On 20/12/2010 18:43, Donald Eastlake wrote:
Hi,
On Mon, Dec 20, 2010 at 11:42 AM, Sam Hartman<hartmans-ietf@xxxxxxx> wrote:
"Radia" == Radia Perlman<radiaperlman@xxxxxxxxx> writes:
Radia> No objections. Radia
Can I get someone to confirm that the text in the proposed sentences is
substantially true?
I think so but I'm not an IS-IS expert.
LSPs have sequences number, etc., and are idempotent. I think only
Hellos have the potential replay Denial of Service problem. So I would
suggest changing to:
"Even when the IS-IS
authentication is used, replays of Hello packets can create
denial-of-service conditaions; see RFC 6039 for details. These issues
are similar in scope to those discussed in section 6.2 of
draft-ietf-trill-rbridge-protocol, and the same mitigations may apply."
Thanks,
Donald
... as I recall from discussions with the ISIS WG the changes that were
made to ISIS for TRILL make it more vulnerable to a hello attack than
vanilla ISIS. This I understand is because there is more work to be done
in processing a TRILL hello. Is that correct?
- Stewart
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf