Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing-extensions-24: (with DISCUSS and COMMENT)
Hi Les! > -Original Message- > From: Les Ginsberg (ginsberg) [mailto:ginsb...@cisco.com] > Sent: Wednesday, May 15, 2019 4:22 PM > To: Roman Danyliw ; The IESG > Cc: draft-ietf-isis-segment-routing-extensi...@ietf.org; Christian Hopps > ; uma.chund...@huawei.com; > aretana.i...@gmail.com; lsr-cha...@ietf.org; lsr@ietf.org > Subject: RE: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing- > extensions-24: (with DISCUSS and COMMENT) > > Roman - > > Thanx for the review. > > Responses inline. > > > -Original Message- > > From: Lsr On Behalf Of Roman Danyliw via > > Datatracker > > Sent: Wednesday, May 15, 2019 12:18 PM > > To: The IESG > > Cc: draft-ietf-isis-segment-routing-extensi...@ietf.org; Christian > > Hopps ; uma.chund...@huawei.com; > > aretana.i...@gmail.com; lsr-cha...@ietf.org; lsr@ietf.org > > Subject: [Lsr] Roman Danyliw's Discuss on > > draft-ietf-isis-segment-routing- > > extensions-24: (with DISCUSS and COMMENT) > > > > Roman Danyliw has entered the following ballot position for > > draft-ietf-isis-segment-routing-extensions-24: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut > > this introductory paragraph, however.) > > > > > > Please refer to > > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-isis-segment-routing-exten > > sions/ > > > > > > > > -- > > DISCUSS: > > -- > > > > I need a bit of help understanding how to read the Security > > Considerations text – threats are identified but how they are > > mitigated seems implicit. The text, “In general the same types of > > attacks … However, the latter will be more difficult to detect …”, > > alludes to a similar threat without a reference and seems to suggest > > it will be worse in the deployed environment of this extension. > > > [Les:] The point being made here is that when MPLS is in use the destinations > affected by inappropriate/malicious use of a label cannot be directly > identified as in the case of IP/IPv6 forwarding entries - they require > further > investigation to determine. > But the result is the same - traffic is misrouted. > > > The next paragraph, “Existing security extensions … [RFC5304] and > > [RFC5310] apply …” states that [RFC5304] and [RFC5310] also apply. > > What does apply mean here – should they be used? Do they mitigate > > what’s described in the previous paragraph? > > [Les:] The two paragraphs are not directly related. RFC5304/RFC5310 define > the use of MD5/Cryptographic authentication for IS-IS. Use of these > extensions is prudent to protect all IS-IS advertisements. Referencing these > RFCs is standard content for the Security section of almost any IS-IS > extension. I was connecting those two paragraphs. I now understand and it is clear in re-reading. Thanks for this explanation. I'll clear the discuss. >Les > > > > > > > -- > > COMMENT: > > -- > > > > Section 2.3. Typo. s/advertsied/advertised/ > > > > > > ___ > > Lsr mailing list > > Lsr@ietf.org > > https://www.ietf.org/mailman/listinfo/lsr ___ Lsr mailing list Lsr@ietf.org https://www.ietf.org/mailman/listinfo/lsr
Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing-extensions-24: (with DISCUSS and COMMENT)
Roman - Thanx for the review. Responses inline. > -Original Message- > From: Lsr On Behalf Of Roman Danyliw via > Datatracker > Sent: Wednesday, May 15, 2019 12:18 PM > To: The IESG > Cc: draft-ietf-isis-segment-routing-extensi...@ietf.org; Christian Hopps > ; uma.chund...@huawei.com; > aretana.i...@gmail.com; lsr-cha...@ietf.org; lsr@ietf.org > Subject: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing- > extensions-24: (with DISCUSS and COMMENT) > > Roman Danyliw has entered the following ballot position for > draft-ietf-isis-segment-routing-extensions-24: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-isis-segment-routing-extensions/ > > > > -- > DISCUSS: > -- > > I need a bit of help understanding how to read the Security Considerations > text > – threats are identified but how they are mitigated seems implicit. The text, > “In general the same types of attacks … However, the latter will be more > difficult to detect …”, alludes to a similar threat without a reference and > seems to suggest it will be worse in the deployed environment of this > extension. > [Les:] The point being made here is that when MPLS is in use the destinations affected by inappropriate/malicious use of a label cannot be directly identified as in the case of IP/IPv6 forwarding entries - they require further investigation to determine. But the result is the same - traffic is misrouted. > The next paragraph, “Existing security extensions … [RFC5304] and [RFC5310] > apply …” states that [RFC5304] and [RFC5310] also apply. What does apply > mean > here – should they be used? Do they mitigate what’s described in the > previous > paragraph? [Les:] The two paragraphs are not directly related. RFC5304/RFC5310 define the use of MD5/Cryptographic authentication for IS-IS. Use of these extensions is prudent to protect all IS-IS advertisements. Referencing these RFCs is standard content for the Security section of almost any IS-IS extension. Les > > > -- > COMMENT: > -- > > Section 2.3. Typo. s/advertsied/advertised/ > > > ___ > Lsr mailing list > Lsr@ietf.org > https://www.ietf.org/mailman/listinfo/lsr ___ Lsr mailing list Lsr@ietf.org https://www.ietf.org/mailman/listinfo/lsr
[Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing-extensions-24: (with DISCUSS and COMMENT)
Roman Danyliw has entered the following ballot position for draft-ietf-isis-segment-routing-extensions-24: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-isis-segment-routing-extensions/ -- DISCUSS: -- I need a bit of help understanding how to read the Security Considerations text – threats are identified but how they are mitigated seems implicit. The text, “In general the same types of attacks … However, the latter will be more difficult to detect …”, alludes to a similar threat without a reference and seems to suggest it will be worse in the deployed environment of this extension. The next paragraph, “Existing security extensions … [RFC5304] and [RFC5310] apply …” states that [RFC5304] and [RFC5310] also apply. What does apply mean here – should they be used? Do they mitigate what’s described in the previous paragraph? -- COMMENT: -- Section 2.3. Typo. s/advertsied/advertised/ ___ Lsr mailing list Lsr@ietf.org https://www.ietf.org/mailman/listinfo/lsr
