Hi Les, Robert and Alvaro, Thanks for Les' proposed text. I'll update it accordingly. B.R. Bing > -----Original Message----- > From: Robert Sparks [mailto:rjsparks@xxxxxxxxxxx] > Sent: Tuesday, April 11, 2017 1:36 AM > To: Alvaro Retana (aretana); Les Ginsberg (ginsberg); Liubing (Leo); > gen-art@xxxxxxxx > Cc: draft-ietf-isis-auto-conf.all@xxxxxxxx; ietf@xxxxxxxx; isis-wg@xxxxxxxx > Subject: Re: Genart last call review of draft-ietf-isis-auto-conf-04 > > +1 > > > On 4/10/17 1:32 PM, Alvaro Retana (aretana) wrote: > > Works for me! > > > > Thanks! > > > > Alvaro. > > > > > > > > > > > > On 4/10/17, 10:34 AM, "Les Ginsberg (ginsberg)" <ginsberg@xxxxxxxxx> > wrote: > > > > Bing/Robert/Alvaro - > > > > Here is the existing text of the Security Section: > > > > "In general, the use of authentication is incompatible with auto- > > configuration as it requires some manual configuration. > > > > For wired deployment, the wired connection itself could be > considered > > as an implicit authentication in that unwanted routers are usually > > not able to connect (i.e. there is some kind of physical security in > > place preventing the connection of rogue devices); for wireless > > deployment, the authentication could be achieved at the lower > > wireless link layer." > > > > > > Proposed revision: > > > > "In the absence of cryptographic authentication it is possible for an > > attacker to inject a PDU falsely indicating there is a duplicate > > system-id. This may trigger automatic restart of the protocol using the > duplicate-id resolution procedures defined in this document. > > > > Note that the use of authentication is incompatible with auto- > > configuration as it requires some manual configuration. > > > > For wired deployment, the wired connection itself could be > considered > > as an implicit authentication in that unwanted routers are usually > > not able to connect (i.e. there is some kind of physical security in > > place preventing the connection of rogue devices); for wireless > > deployment, the authentication could be achieved at the lower > > wireless link layer." > > > > ??? > > > > > > > >