ietf
[Top] [All Lists]

Re: [secdir] Secdir review of draft-ietf-isis-trill

2010-12-20 12:51:18
"Donald" == Donald Eastlake <d3e3e3(_at_)gmail(_dot_)com> writes:

    Donald> Hi,
    Donald> On Mon, Dec 20, 2010 at 11:42 AM, Sam Hartman 
<hartmans-ietf(_at_)mit(_dot_)edu> wrote:
    >>>>>>> "Radia" == Radia Perlman <radiaperlman(_at_)gmail(_dot_)com> writes:
    >> 
    >>    Radia> No objections.  Radia
    >> 
    >> 
    >> Can I get someone to confirm that the text in the proposed
    >> sentences is substantially true?  I think so but I'm not an IS-IS
    >> expert.

    Donald> LSPs have sequences number, etc., and are idempotent. I
    Donald> think only Hellos have the potential replay Denial of
    Donald> Service problem. So I would suggest changing to:

    Donald> "Even when the IS-IS authentication is used, replays of
    Donald> Hello packets can create denial-of-service conditaions; see
    Donald> RFC 6039 for details. These issues are similar in scope to
    Donald> those discussed in section 6.2 of
    Donald> draft-ietf-trill-rbridge-protocol, and the same mitigations
    Donald> may apply."

Based on my understanding your correction is accurate; thanks.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf