Re: [secdir] Secdir last call review of draft-ietf-lsr-isis-invalid-tlv-02

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Mon, 13 July 2020 22:30 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 861843A08CD; Mon, 13 Jul 2020 15:30:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=HANEGsRd; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=epdkwpoN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZoLbPIz52ybK; Mon, 13 Jul 2020 15:30:40 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0D9E3A0E82; Mon, 13 Jul 2020 15:30:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1426; q=dns/txt; s=iport; t=1594679424; x=1595889024; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=7rOGap/oW6k0nHQC6+Z2k/QleSAHuM6hLTcNTloh8fk=; b=HANEGsRdepWMH9hit0qW1PQvO/w+EIhAAOvm5Lbmi0qRZ2zyxGpT66eP ePw04NRMj2/dNuioQWbSbVlBBPsOQNgYRiVvl4a2nPgkw1aqHZa6xw5LR N2jWbw4lkEPexS0nkaiu7xyBXfhs4NlL4VdEzi4Ptmq5CPTGZC9q1n/VW 0=;
IronPort-PHdr: 9a23:BregxRBBHp+Y8QNPQtHIUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qw01g3SQIPW97Rfhrmev6PhXDkG5pCM+DAHfYdXXhAIwcMRg0Q7AcGDBEG6SZyibyEzEMlYElMw+Xa9PBtOBcDzexvJry764TsbAB6qMw1zK6z8EZLTiMLi0ee09tXTbgxEiSD7b6l1KUC9rB7asY8dho4xJw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BdAQAD4Axf/4cNJK1gHAEBAQEBAQcBARIBAQQEAQFAgTkEAQELAYFRUQeBRy8shDODRgONUZheglMDVQsBAQEMAQEtAgQBAYRMAheCAwIkNwYOAgMBAQsBAQUBAQECAQYEbYVbDIVvAQEBAQMSEREMAQEpDgELBAIBCBEEAQEDAiYCAgIwFQgIAgQBDQUIGoVQAy4BnnQCgTmIYXaBMoMBAQEFhTcYgg4JgQ4qAYJpg1WDaIJLGoFBP4ERQ4JNPoQ/gxQzgi2SQ5IEj118CoJdlGyFDZ8qkWyedAIEAgQFAg4BAQWBaSSBV3AVgyRQFwINjh6DcYpWdDcCBggBAQMJfI9NAQE
X-IronPort-AV: E=Sophos;i="5.75,348,1589241600"; d="scan'208";a="801028813"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Jul 2020 22:30:23 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 06DMUNLK010576 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 13 Jul 2020 22:30:23 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 13 Jul 2020 17:30:23 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 13 Jul 2020 18:30:22 -0400
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 13 Jul 2020 17:30:21 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fZnqBtDcgVzVuOefOX9InyDj3dDumUIu5VBIQyv37ZFn/7uMsEGews8it6Ekbs0myvKBlfxKUOBgxr2rZh7gci+RsLke+XkEXv63hPQMYLiYyftz2D1yu0KKq32HnyAezLTqAuqu3ouMcTHIT8b+SsuL2kTJbj8o9xzLB0a9JCEw+RfcbjDwhfTfjKrTrsqCXajCLLcylug0b7oqFJZR60Aj+XDVbx9S7irgjc55s1h+TQ84LZciBk46GKzsbtSPasWuOU1fck/TFXejhcJqfpZauZuJFtV0r4sBZW6G0BUG0B8tzGNmxlIHGyM+WIV2vMHoltN+Cn0G3Nm8irNnZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7rOGap/oW6k0nHQC6+Z2k/QleSAHuM6hLTcNTloh8fk=; b=Smyb77TciIBb6RPWb0qF/KzLrCaydZ9MnVsf5np9fcyfFri8+d59UYOMzrqcyp2Z5Yesfmc/pwx+oPtUZEMBtCq1Cg/ZLsA6LIyr3LSNIqxeI2KEGLtxisdoKAsbRcpU0tiqZPlItDXAAZ8QSjUESXF3gMtb0Kq3vd4hSniU+t3L/uyUh13sUJtH+1TonuvUW5g9Ji90RgMdLdkq6m4kP8kOlrpl6BmBEE1+jHignMlh1rgQ0wbGj+kopREw5X0pbGhJLwF+L2hLkf34/bKvVGhASiLDvk/2TVnrfdozM0wRLIbBKjW+e01g5MvrlgfSA2TLnGeyj9PL+LT6t/uKFw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7rOGap/oW6k0nHQC6+Z2k/QleSAHuM6hLTcNTloh8fk=; b=epdkwpoNFgHKuTLDRA1JFiTiGE//JP4r8TVCG844KdFT8ghQRZRGlbM605VUaurJjdbNrmM1k17hX4pdSOwmzepn/uq6WVjhjLRmcFoquluTt+cln9/hsKpOqGR/3iAHPLq5R8O4isxcd6smfd69huXSvktlz59DmvDGoV4Aeg0=
Received: from BY5PR11MB4337.namprd11.prod.outlook.com (2603:10b6:a03:1c1::14) by BYAPR11MB3096.namprd11.prod.outlook.com (2603:10b6:a03:8f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.23; Mon, 13 Jul 2020 22:30:20 +0000
Received: from BY5PR11MB4337.namprd11.prod.outlook.com ([fe80::744b:761f:b385:f1e2]) by BY5PR11MB4337.namprd11.prod.outlook.com ([fe80::744b:761f:b385:f1e2%7]) with mapi id 15.20.3174.025; Mon, 13 Jul 2020 22:30:20 +0000
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: Leif Johansson <leifj@sunet.se>, "secdir@ietf.org" <secdir@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "lsr@ietf.org" <lsr@ietf.org>, "draft-ietf-lsr-isis-invalid-tlv.all@ietf.org" <draft-ietf-lsr-isis-invalid-tlv.all@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-lsr-isis-invalid-tlv-02
Thread-Index: AQHWWVfsnZyRgjLKgEmXsLXDFodjIakGF59w
Date: Mon, 13 Jul 2020 22:30:19 +0000
Message-ID: <BY5PR11MB4337F1052C7E00C8243C75FFC1600@BY5PR11MB4337.namprd11.prod.outlook.com>
References: <159467367745.10834.16297254494468289081@ietfa.amsl.com>
In-Reply-To: <159467367745.10834.16297254494468289081@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sunet.se; dkim=none (message not signed) header.d=none;sunet.se; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2602:306:36ca:6640:5564:b1a9:c304:c47b]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 003a3977-6ac1-4cfe-7404-08d8277c5375
x-ms-traffictypediagnostic: BYAPR11MB3096:
x-microsoft-antispam-prvs: <BYAPR11MB3096920728132503835AB063C1600@BYAPR11MB3096.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uKplmcUATici3RpQsBBT7L5NXJusi0d3QVLE6yLZd1ALomSPPoWf5mcK3c2x9f/TyJxknioECaoQgxMhns3ECOnH9UbDwPG172MT50sPdbH/V/mMXPEPKh9RdaDJoLA3ZTWoUqpRZazAY6xZp1T+FmM4Y1gyuJtkMKyxqG4gf5dsQ069CGu3NQA7Q1nb65+wHaF0PC7oPCsYnA/3Hua6X9FVmcIi97LyoeV8lwLl4S0GZS2dlnq5RjAlrzlJwBZKiIQ/iF5c+pAsyZazqREyI/Z6TS58l75tCudMQo+Ypg4vbzxUFgnk2I1NYkbgJjZitQqxdb403U+W56/xf4OS+g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4337.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(376002)(396003)(136003)(346002)(39860400002)(4326008)(9686003)(55016002)(186003)(316002)(86362001)(4744005)(8936002)(5660300002)(83380400001)(52536014)(8676002)(64756008)(66446008)(66946007)(33656002)(66556008)(76116006)(66476007)(478600001)(110136005)(54906003)(7696005)(71200400001)(2906002)(6506007)(53546011); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: sOI4mDOxSHGoDyc1MASJWLzhrSzbIi90isDSaz3OCD6VlvHIBtk2bs2vxK4UZKQXKZ3R+x3EOCWYEGFX0mo8ZvJUkPJTtcblW38N10qIsK1B9HbcWJ7kgrjDsG+ys/XyiA+Wu8HTYXU+EOwBdIL0CtVX4g07eqUVKppKTmniq4/TO2wSpKE22gap+5xdl0Kay3a2EdLVYSVfL3ZUX2PD19WIwXza15xF6jMr5RPi9HTVQiUO2Rf74hdwm3vc7UEUt1AzuAXEKo+hj43gTOdx4mL+fgAiDTieg1T0CiPRq56tzGQm/jQsRWFQZM2FDSDGKcTFuZqYR9RASqdDgu/mU4V4sCVmvtgkBGLZUwtnG/FTTsjUIPeiWSUnELsNuIc9bjcFZPri39zzJXqBCOAT+lgVP/uSuRh7kh1iMQOqzFHtCYpGVsjdR7iLLbG0dX36JsfgwqzW1m3d0eVHW1w1qbKhS2E1Y2aRF3w4ihM/EZZqi9XWblbkok8dFKQv4JK+TfU1J8aKcO6hdtrKDsvTRlnhsapISqlz+eixOSPFO9kaaeVgiMnfwe6XmHPxr4xP
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4337.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 003a3977-6ac1-4cfe-7404-08d8277c5375
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2020 22:30:20.0100 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: M+7Qfb5wuTJVpTK/oU40nDbzARSwGaAQ+5QW8ylV9rChGcIGD1NxquE6iTqBkEup9BCfEETlnNhxqzShEKRupQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3096
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/zZ-Bazf1zlhW5bislbbK6dwyJaI>
Subject: Re: [secdir] Secdir last call review of draft-ietf-lsr-isis-invalid-tlv-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 22:30:42 -0000

Leif -

Thanx for your review.

   Les

> -----Original Message-----
> From: Leif Johansson via Datatracker <noreply@ietf.org>
> Sent: Monday, July 13, 2020 1:55 PM
> To: secdir@ietf.org
> Cc: last-call@ietf.org; lsr@ietf.org; draft-ietf-lsr-isis-invalid-tlv.all@ietf.org
> Subject: Secdir last call review of draft-ietf-lsr-isis-invalid-tlv-02
> 
> Reviewer: Leif Johansson
> Review result: Ready
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> The subject matter is outside my area of expertise but addressing the
> obvious attack vector related to authenticated purge messages seems
> like a good catch.
> 
> The document is well written and clearly describes what registries
> and documents are updated.
>