IETF Logo Mail Archive

Re: [GROW] I-D Action: draft-ietf-grow-bgpopsecupd-01.txt

Martin Pels <mpels@ripe.net> Wed, 28 February 2024 14:33 UTC

Return-Path: <mpels@ripe.net>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7277C14F5F8 for <grow@ietfa.amsl.com>; Wed, 28 Feb 2024 06:33:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id isap1xuPeaVF for <grow@ietfa.amsl.com>; Wed, 28 Feb 2024 06:33:08 -0800 (PST)
Received: from mail-mx-1.ripe.net (mail-mx-1.ripe.net [IPv6:2001:67c:2e8:11::c100:1311]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B889C14F697 for <grow@ietf.org>; Wed, 28 Feb 2024 06:33:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=Content-Type:To:From:Subject:MIME-Version:Date:Message-ID:CC ; bh=jN1S4WPZUDup8gwbDjdfppfz00ouHlRorCvLGJBflKo=; b=R7LH27nOOf868z+enZVKYtwF xxZ8D2dypYCgv0sbQlizFVNqtbljNYAhXHmMMY71YoGQtZem0BvSiUbSjayHecmqnhqozeGLdCQoz hpkCpSPrW4QtL/yxZWAVXUMHyjy6+zyfUWAEGP+3RhGmoV+vO62Is/X12cp/+ruXn+LMKUVtt9mV/ z5e4tU5PJOp9vwWEfIzzkILVMJIhzuSFeO6OhacIJA2CAY10K0kKcWjJQedKQ1WYQyIwLwW/AwOPV Ym0yjtEMOufgx/q8ox5kgGct013B1nQhaq9mKQBez7J5dJ5zxDNiowfSsTjghox+9FfWAVcT/eq3/ HjPttgLfnw==;
Received: from imap-01.ripe.net ([2001:67c:2e8:23::c100:170e]:53304) by mail-mx-1.ripe.net with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <mpels@ripe.net>) id 1rfKza-005HNm-2G for grow@ietf.org; Wed, 28 Feb 2024 14:33:06 +0000
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=[IPV6:2001:67c:2e8:1200::8b4]) by imap-01.ripe.net with esmtp (Exim 4.96.2) (envelope-from <mpels@ripe.net>) id 1rfKza-0014wG-26 for grow@ietf.org; Wed, 28 Feb 2024 14:33:06 +0000
Message-ID: <9ca49b1f-1f40-4db6-b8b4-be1e91e52c0c@ripe.net>
Date: Wed, 28 Feb 2024 15:33:06 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
References: <170626626863.46209.4188888465009101179@ietfa.amsl.com> <3f2f38b66f70e2322ac7fad4924be799cfca0494.camel@fiebig.nl>
From: Martin Pels <mpels@ripe.net>
Autocrypt: addr=mpels@ripe.net; keydata= xsFNBF6pT/ABEAC+FVkHOzFHubxx/e6WOkJ6bCi/QAM1keINFGeN8M/DpRVdoA1Y3zBX5RTW dBXSMQPCIexR0IiYmEiwQh+6qoRIw9eOKxrmBnlM3dzcahG0uKuROoVf/JSIj7lkKFHC4T0f gog1GUYxhEMtMlAL3oiL6+NS7kCgOuupX9+tWJwISOMc4OorjIhmEx3tqEJt8RwBCD15Gtot x2z+YsnIHaJB87SQmI5kl+ofDAm6wZfYAT4hEkpKSuDUOAPq5PJymelnOdZ9L1mRcT+J8Y8f Yq+H64FXlfRDkA8Pg9ZCRy7Xm6bsywSl9ZSXopeoN+SMzB3QIXXyCTsqWtSf6RS/v1mOfQYY 45VuoBKB5zNOwwNH2LqPW5mTWuqnly1z70mHhRztN4FB/7VCxMp+x12SosQ2wACZjIVg3zhQ Dfg/vxZusq1R9beSRz2JRN2kR+wEnFjrZVYbjErts6JVKsGZzjF1ChZrMKVZ7dJt2rhR0Qvg h0+rgR8Hr3QLwm8QmbjLnkVFutSIdwcm81YCfI709mpVemqQWhVI0Ak0CzXnuMQ8pCnt/XPU 4z4CdxbZFpzny0VtIqidOEmL2kLe5b7A4XYxhK3XTX+AWcdiR47JPbBVSM43Tvear3uJJ65r /g75zl7eKN4U87mlnglDUuIRQeHqjlO6cgs4td4xf2RIgvpQkwARAQABzSdNYXJ0aW4gUGVs cyAoUklQRSBOQ0MpIDxtcGVsc0ByaXBlLm5ldD7CwY4EEwEIADgWIQT00zg2p+oRbgj1QPlM NzgNOPC8lwUCXqlP8AIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBMNzgNOPC8l31k D/kBzvdhIuebQ5C5hoMyXnOIvy/SS8XdR+63WSKvx6Ck8Oly7uU7zHUl4anp0nt0emg3Q5fr uzTSf7T4biNK5KNqye3Zf+ahSgIjHXRLhENx3r49BQ3x3nEUSLVjWdh86OZ5sHkAM+Bmrhwg AWQHmzGJUk33O7XAZdrpII73KdJ0N591ZukpVK3E1I9MIvMGASnlnvGbpr0e2qDsiN4lw0Gf xi+YQWKtrAOvWXa3j5b8hGlc+yj6fbQQ/PMv2aJYssx0+pERJFIq+c2vItkeZZDesXYbFd5p HmPsn8rjVokPVijDaJ1AwZZsOqgMSwCNtEH4nwENSEb1/eWO29gbUXXuxCvCXAKsnOfy1A96 iQPXUrR/k587T897PKAx/BJCqDh895LgyHXC3lYjZajzYa1njFk5huBOPPgKqZvu7oPda/M9 gNHoVbb0NfhaRgAGoJuXhUA0+U52Z1uA8obQ0dSlXWgbo0nV+Y1jv2ccXv2buCRs9gsUbcQ7 SC2ouYyBwaoPKEZ8mSIcdXeBElnmToz4PDUInT1fSXsqo4ge9TrLPqACLRh/VnJzgpbjvoBr 1JBBL50tyRGtBQB4yWkC6u6QuzVEMm0mn77Elfd7hG2qvdTaDz3YKmcAjVqo3xeahv4MC+sF Z/yEFLZUtRfu9okkY++uY7rhbPl2BUZdtMvsls7BTQReqU/wARAAyKbpITvB7W9HbmXV30yn OlQoFaovYYObsFSsHbr3MqgmTDUcIf3CN6mwRt1uJ/tVuALVBX8KGd24L4HAbKN+5IDf05wu Owqy4aLE5dIik6OIgSdiKfCK4RLEdTUa4lluAe+nR1Xnhj6VcvBDvaJjRZ/U5kWi6vh+MvUh JlRygFJ849+ga1E/WgJJemgrId6Sm5GWGAHhDujGC+ZP9FdMpjkGl2MMwW9aJA/RoNRenKSz 8R9stCUoEcp+VhRCr8S5Ar7cUcJFT6uIjaV3YEEdRq+eVmpQmDk89SuXusbqsaeu74gs8uW8 p2G7hgy001MOkZffumLN/yO63NCV7AUa+rCciMmi7RoPfdy+EQj/Seg2NRGXnCDU5jUOWC3r KObkH5q0lvu3W/Pp/gJmcD6PeBjm3Vn6RSpx2CICOMdwqd11OOznOjrXYc2jDd4PVyA6rLtB fve/80chn7/20+dUrTBTui02pTxY00mOLCYPRpA+NH0lfvCH9B/GTr1Zt0Ak/gT/+pBlQw4f LrG0x5j1NhlSIYL14KlxJGWboGfB2ipI7t43DHIJ15CszTNRTV9KE97TBFHeogIWI1uIe/da Y5mRTPFpf4NAiYb+P58gSlbizyQkzXUwu+vJZuBrRBBhG94zymdnj3CKjqw4Sq9k9ZX3BdTj TG1pJmXOY3i3QVcAEQEAAcLBdgQYAQgAIBYhBPTTODan6hFuCPVA+Uw3OA048LyXBQJeqU/w AhsMAAoJEEw3OA048LyXLIUP/3FW9hDzFIXvm/IEq8tCWYVYKTD1jZ/oduWrDcnqgrP079TK 7BHhFg6bqu6r3kgQSY1hPCq3ri5L46eQLaMwkukcxkSe6VJSCVWqycdRN2hgZnnrms7Ow518 UNXuLiWoQaRgIE08/cnKXcmJZEnLxTZWAu/AKjSTdqiztdUXlyX1PGqsIWlcaqvIGXNufy1A WNPBz8c4vBSlCEUdlqSBix0vTBGNfsHWBDK622WzSGxB5jNvsHN3rFYDfQzw2cau/SRb64CH kgzamFY2cnJxxXFEx26IDiKLJQBTr/zzls5Up09HnzQf8f9rp47lT+98deGKg8dKK2YzN6Sn qwse7+R/eaeVE37nFhq6qgFfaOpRPz/BjfUib//4EaaDcFzN7tJT1uQ4NnSl2coFtSPZ0uok izHGwcA84tneBjLPTnIYpCZdT5nbpLlVFdmAbm6BgBut1iQ5ldHeTUvXzkKBa3KKV/j1mrIz QAPPq/QgRmb/1h3iGbdri0AMeTn7qAf4WTr71JuDsvziT5ZqFu5N8k48IftR7NXnA01QXy3h Yc4saYN03xUxSDoLXiVwqus8cj2pKtWTLNcHOxspUHZLQJHFaydybBzpLYNJQzdvk2zhOoEL ivK0iSDioTL8fKKkHm1kU/29c27MEWd8M3PXCp5brbQ+XFhDfFsqM52se/Ww
To: "grow@ietf.org" <grow@ietf.org>
In-Reply-To: <3f2f38b66f70e2322ac7fad4924be799cfca0494.camel@fiebig.nl>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-RIPE-Signature: fc1df19b25ee1c96fc5a7d1e6e07e8a1404fbd256b38643eb1e0741cb26beda3
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/3_JudbtbpbeV8qt0DhHqRxzuq20>
Subject: Re: [GROW] I-D Action: draft-ietf-grow-bgpopsecupd-01.txt
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 14:33:11 -0000

Hi,

On 26/01/2024 11:56, Tobias Fiebig wrote:
 > Moin,
 > after just importing the adopted draft last week, I now added all
 > feedback I received since 117 to the document and submitted -01.

Thanks for incorporating my suggestions.

 > [..]
 >
> - Added extended communities to scrubbing, added in/out scrubbing

I'm curious where the recommendation to scrub all inbound and outbound 
extended BGP communities comes from. This advice seems overly strict to me.

 > [..]
 >
> - Added section on behavior at IXPs, incl. not using LOCAL_PREF and
>    honoring GSHUT

As you wrote, not setting a higher LOCAL_PREF for routes received over 
IXPs goes against common business practice. Also, it is not really 
security-related advice. I don't think it belongs in this document.

Kind regards,
Martin

v2.23.0 | Report a Bug | By Email