014 00:30 UTC
Return-Path: <shcooley@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0B9A1A7D81; Mon, 27 Oct 2014 17:30:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ozSwxGq95Yoy; Mon, 27 Oct 2014 17:30:38 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FB9F1A8547; Mon, 27 Oct 2014 17:30:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5764; q=dns/txt; s=iport; t=1414456235; x=1415665835; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=bC85QBGO7UIg801ztjPkVH0rrNEIxFrAx2anrBCpbDY=; b=HVehIpJ4SbhzFUUNewkhfKVAIia8PndY7y2BMmWdkX1rdSy0cBckbLtr Y7DUNWKQe2P7LBbmKI0Z4CBgIWDvNjxJHV4mpcsfJj0JwBlZKgVuakkQE llQxOomOIqT4VySr1TzXpGbPDM1xyCKQ27Ob0Of1JHZCeSQTzLTJp2urv c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnEGAKHiTlStJV2P/2dsb2JhbABcgkhGVFyDAtIiAht9FgF9hAMBAQQjClwCAQweIAICAjAlAQEEARqIObY9lQQBAQEBAQEBAQEBAQEBAQEBAQEBAQEXkFc4gnc2gR4FkgeHC5p9g3iCNIEDAQEB
X-IronPort-AV: E=Sophos; i="5.04,799,1406592000"; d="scan'208,217"; a="90850880"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-7.cisco.com with ESMTP; 28 Oct 2014 00:30:33 +0000
Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s9S0UXeS018428 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 28 Oct 2014 00:30:33 GMT
Received: from xmb-aln-x10.cisco.com ([169.254.5.253]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.03.0195.001; Mon, 27 Oct 2014 19:30:33 -0500
From: "Shaun Cooley (shcooley)" <shcooley@cisco.com>
To: "draft-ietf-ospf-security-extension-manual-keying.all@tools.ietf.org" <draft-ietf-ospf-security-extension-manual-keying.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Thread-Topic: secdir review of draft-ietf-ospf-security-extension-manual-keying-09
Thread-Index: Ac/yQ6iTuz66jDyPQS6Q8po+ZqsLRAAApYcw
Date: Tue, 28 Oct 2014 00:30:32 +0000
Message-ID: <187A7B1DA239514F9146FC78B19AADE3502CD38A@xmb-aln-x10.cisco.com>
References: <187A7B1DA239514F9146FC78B19AADE3502CD332@xmb-aln-x10.cisco.com>
In-Reply-To: <187A7B1DA239514F9146FC78B19AADE3502CD332@xmb-aln-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.19.187.21]
Content-Type: multipart/alternative; boundary="_000_187A7B1DA239514F9146FC78B19AADE3502CD38Axmbalnx10ciscoc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/cRLue8hqRrZmbhHfgaNpBdikd74
Subject: [secdir] secdir review of draft-ietf-ospf-security-extension-manual-keying-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 00:30:40 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document addresses both inter-session and intra-session replay attacks when using manual keying for OSPFv2 by changing the sequence numbers to be 64-bit, with the most significant 32-bits being a boot count and the least significant 32-bits to be an increasing sequence number. The document also changes the Apad constant to match the source address of the IP header in order to extend authenticated data to prevent source address spoofing. The document was well written and I very much appreciated the redline style approach to the draft. I consider this document ready for publication. -Shaun
- [secdir] secdir review of draft-ietf-ospf-securit… Shaun Cooley (shcooley)
- Re: [secdir] secdir review of draft-ietf-ospf-sec… Acee Lindem (acee)