Last Call Review of draft-ietf-isis-extended-sequence-no-tlv-04
review-ietf-isis-extended-sequence-no-tlv-04-opsdir-lc-brownlee-2015-03-28-00

Hi all:

I have reviewed this document as part of the Operational directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
operational area directors.  Document editors and WG chairs should
treat these comments just like any other last call comments.

Overall, it seems fine to me.

Abstract:
  "This document defines Extended Sequence number TLV to protect
   Intermediate System to Intermediate System (IS-IS) PDUs from replay
   attacks."

Draft addresses Security concerns raised by the use of IS-IS in
Data Centre environments, and by the use of SDN in Data Centres.

"This document defines Extended Sequence number (ESN) TLV to protect
Intermediate System to Intermediate System (IS-IS) PDUs from replay
attacks."

I presume that the ESSN will be given a random (but non-zero) when the
router boots up, then increments from there?  This is covered in
detail in Appendix A, but perhaps a forward reference to that in
section 3 would be helpful.

Section 5 on Backward Compatibility and Deployment seems clear
to me, and should help Operators to use this new feature.

Cheers, Nevil
Co-chair, EMAN WG

--
---------------------------------------------------------------------
 Nevil Brownlee                    Computer Science Department | ITS
 Phone: +64 9 373 7599 x88941             The University of Auckland
 FAX: +64 9 373 7453   Private Bag 92019, Auckland 1142, New Zealand