Skip to main content

Last Call Review of draft-ietf-karp-isis-analysis-04
review-ietf-karp-isis-analysis-04-secdir-lc-takahashi-2015-07-03-00

Request Review of draft-ietf-karp-isis-analysis
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-07-03
Requested 2015-06-10
Authors Uma Chunduri , Albert Tian , Wenhu Lu
I-D last updated 2015-07-03
Completed reviews Genart Last Call review of -04 by Brian E. Carpenter (diff)
Genart Last Call review of -06 by Brian E. Carpenter (diff)
Secdir Last Call review of -04 by Takeshi Takahashi (diff)
Opsdir Last Call review of -04 by Tina Tsou (Ting ZOU) (diff)
Assignment Reviewer Takeshi Takahashi
State Completed
Request Last Call review on draft-ietf-karp-isis-analysis by Security Area Directorate Assigned
Reviewed revision 04 (document currently at 07)
Result Ready
Completed 2015-07-03
review-ietf-karp-isis-analysis-04-secdir-lc-takahashi-2015-07-03-00
Let me add one more comment here.
We could probably discourage the use of HMAC-MD5, and encourage the use of
HMAC-SHA family instead.

Take

> -----Original Message-----
> From: Takeshi Takahashi [mailto:takeshi_takahashi@nict.go.jp]
> Sent: Friday, July 3, 2015 1:10 PM
> To: 'draft-ietf-karp-isis-analysis.all@tools.ietf.org'
> Cc: 'iesg@ietf.org'; 'secdir@ietf.org'; 'karp-chairs@tools.ietf.org'
> Subject: Secdir review of draft-ietf-karp-isis-analysis-04
>
> Hello,
>
> I have reviewed this document as part of the security directorate's
ongoing
> effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors.
> Document editors and WG chairs should treat these comments just like any
other
> last call comments.
>
> This document is ready for publication.
>
> [summary of this document]
>
> This document analyzes the threats of IS-IS protocol.
> It first summarizes the current state of the IS-IS protocol, with special
focus
> on key usage and key management (in section 2), and then analyzes the
security
> gaps in order to identify security requirements (in section 3).
>
> In the summary of the current state of the protocol (section 2), it
already
> mentioned the threats of the protocol, i.e. replay attack and spoofing
attack,
> for each of the three message types of IS-IS protocol.
> Section 3 summarizes, organizes, and develops the threat analysis and
provides
> candidate direction to cope with the threats by listing requirements and
by
> listing related I-D works.
>
> [minor comment]
>
> As mentioned in the security consideration section, this draft does not
modify
> any of the existing protocols.
> It thus does not produce any new security concerns.
> So, the security consideration section seems adequate.
> The authors could consider citing RFC 5310 in Section 5, since I feel like
that
> this draft does not discuss all the content of the consideration section
of
> the rfc (it does discuss major parts of the section, though).
>
> Cheers,
> Take
>