Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-gshut-12: (with COMMENT)
Job Snijders <job@ntt.net> Thu, 14 December 2017 19:38 UTC
Return-Path: <job@instituut.net>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD8B7129464 for <grow@ietfa.amsl.com>; Thu, 14 Dec 2017 11:38:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NnucmcQdLlOg for <grow@ietfa.amsl.com>; Thu, 14 Dec 2017 11:38:25 -0800 (PST)
Received: from mail-wm0-f49.google.com (mail-wm0-f49.google.com [74.125.82.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BB15124D6C for <grow@ietf.org>; Thu, 14 Dec 2017 11:38:23 -0800 (PST)
Received: by mail-wm0-f49.google.com with SMTP id f9so13657087wmh.0 for <grow@ietf.org>; Thu, 14 Dec 2017 11:38:23 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=t700b2a8tIzt9atSxj6SrHBXiA3o+97vpaR2fmK5WCE=; b=QbbBRIAWTCHsmBzB14xHj4VkkQFcZEyjobX7ISFFA5or5TlcyBEozQ2/AfpUAz6oOx ea6w54lkcsxH36fBfFxsqI+tBnM2/kMjcYNkpicmZ2JsRFvQ3seBD6NI8qhkSxd30FFm Q7zQj4YU3UCwMnAc2k449H8fhl2dxSgGCy0c3R1No1dtN7hYE2aW+dvoIHML0nAQBGpa edyE5/MbhvBfS0Pff0vwc8JlLlmydQWFfaOsZZVpvux5YublwZDpfcKf9WIRRS2RCOnh KsC/merZVh1fV6yiypwNma3UWA3SqxDURam0AQX1abHAJO96DQ1GNx+FuPNImnB+m4Cp pKHA==
X-Gm-Message-State: AKGB3mL8qc4T9DpmK2nD1+l92nFRtM2uzIA577K89HHgs23SuVimaf9V 4CzUQqMFgCLXv5XRltCAi47yVPoPf1I=
X-Google-Smtp-Source: ACJfBou/5SnDHw/CB6VFxeD71ZNZuGQK3GzbcvWXjQpWRkAY82DqLrZ6JPfwyPNIWgf3Mi0NlLPW5Q==
X-Received: by 10.80.240.200 with SMTP id a8mr13801884edm.288.1513280301669; Thu, 14 Dec 2017 11:38:21 -0800 (PST)
Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id r8sm3712335edm.22.2017.12.14.11.38.19 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 14 Dec 2017 11:38:20 -0800 (PST)
Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id 2fc55896; Thu, 14 Dec 2017 19:38:19 +0000 (UTC)
Date: Thu, 14 Dec 2017 19:38:19 +0000
From: Job Snijders <job@ntt.net>
To: bruno.decraene@orange.com
Cc: "Smith, Donald" <Donald.Smith@CenturyLink.com>, "grow-chairs@ietf.org" <grow-chairs@ietf.org>, Ben Campbell <ben@nostrum.com>, "draft-ietf-grow-bgp-gshut@ietf.org" <draft-ietf-grow-bgp-gshut@ietf.org>, "grow@ietf.org" <grow@ietf.org>, The IESG <iesg@ietf.org>
Message-ID: <20171214193819.GS95845@vurt.meerval.net>
References: <151322570465.6210.17202569330170241275.idtracker@ietfa.amsl.com> <15461_1513262548_5A328DD4_15461_64_1_53C29892C857584299CBF5D05346208A47920D36@OPEXCLILM21.corporate.adroot.infra.ftgroup> <68EFACB32CF4464298EA2779B058889D53D3936E@PDDCWMBXEX503.ctl.intranet> <5142_1513274623_5A32BCFF_5142_246_1_53C29892C857584299CBF5D05346208A4792151C@OPEXCLILM21.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5142_1513274623_5A32BCFF_5142_246_1_53C29892C857584299CBF5D05346208A4792151C@OPEXCLILM21.corporate.adroot.infra.ftgroup>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.9.1 (2017-09-22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/7UPzm7a6GYW-nsw2fDfC65sePQU>
Subject: Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-gshut-12: (with COMMENT)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2017 19:38:27 -0000
On Thu, Dec 14, 2017 at 06:03:42PM +0000, bruno.decraene@orange.com wrote: > > From: Smith, Donald [mailto:Donald.Smith@CenturyLink.com] > > Sent: Thursday, December 14, 2017 6:13 PM > > > > I don't see anything around MD5/TCPAO authentication. > > This is correct, but this is really not specific to this document and > the comment would apply to any information sent over BGP session, and > probably to most of IDR document extending the protocol with > additional field or usage. If there is a need to discuss this all > IETF document related to BGP, we can indeed add some text. Would the > following text be ok with you? > > "This document does not change any underlying security issues > associated with any other BGP Communities mechanism. Unless a > transport that provides integrity is used for the BGP session, the > GRACEFUL_SHUTDOWN community may be added or removed by a man in the > middle. However, the harm would be lower than adding or removing an > NLRI, or adding a NO_EXPORT or NO_ADVERTISE community. Hence this does > not constitute a new attack vector. Protection of the TCP session used > by BGP is discussed in section 5.1 of RFC 7454, security section of > [RFC4271] and [RFC4272]." I think the above is mostly good, but can be trimmed a little bit. The following is on point and covers aspects relevant to GRACEFUL_SHUTDOWN. "This document does not change any underlying security issues associated with any other BGP Communities mechanism. Unless a transport that provides integrity is used for the BGP session, the GRACEFUL_SHUTDOWN community may be added or removed by a man in the middle." Kind regards, Job
- [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-… Ben Campbell
- Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-… bruno.decraene
- Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-… Smith, Donald
- Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-… Job Snijders
- Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-… bruno.decraene
- Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-… Job Snijders
- Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-… Smith, Donald
- Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-… Smith, Donald
- Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-… Ben Campbell
- Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-… bruno.decraene