Roman - Thanx for the review.
Responses inline. > -----Original Message----- > From: Lsr <[email protected]> On Behalf Of Roman Danyliw via > Datatracker > Sent: Wednesday, May 15, 2019 12:18 PM > To: The IESG <[email protected]> > Cc: [email protected]; Christian Hopps > <[email protected]>; [email protected]; > [email protected]; [email protected]; [email protected] > Subject: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing- > extensions-24: (with DISCUSS and COMMENT) > > Roman Danyliw has entered the following ballot position for > draft-ietf-isis-segment-routing-extensions-24: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-isis-segment-routing-extensions/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > I need a bit of help understanding how to read the Security Considerations > text > – threats are identified but how they are mitigated seems implicit. The text, > “In general the same types of attacks … However, the latter will be more > difficult to detect …”, alludes to a similar threat without a reference and > seems to suggest it will be worse in the deployed environment of this > extension. > [Les:] The point being made here is that when MPLS is in use the destinations affected by inappropriate/malicious use of a label cannot be directly identified as in the case of IP/IPv6 forwarding entries - they require further investigation to determine. But the result is the same - traffic is misrouted. > The next paragraph, “Existing security extensions … [RFC5304] and [RFC5310] > apply …” states that [RFC5304] and [RFC5310] also apply. What does apply > mean > here – should they be used? Do they mitigate what’s described in the > previous > paragraph? [Les:] The two paragraphs are not directly related. RFC5304/RFC5310 define the use of MD5/Cryptographic authentication for IS-IS. Use of these extensions is prudent to protect all IS-IS advertisements. Referencing these RFCs is standard content for the Security section of almost any IS-IS extension. Les > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 2.3. Typo. s/advertsied/advertised/ > > > _______________________________________________ > Lsr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/lsr _______________________________________________ Lsr mailing list [email protected] https://www.ietf.org/mailman/listinfo/lsr
