Skip to main content

Last Call Review of draft-ietf-karp-isis-analysis-04

Request Review of draft-ietf-karp-isis-analysis
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-07-03
Requested 2015-06-10
Authors Uma Chunduri , Albert Tian , Wenhu Lu
I-D last updated 2015-07-03
Completed reviews Genart Last Call review of -04 by Brian E. Carpenter (diff)
Genart Last Call review of -06 by Brian E. Carpenter (diff)
Secdir Last Call review of -04 by Takeshi Takahashi (diff)
Opsdir Last Call review of -04 by Tina Tsou (Ting ZOU) (diff)
Assignment Reviewer Takeshi Takahashi
State Completed
Request Last Call review on draft-ietf-karp-isis-analysis by Security Area Directorate Assigned
Reviewed revision 04 (document currently at 07)
Result Ready
Completed 2015-07-03
Let me add one more comment here.
We could probably discourage the use of HMAC-MD5, and encourage the use of
HMAC-SHA family instead.


> -----Original Message-----
> From: Takeshi Takahashi []
> Sent: Friday, July 3, 2015 1:10 PM
> To: ''
> Cc: ''; ''; ''
> Subject: Secdir review of draft-ietf-karp-isis-analysis-04
> Hello,
> I have reviewed this document as part of the security directorate's
> effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors.
> Document editors and WG chairs should treat these comments just like any
> last call comments.
> This document is ready for publication.
> [summary of this document]
> This document analyzes the threats of IS-IS protocol.
> It first summarizes the current state of the IS-IS protocol, with special
> on key usage and key management (in section 2), and then analyzes the
> gaps in order to identify security requirements (in section 3).
> In the summary of the current state of the protocol (section 2), it
> mentioned the threats of the protocol, i.e. replay attack and spoofing
> for each of the three message types of IS-IS protocol.
> Section 3 summarizes, organizes, and develops the threat analysis and
> candidate direction to cope with the threats by listing requirements and
> listing related I-D works.
> [minor comment]
> As mentioned in the security consideration section, this draft does not
> any of the existing protocols.
> It thus does not produce any new security concerns.
> So, the security consideration section seems adequate.
> The authors could consider citing RFC 5310 in Section 5, since I feel like
> this draft does not discuss all the content of the consideration section
> the rfc (it does discuss major parts of the section, though).
> Cheers,
> Take