Reviewer: Watson Ladd Review result: Has Issues Dear all, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of my review is Has Issues. While this document is a pretty concise and well written description of a problem and solution, the securities consideration section is pretty perfunctory. In particular this document seems to assert that the new extensions can only be enabled when all routers support them, and not in a link-by-link manner. If that's the case, then an attacker can enable the new advertisements on a router and cause problems, while the securities consideration section seems to say this is only per application. IS-IS is normally within an adminstrative domain, which does minimize many of the impacts, but the impact of an attacker having access aren't completely solved by authentication, particularly if messages can have effect at large distances. I think the security considerations section needs some revision in light of this, either clarifying that IS-IS must be used within a domain, or more attention paid to thinking about what could go wrong. Sincerely, Watson Ladd -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
