[secdir] Secdir review of draft-ietf-ospf-multi-instance
Magnus Nyström <magnusn@gmail.com> Mon, 12 December 2011 08:10 UTC
Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BCCA21F8A64; Mon, 12 Dec 2011 00:10:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GuOKsxabYNMA; Mon, 12 Dec 2011 00:10:38 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id EA1EA21F84C2; Mon, 12 Dec 2011 00:10:37 -0800 (PST)
Received: by ggnk5 with SMTP id k5so5857082ggn.31 for <multiple recipients>; Mon, 12 Dec 2011 00:10:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=KgBYF4ibikjGeo08+WR+situAy2m2f7E72b7+yU2zW0=; b=QRU2TtmPIGY5eAI1WT0b01hzS40t3N/yaq80P9di4T7uNLLpiOoOzSociZ0D3rnZTO iovSGmCL2Lboh7Y8zdskh2uFgRoadqy5U9epAET9UxnZLMBhttEZpPy3pPOzHqGsgDfu tQe6qDCci1YOACJ58S9T561whQBMKcvaecYGU=
MIME-Version: 1.0
Received: by 10.50.155.195 with SMTP id vy3mr10301311igb.46.1323677437402; Mon, 12 Dec 2011 00:10:37 -0800 (PST)
Received: by 10.50.208.65 with HTTP; Mon, 12 Dec 2011 00:10:37 -0800 (PST)
Date: Mon, 12 Dec 2011 00:10:37 -0800
Message-ID: <CADajj4ZVy8vWxUDiFm5g=3_JYvBRsMaTNns+YaPqMd5LO43Fqw@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-ospf-multi-instance@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [secdir] Secdir review of draft-ietf-ospf-multi-instance
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2011 08:10:39 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a method for allowing multiple instances on the same domain in OSPFv2. Since the Autype field in OSPFv2 will be halved by this document then one concern would have been if there were existing implementations using Autype values large enough to set bits in the higher octet. According to the authors this is not the case and so the risk of re-use of existing Autype values does apparently not exist. Conversely, when a router which does not understand this new use of the Autype field is presented with a packet from a router that is instance-aware (and uses a non-zero instance-id value) it will not accept it since it would represent an unknown authentication type. I would therefore tend to agree with the authors that the introduction of an InstanceID as part of the previous Autype field should not be a cause of concern. Editorial: - Section 2: Unclear sentence: "In support of this capability, this document introduces a modified packet header format with the Authentication Type field is split into an Instance ID and AuType." (Probably the "is" should be removed/replaced) - Section 5: Refers to Appendix D but there is no Appendix D. Presumably the link should be to Appendix D of OSPFv2. -- Magnus
- [secdir] Secdir review of draft-ietf-ospf-multi-i… Magnus Nyström
- Re: [secdir] Secdir review of draft-ietf-ospf-mul… Acee Lindem