Re: [CCAMP] Stephen Farrell's No Objection on draft-ietf-ccamp-wson-signal-compatibility-ospf-15: (with COMMENT)
Leeyoung <leeyoung@huawei.com> Wed, 05 August 2015 14:26 UTC
Return-Path: <leeyoung@huawei.com>
X-Original-To: ccamp@ietfa.amsl.com
Delivered-To: ccamp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 275681ACD60; Wed, 5 Aug 2015 07:26:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.21
X-Spam-Level:
X-Spam-Status: No, score=-3.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLwcho9f_rcy; Wed, 5 Aug 2015 07:26:08 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25D4A1A92AF; Wed, 5 Aug 2015 07:26:07 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BVW93703; Wed, 05 Aug 2015 14:26:04 +0000 (GMT)
Received: from DFWEML703-CHM.china.huawei.com (10.193.5.130) by lhreml402-hub.china.huawei.com (10.201.5.241) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 5 Aug 2015 15:26:02 +0100
Received: from DFWEML706-CHM.china.huawei.com ([10.193.5.225]) by dfweml703-chm ([10.193.5.130]) with mapi id 14.03.0235.001; Wed, 5 Aug 2015 07:25:50 -0700
From: Leeyoung <leeyoung@huawei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's No Objection on draft-ietf-ccamp-wson-signal-compatibility-ospf-15: (with COMMENT)
Thread-Index: AQHQz3S9N0dWsx7SBkOBc4Ow4Y1w2539dLww
Date: Wed, 05 Aug 2015 14:25:49 +0000
Message-ID: <7AEB3D6833318045B4AE71C2C87E8E1729CFBE39@dfweml706-chm>
References: <20150805114849.13625.22352.idtracker@ietfa.amsl.com>
In-Reply-To: <20150805114849.13625.22352.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.117]
Content-Type: multipart/mixed; boundary="_002_7AEB3D6833318045B4AE71C2C87E8E1729CFBE39dfweml706chm_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/ccamp/hPMZQOKGP5t5buHkU_2EGCFd89Q>
Cc: "draft-ietf-ccamp-wson-signal-compatibility-ospf@ietf.org" <draft-ietf-ccamp-wson-signal-compatibility-ospf@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>, "ccamp-chairs@ietf.org" <ccamp-chairs@ietf.org>
Subject: Re: [CCAMP] Stephen Farrell's No Objection on draft-ietf-ccamp-wson-signal-compatibility-ospf-15: (with COMMENT)
X-BeenThere: ccamp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion list for the CCAMP working group <ccamp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ccamp>, <mailto:ccamp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ccamp/>
List-Post: <mailto:ccamp@ietf.org>
List-Help: <mailto:ccamp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ccamp>, <mailto:ccamp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2015 14:26:11 -0000
Hi Stephen, Thanks for your comment. I replied to a similar question from Ben Campbell on security. Please see in the attachment if you have not had chance to read this email thread. The rationale for the sufficiency with [RFC4203] and [RFC3630] was suggested by the following text (which we can add if you like): As with [RFC4203], it specifies the contents of Opaque LSAs in OSPFv2. As Opaque LSAs are not used for Shortest Path First (SPF) computation or normal routing, the extensions specified here have no direct effect on IP routing. Tampering with GMPLS TE LSAs may have an effect on the underlying Transport. [RFC3630] notes that the security mechanisms described in [RFC2328] apply to Opaque LSAs carried in OSPFv2. What do you think? Would this answer your question? Thanks. Young -----Original Message----- From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] Sent: Wednesday, August 05, 2015 6:49 AM To: The IESG Cc: ccamp-chairs@ietf.org; draft-ietf-ccamp-wson-signal-compatibility-ospf@ietf.org; ccamp@ietf.org Subject: Stephen Farrell's No Objection on draft-ietf-ccamp-wson-signal-compatibility-ospf-15: (with COMMENT) Stephen Farrell has entered the following ballot position for draft-ietf-ccamp-wson-signal-compatibility-ospf-15: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ccamp-wson-signal-compatibility-ospf/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I have two (non-blocking) questions... I always get worried when the security considerations says "nothing to see here, move on, but if you must, do feel free to look at <other-rfcs>." That is sometimes a signal that nobody bothered to think about security, but only thought about how to try keep the security ADs quiet:-) Can you re-assure me that in this case, you did think about security? Is there any interesting new way in which abuse of these TLVs (either via direct insertion or else by causing them to be sort-of controlled by sending other traffic) can be used to control how traffic flows in a network so that the attacker can better control or predict through which nodes (or at which wavelengths) some traffic of interest (to the attacker) will flow? I'd say that the answer is probably not, but did you consider it?
--- Begin Message ---Hi Ben, Thanks for providing your good comments and idnits check. Please see inline for my response. Best regards, Young -----Original Message----- From: Ben Campbell [mailto:ben@nostrum.com] Sent: Monday, August 03, 2015 5:44 PM To: The IESG Cc: ccamp-chairs@ietf.org; draft-ietf-ccamp-wson-signal-compatibility-ospf@ietf.org; ccamp@ietf.org Subject: Ben Campbell's No Objection on draft-ietf-ccamp-wson-signal-compatibility-ospf-15: (with COMMENT) Ben Campbell has entered the following ballot position for draft-ietf-ccamp-wson-signal-compatibility-ospf-15: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ccamp-wson-signal-compatibility-ospf/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 5 (security considerations) says: "This document does not introduce any further security issues other than those discussed in [RFC3630], [RFC4203]." While I don’t doubt the statement is true, it would be helpful to show the thought behind it. In this case, the draft adds new data elements to the OSPF TE LSA. Please consider adding a very short discussion on how the security implications of those elements is similar to or different from the previously existing data elements. YOUNG>> As with [RFC4203], it specifies the contents of Opaque LSAs in OSPFv2. As Opaque LSAs are not used for Shortest Path First (SPF) computation or normal routing, the extensions specified here have no direct effect on IP routing. Tampering with GMPLS TE LSAs may have an effect on the underlying Transport. [RFC3630] notes that the security mechanisms described in [RFC2328] apply to Opaque LSAs carried in OSPFv2. If you like, I can add these text in Section 5. Please let me know. Nits: Please expand TE and LSA on first mention. YOUNG>> Yes, TE (Traffic Engineering) and LSA (Link State Advertisement) will be expanded on first mention. idnits thinks the reference to [G.694.1] is not cited in the body. Is the reference needed? YOUNG>> The reference will be removed.--- End Message ---
- [CCAMP] Stephen Farrell's No Objection on draft-i… Stephen Farrell
- Re: [CCAMP] Stephen Farrell's No Objection on dra… Leeyoung
- Re: [CCAMP] Stephen Farrell's No Objection on dra… Stephen Farrell