[secdir] review of draft-ietf-isis-bfd-tlv-02

Stephen Kent <kent@bbn.com> Sat, 24 July 2010 20:44 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id AB9933A6768 for <secdir@core3.amsl.com>; Sat, 24 Jul 2010 13:44:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.282
X-Spam-Status: No, score=-1.282 tagged_above=-999 required=5 tests=[AWL=-1.184, BAYES_00=-2.599, HTML_MESSAGE=0.001, MANGLED_ATIVAN=2.5]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 2LmPYzyld1Ip for <secdir@core3.amsl.com>; Sat, 24 Jul 2010 13:44:26 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com []) by core3.amsl.com (Postfix) with ESMTP id 7EFF23A67B5 for <secdir@ietf.org>; Sat, 24 Jul 2010 13:44:26 -0700 (PDT)
Received: from dommiel.bbn.com ([]:56127 helo=[]) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1OclaP-000Hur-HY; Sat, 24 Jul 2010 16:44:45 -0400
Mime-Version: 1.0
Message-Id: <p06240803c870ffec1816@[]>
Date: Sat, 24 Jul 2010 16:44:40 -0400
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-932118212==_ma============"
Cc: ginsberg@cisco.com, dward@juniper.com, stbryant@cisco.com, chopps@cisco.com
Subject: [secdir] review of draft-ietf-isis-bfd-tlv-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Jul 2010 20:44:29 -0000

I reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This is a very brief (8-page) document that is generally well 
written. It defines a TLV (an acronym not defined in the document, 
but I'm guessing type-length-value) value for use in IS-IS, for 
bidirectional forwarding detection (BFD). The abstract says that this 
TLV is needed because, in some scenarios, IS-IS fails to detect a 
forwarding plane failure based on BFD as described in 
ietf-bfd-generic]. Section 2 of this (the reviewed) document 
describes a class of scenarios in which the BFD mechanism cited above 
would not work properly, thus motivating the proposal contained here. 
The simple solution proposed here is for a router to advertise its 
ability to perform BFD on an interface via its IS-IS IIH (an acronym 
not defined in the document), hence the need to define this TLV.  My 
biggest complaint with the document overall is that it uses several 
acronyms without first defining them, an easy problem to fix.

The Security Considerations section is just one paragraph, which 
states that the addition of this feature does not adversely affect 
the security mechanism (sic) of IS-IS. I'm not questioning this 
assertion, based on reading this document, but I think a couple of 
additional sentences are needed here, to justify the assertion.