Re: [conex] Stephen Farrell's No Objection on draft-ietf-conex-destopt-09: (with COMMENT)

Suresh Krishnan <suresh.krishnan@ericsson.com> Fri, 02 October 2015 04:14 UTC

Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: conex@ietfa.amsl.com
Delivered-To: conex@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11D641ACD26; Thu, 1 Oct 2015 21:14:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CDI1e86HqC88; Thu, 1 Oct 2015 21:14:29 -0700 (PDT)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5891B1A1BEC; Thu, 1 Oct 2015 21:14:29 -0700 (PDT)
X-AuditID: c6180641-f792c6d00000686a-bf-560d98ebbb53
Received: from EUSAAHC005.ericsson.se (Unknown_Domain [147.117.188.87]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id 5C.8E.26730.BE89D065; Thu, 1 Oct 2015 22:34:51 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC005.ericsson.se ([147.117.188.87]) with mapi id 14.03.0248.002; Fri, 2 Oct 2015 00:14:27 -0400
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's No Objection on draft-ietf-conex-destopt-09: (with COMMENT)
Thread-Index: AQHQ+90XGTaaybntuU+HziqlvMWDDQ==
Date: Fri, 2 Oct 2015 04:14:26 +0000
Message-ID: <E87B771635882B4BA20096B589152EF63A979A41@eusaamb107.ericsson.se>
References: <20151001000655.11590.32411.idtracker@ietfa.amsl.com> <E87B771635882B4BA20096B589152EF63A97724C@eusaamb107.ericsson.se> <560CEF4E.5080409@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.11]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrMLMWRmVeSWpSXmKPExsUyuXRPuO7rGbxhBnu3q1ice3iZyeLQtZ+M Fg8fpVu8P/WF3aJ79S92ixl/JjJbTN97jd2B3WNt91U2jyVLfjJ5zDj2kj2AOYrLJiU1J7Ms tUjfLoEr4/PL3cwFb0Urfq99xdzA2C3UxcjJISFgIvG0p4MdwhaTuHBvPRuILSRwlFGibatP FyMXkL2MUWL24zlgCTaghg07PzOB2CICnhIP+06xgBQxC8xnktjacQ2sSFggRqJpQSsjRFGs xLVjB6Ea9CTmTdwNZrMIqEgcPLQLzOYV8JXofXmLGWLbEkaJk6/6wAYxAp30/dQasCJmAXGJ W0/mM0GcKiCxZM95ZghbVOLl43+sELaSxMff89kh6nUkFuz+xAZha0ssW/iaGWKZoMTJmU9Y JjCKzkIydhaSlllIWmYhaVnAyLKKkaO0OLUsN93IcBMjMJaOSbA57mBc8MnyEKMAB6MSD++C Et4wIdbEsuLK3EOM0hwsSuK882bcDxUSSE8sSc1OTS1ILYovKs1JLT7EyMTBKdXAyH6yoz74 U4aAd6Q2e8ojkR/cCh0yXOH7bu4MUZt1om4l727H4Ds1jj2mu+PzZdedO/luUYpY7L4Dx/0f bJxSbrrHNe6YjEH60uWn9L7az/+5wsXVSlV8+5Ery3vrbG657e3brXLvP4OM2WaelbyFsifd CyPL1hbO4VF5PWFDUIfivoSEo/uPKrEUZyQaajEXFScCAC0s0oqGAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/conex/ps8GbsKU2yoJzPMywAzaqN1A6QM>
Cc: "draft-ietf-conex-destopt@ietf.org" <draft-ietf-conex-destopt@ietf.org>, "draft-ietf-conex-destopt.ad@ietf.org" <draft-ietf-conex-destopt.ad@ietf.org>, "conex-chairs@ietf.org" <conex-chairs@ietf.org>, "conex@ietf.org" <conex@ietf.org>
Subject: Re: [conex] Stephen Farrell's No Objection on draft-ietf-conex-destopt-09: (with COMMENT)
X-BeenThere: conex@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Congestion Exposure working group discussion list <conex.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/conex>, <mailto:conex-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/conex/>
List-Post: <mailto:conex@ietf.org>
List-Help: <mailto:conex-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/conex>, <mailto:conex-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2015 04:14:31 -0000

Hi Stephen,

On 10/01/2015 04:31 AM, Stephen Farrell wrote:
>
> Hiya,
>
> On 01/10/15 04:52, Suresh Krishnan wrote:
>> Hi Stephen,
>>     Thanks for your comments. Please find responses inline
>>
>> On 09/30/2015 08:06 PM, Stephen Farrell wrote:
>>> Stephen Farrell has entered the following ballot position for
>>> draft-ietf-conex-destopt-09: No Objection
>>>
>>> When responding, please keep the subject line intact and reply to all
>>> email addresses included in the To and CC lines. (Feel free to cut this
>>> introductory paragraph, however.)
>>>
>>>
>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>> for more information about IESG DISCUSS and COMMENT positions.
>>>
>>>
>>> The document, along with other ballot positions, can be found here:
>>> https://datatracker.ietf.org/doc/draft-ietf-conex-destopt/
>>>
>>>
>>>
>>> ----------------------------------------------------------------------
>>> COMMENT:
>>> ----------------------------------------------------------------------
>>>
>>>
>>> - section 7: "If the transport network cannot be trusted, IPsec
>>> Authentication should be used to ensure integrity of the ConEx
>>> information." Hmm. Transport networks cannot be trusted so the
>>> first condition is always met. That means you are saying IPsec
>>> should be used. I don't see how the key management required is
>>> going to happen and even if it did, would that affect conex
>>> calculations? I'm ok with an experiment on that basis though,
>>> but it'd be better if the real relationship between this and IPsec
>>> were more fully fleshed out somewhere as part of the experiment.
>>
>> I am not sure if the form of key management chosen would affect the
>> conex calculations at all.
>
> My point is that the key management implied here is basically not
> going to happen. That means IPsec will not be used and hence conex
> calculations will need to take into account the potential for routers
> to mess with the CDO.
>
> And I think the text of this would be better if it recognised the
> improbability of IPsec being used in the wild, or else spoke to how
> one could arrange experiments so that use of IPsec is more likely.

Thanks. I think it may unfortunately end up being the former. Once the 
audit text is finalized, I will come back with alternate text for this. 
I will keep track of this issue along with Kathleen's DISCUSS as they 
will probably end up needing the same resolution.

Regards
Suresh