Hi Les! > -----Original Message----- > From: Les Ginsberg (ginsberg) [mailto:[email protected]] > Sent: Wednesday, May 15, 2019 4:22 PM > To: Roman Danyliw <[email protected]>; The IESG <[email protected]> > Cc: [email protected]; Christian Hopps > <[email protected]>; [email protected]; > [email protected]; [email protected]; [email protected] > Subject: RE: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing- > extensions-24: (with DISCUSS and COMMENT) > > Roman - > > Thanx for the review. > > Responses inline. > > > -----Original Message----- > > From: Lsr <[email protected]> On Behalf Of Roman Danyliw via > > Datatracker > > Sent: Wednesday, May 15, 2019 12:18 PM > > To: The IESG <[email protected]> > > Cc: [email protected]; Christian > > Hopps <[email protected]>; [email protected]; > > [email protected]; [email protected]; [email protected] > > Subject: [Lsr] Roman Danyliw's Discuss on > > draft-ietf-isis-segment-routing- > > extensions-24: (with DISCUSS and COMMENT) > > > > Roman Danyliw has entered the following ballot position for > > draft-ietf-isis-segment-routing-extensions-24: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut > > this introductory paragraph, however.) > > > > > > Please refer to > > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-isis-segment-routing-exten > > sions/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > I need a bit of help understanding how to read the Security > > Considerations text – threats are identified but how they are > > mitigated seems implicit. The text, “In general the same types of > > attacks … However, the latter will be more difficult to detect …”, > > alludes to a similar threat without a reference and seems to suggest > > it will be worse in the deployed environment of this extension. > > > [Les:] The point being made here is that when MPLS is in use the destinations > affected by inappropriate/malicious use of a label cannot be directly > identified as in the case of IP/IPv6 forwarding entries - they require > further > investigation to determine. > But the result is the same - traffic is misrouted. > > > The next paragraph, “Existing security extensions … [RFC5304] and > > [RFC5310] apply …” states that [RFC5304] and [RFC5310] also apply. > > What does apply mean here – should they be used? Do they mitigate > > what’s described in the previous paragraph? > > [Les:] The two paragraphs are not directly related. RFC5304/RFC5310 define > the use of MD5/Cryptographic authentication for IS-IS. Use of these > extensions is prudent to protect all IS-IS advertisements. Referencing these > RFCs is standard content for the Security section of almost any IS-IS > extension.
I was connecting those two paragraphs. I now understand and it is clear in re-reading. Thanks for this explanation. I'll clear the discuss. > Les > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Section 2.3. Typo. s/advertsied/advertised/ > > > > > > _______________________________________________ > > Lsr mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/lsr _______________________________________________ Lsr mailing list [email protected] https://www.ietf.org/mailman/listinfo/lsr
