Hi, Les,
On Wed, Dec 5, 2018 at 6:52 PM Les Ginsberg (ginsberg) <ginsberg@xxxxxxxxx> wrote:
Yoshi -
Thanx for taking the time to review.
I can appreciate that this may the first time you have looked at RFC7810 - let alone the bis draft. As a result you have commented on content which is common to the bis draft and the RFC it is modifying (RFC 7810).
While your questions in isolation may be interesting, I believe they are out of scope for the review of the bis draft. What the bis draft is doing is addressing two modest errata - details of which can be found in https://tools.ietf.org/html/draft-ietf-lsr-isis-rfc7810bis-03#appendix-A
Comments on content not related to those changes is out of scope.
If you have an interest in this topic and want to comment on the substance of RFC 7810 and its companion document for OSPF RFC 7471, I encourage you to do so. Note that all of your comments (save the one on Security) are also applicable to RFC 7471 - so any agreed upon modification would need to be made to both documents. But I do not want to even start discussing such changes in the context of reviewing the bis draft changes. I hope you can understand why.
As regards your Security comment, I am not sure I understand what you are suggesting. As IGP info is flooded hop-by-hop, man-in-the-middle attacks have to be able to insert themselves on an IGP enabled link. Use of cryptographic authentication prevents untrusted sources from being accepted - which is the point being made.
I'm just making sure I understand this last point.
The text Yoshi flagged,
"The use of Link State PDU cryptographic authentication allows mitigation
the risk of man-in-
the-middle attack."
is saying "smart people would use Link State PDU cryptographic authentication unless they have a reason to be OK with man-in-the-middle attacks", but there's no normative requirement to use this mitigation technique.
I think that's what Yoshi was asking about.
Is that the intent?
Thanks,
Spencer
p.s. Is there a missing word after "mitigation"?
