Reviewer: Watson Ladd
Review result: Has Issues
Dear all,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
The summary of my review is Has Issues. While this document is a pretty
concise and well written description of a problem and solution, the securities
consideration section is pretty perfunctory.
In particular this document seems to assert that the new extensions can only
be enabled when all routers support them, and not in a link-by-link manner. If
that's the case, then an attacker can enable the new advertisements on a router
and cause problems, while the securities consideration section seems to say
this is
only per application.
IS-IS is normally within an adminstrative domain, which does minimize many of
the impacts,
but the impact of an attacker having access aren't completely solved by
authentication,
particularly if messages can have effect at large distances.
I think the security considerations section needs some revision in light of
this,
either clarifying that IS-IS must be used within a domain, or more attention
paid
to thinking about what could go wrong.
Sincerely,
Watson Ladd
___
Lsr mailing list
Lsr@ietf.org
https://www.ietf.org/mailman/listinfo/lsr
