Skip to main content

Last Call Review of draft-ietf-isis-auto-conf-04
review-ietf-isis-auto-conf-04-genart-lc-sparks-2017-04-07-00

Request Review of draft-ietf-isis-auto-conf
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2017-04-10
Requested 2017-03-22
Authors Bing Liu , Les Ginsberg , Bruno Decraene , Ian Farrer , Mikael Abrahamsson
I-D last updated 2017-04-07
Completed reviews Secdir Last Call review of -04 by Radia Perlman (diff)
Opsdir Last Call review of -04 by Will (Shucheng) LIU (diff)
Genart Last Call review of -04 by Robert Sparks (diff)
Assignment Reviewer Robert Sparks
State Completed
Request Last Call review on draft-ietf-isis-auto-conf by General Area Review Team (Gen-ART) Assigned
Reviewed revision 04 (document currently at 05)
Result Ready w/issues
Completed 2017-04-07
review-ietf-isis-auto-conf-04-genart-lc-sparks-2017-04-07-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-isis-auto-conf-04
Reviewer: Robert Sparks
Review Date: 2017-04-07
IETF LC End Date: 2017-04-10
IESG Telechat date: 2017-04-13

Summary: Ready for publication as Proposed Standard, but with 
one possible thing to add to the security consideration section

This document is clear and seems straightforward to implement. 

I think, however, there is an attack possibility you should call out 
in the security considerations section. As home routers are used 
as examples of elements that might use this protocol, consider 
the case of a malicious party wanting to deny service in that home.
A suborned device in the home could watch for the protocol, and
present a crafted packet to force the home router(s) to re-start
the autoconfiguration protocol continually (by claiming to be a
duplicate and being careful to make it the routers job to restart).
Having the md5 password configured would mitigate this attack.