Management Information Base for Intermediate System to Intermediate System (IS-IS)
RFC 4444

[Ballot comment]
W.r.t. the Security Considerations Section.
After we saw the comment from the GEN-ART review, there was
continued discussion between the MIB doctors if that section
needed to elaborate and list the speicific objects with their
specific vulnerabilities. In total there are some 64 writable
objects that may need discussion (either separate or in chuncks).

Russ has taken a DISCUSS on that and I think that the MIB doctors
have rough consensus that it would be BETTER if indeed some more
detail was given. Even if all 64 objects have the same sensitivity,
even then it would be good to make such an explicit statement. But
it is not clear that they indeed all have the same sensistivity and
would all cause the same type of harm if changed in an unauthorized
manner.

[Ballot discuss]
The Overview in Section 2 says:
  >
  > This document is provided to the IETF working group on IS-IS.
  >
  Isn't this an output of the IS-IS WG?

  The Security Considerations in Section 7 says:
  >
  > There are a number of management objects defined in this MIB that
  > have a MAX-ACCESS clause of read-write and/or read-create.  Such
  > objects may be considered sensitive or vulnerable in some network
  > environments.
  >
  and
  >
  > Since the MIB controls a device which routes  packets, all
  > writeable attributes have the potential to disrupt network
  > operations if improperly modified and may require protection
  > against unauthorized write access.
  >
  Which managed objects?  What are the consequences (besides denial
  of service) should these managed objects be set to inappropriate
  values?  For example, can any of these managed objects cause
  traffic to be routed in an unexpected manner to aid eavesdropping?

[Ballot comment]
(From Gen-ART review by David Black)

- Section 2, Overview:

  This document is provided to the IETF working group on IS-IS.  It
  describes a management information base for the IS-IS Routing
  protocol as described in ISO 10589 [ISO10589], when it is used to
  construct routing tables for IP networks, as described in RFC 1195
  [RFC1195].

Remove first sentence (will no longer be appropriate when this is
published as an RFC0, and rephrase second to "This document describes ...".

- Section 6, Acknowledgements:

Was an extra "r" added to Chris Gunner's name?

- Section 7, Security Considerations

This is ok in its current form, although it would be improved with
references to specific MIB tables/objects, even as examples of how
uncontrolled write access could cause problems.  The references are
not essential, as the threat of uncontrolled write access is both
obvious and compelling as described.

IANA Last Call Comments:
Upon approval of this document the IANA will assign a mib-2 number for isisMIB. This registration will be made in the mib-2 numbers registry found at:
http://www.iana.org/assignments/smi-numbers