> On Jan 31, 2024, at 19:56, Roman Danyliw via Datatracker <[email protected]> > wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-lsr-ospfv3-extended-lsa-yang-28: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-lsr-ospfv3-extended-lsa-yang/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > ** Section 5. > > Write > operations (e.g., edit-config) to these data nodes without proper > protection can have a negative effect on network operations. There > are the subtrees and data nodes and their sensitivity/vulnerability: > > /ospf:ospf/extended-lsa-support > /ospf:ospf/ospf:areas/ospf:area/extended-lsa-support > The ability to disable OSPFv3 Extended LSA support can result in a > denial of service. > > Isn’t it more than just denial of service? In certain environments wouldn’t > the ability to modify OSPF Extended LSA configurations enable an attacker to: > modify network topologies to enable select traffic to avoid inspection or > treatment by security controls; route traffic in a way that it would be > subject > to inspect/modification by an adversary node; or gain access to otherwise > segregated parts of the network.
Only if they were able to craft extended LSAs on behalf of the original as well as modify the YANG configuration added by this document. I didn’t think we’d have to reiterate all the possible protocol attacks for every incremental enhancement. Acee > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > As an editorial note, I would have benefit from some narrative prose on the > data model. > > > _______________________________________________ Lsr mailing list [email protected] https://www.ietf.org/mailman/listinfo/lsr
