Re: [DMM] Stephen Farrell's Discuss on draft-ietf-dmm-hnprenum-06: (with DISCUSS and COMMENT)
"Sri Gundavelli (sgundave)" <sgundave@cisco.com> Thu, 02 March 2017 16:44 UTC
Return-Path: <sgundave@cisco.com>
X-Original-To: dmm@ietfa.amsl.com
Delivered-To: dmm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1E0412956C; Thu, 2 Mar 2017 08:44:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bfLgCQlRhi31; Thu, 2 Mar 2017 08:44:01 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C80C129507; Thu, 2 Mar 2017 08:44:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2438; q=dns/txt; s=iport; t=1488473041; x=1489682641; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=SXhge77AYh8b5XmnQmM98jAxiS+w8NxG2Dw25wRXQzs=; b=Cge5wahLhcJt0F7e9tPCj/5oR0HBgjMGe3tfCK5q5ZUYuZ1jy2ZeVs9A LEeGwHinafMRcF9vSVzSYDuujdfjsiIrhaKpotiLiF4hESQnU0iDPORn+ 4y2D2j2HAd+hFGSgs6441po9J9o+BVx+ombT0dNK3u0HPY7AMOGX2sRp5 Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AVAQB7S7hY/5pdJa1eGQEBAQEBAQEBAQEBBwEBAQEBg1BhgQkHjWCRZ5Mmgg+CDSqFeAKCTT8YAQIBAQEBAQEBYiiEcQEFOj8QAgEIGB4QMiUCBAENBYl6DrQDixcBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYZMhG+EJhEBToUzBYkXkxIBhnSLPYF7hSKDVIYukzYBHzh5CFQVhUOBSHUBh0+BIYENAQEB
X-IronPort-AV: E=Sophos;i="5.35,232,1484006400"; d="scan'208";a="213365732"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Mar 2017 16:43:48 +0000
Received: from XCH-ALN-007.cisco.com (xch-aln-007.cisco.com [173.36.7.17]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v22Ghmcw002120 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 2 Mar 2017 16:43:48 GMT
Received: from xch-aln-008.cisco.com (173.36.7.18) by XCH-ALN-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 2 Mar 2017 10:43:47 -0600
Received: from xch-aln-008.cisco.com ([173.36.7.18]) by XCH-ALN-008.cisco.com ([173.36.7.18]) with mapi id 15.00.1210.000; Thu, 2 Mar 2017 10:43:47 -0600
From: "Sri Gundavelli (sgundave)" <sgundave@cisco.com>
To: Suresh Krishnan <suresh.krishnan@ericsson.com>, "Stephen Farrell (stephen.farrell@cs.tcd.ie)" <stephen.farrell@cs.tcd.ie>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-dmm-hnprenum-06: (with DISCUSS and COMMENT)
Thread-Index: AQHSk3Qplhm3N0PBiUiDu1qsGP43jQ==
Date: Thu, 02 Mar 2017 16:43:47 +0000
Message-ID: <D4DD871A.25F4B8%sgundave@cisco.com>
References: <148827524557.30763.8868773089488417428.idtracker@ietfa.amsl.com> <D3B52B6E-2196-45C2-BF4C-5A6E004421FB@ericsson.com>
In-Reply-To: <D3B52B6E-2196-45C2-BF4C-5A6E004421FB@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.1.161129
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.32.246.215]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <AF0EEE1E8C4E9D44A15EF9352A9DD671@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmm/M5BPFOQM672XaCRGeexaHWx6uig>
Cc: "draft-ietf-dmm-hnprenum@ietf.org" <draft-ietf-dmm-hnprenum@ietf.org>, "dmm-chairs@ietf.org" <dmm-chairs@ietf.org>, The IESG <iesg@ietf.org>, "dmm@ietf.org" <dmm@ietf.org>, "max.ldp@alibaba-inc.com" <max.ldp@alibaba-inc.com>
Subject: Re: [DMM] Stephen Farrell's Discuss on draft-ietf-dmm-hnprenum-06: (with DISCUSS and COMMENT)
X-BeenThere: dmm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Distributed Mobility Management Working Group <dmm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmm>, <mailto:dmm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmm/>
List-Post: <mailto:dmm@ietf.org>
List-Help: <mailto:dmm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmm>, <mailto:dmm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 16:44:03 -0000
The trigger for Prefix Renumbering is through the use of RFC7077 UPN/UPA message with the Notification Reason code of 2 (defined in RFC7077). Technically, the spec is not defining any new messages, or mobility options; its just using what is defined in RFC7077 and with a new behavior on the protocol peer. This automatically enforces RFC5213/RFC7077 security considerations and I do not see a way around. But, for highlighting those rules, either duplicating the text from 5213/7077, or pointing to those sections is fine. Sri On 3/2/17, 7:02 AM, "Suresh Krishnan" <suresh.krishnan@ericsson.com> wrote: >Hi Stephen, > >> On Feb 28, 2017, at 4:47 AM, Stephen Farrell >><stephen.farrell@cs.tcd.ie> wrote: >> >> Stephen Farrell has entered the following ballot position for >> draft-ietf-dmm-hnprenum-06: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to >>https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-dmm-hnprenum/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> >> I think this should be an easy one to resolve: >> >> Section 7 says: "The protection of UPN and UPA >> messages in this document follows [RFC5213] and >> [RFC7077]." I'm not clear if "follows" means the same >> as "MUST be protected using end-to-end security >> association(s) offering integrity and data origin >> authentication" (RFC5213, section 4). I think it ought >> really, as otherwise this could subvert the security >> of PMIPv6. So wouldn't it make sense to be explicit >> that these new messages have the same MUST >> requirements as binding updates. Doing that by >> repeating the quoted text from 5213 would be a fine >> way to do that, but there may be better options. > >I had already read the text as requiring the same requirements as PBUs. I >do not have any objections to adding further clarity. Authors, any >opinions? > >Thanks >Suresh
- [DMM] Stephen Farrell's Discuss on draft-ietf-dmm… Stephen Farrell
- Re: [DMM] Stephen Farrell's Discuss on draft-ietf… Suresh Krishnan
- Re: [DMM] Stephen Farrell's Discuss on draft-ietf… Sri Gundavelli (sgundave)
- Re: [DMM] Stephen Farrell's Discuss on draft-ietf… Stephen Farrell