Re: [secdir] review of draft-ietf-isis-bfd-tlv-02

Stephen Kent <> Mon, 26 July 2010 08:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B7B7B3A6A07 for <>; Mon, 26 Jul 2010 01:14:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.437
X-Spam-Status: No, score=-2.437 tagged_above=-999 required=5 tests=[AWL=0.162, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IO1GhPJXCJX5 for <>; Mon, 26 Jul 2010 01:14:34 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 0837C3A6A53 for <>; Mon, 26 Jul 2010 01:14:34 -0700 (PDT)
Received: from ([]:46598 helo=[]) by with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <>) id 1OdIpq-000Njl-8A; Mon, 26 Jul 2010 04:14:54 -0400
Mime-Version: 1.0
Message-Id: <p06240808c872f28a1b0d@[]>
In-Reply-To: <>
References: <p06240803c870ffec1816@[]> <> <>
Date: Mon, 26 Jul 2010 04:12:16 -0400
To: "Les Ginsberg (ginsberg)" <>
From: Stephen Kent <>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Cc: "Stewart Bryant \(stbryant\)" <>, "Chris Hopps \(chopps\)" <>,, Sam Hartman <>,
Subject: Re: [secdir] review of draft-ietf-isis-bfd-tlv-02
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 Jul 2010 08:14:36 -0000

At 12:55 AM -0700 7/26/10, Les Ginsberg (ginsberg) wrote:
>The mechanism introduced by this draft is used to determine when/if to
>use BFD session state as a prerequisite to forming an IS-IS adjacency
>and/or to trigger IS-IS adjacency state transitions. It does not make
>any changes to the operation of BFD itself - which I think your wording
>may unintentionally imply. How about:
>"The TLV defined within this document describes an addition to the IS-IS
>Hello protocol. Inappropriate use of this TLV could prevent an IS-IS
>adjacency from forming or lead to failure to detect bidirectional
>forwarding failures - each of which is a form of denial of service.
>However, a party who can
>manipulate the contents of this TLV is already in a position to create
>such a denial of service by disrupting IS-IS routing in other ways."

That text is much better. I think it is also worth including a 
sentence, as you did later in your message, noting that the use of 
this new TLV in the IS-IS hello exchange is independent of the use of 
authentication for that exchange or for BFD.