Re: [GROW] Alvaro Retana's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
Camilo Cardona <juancamilo.cardona@imdea.org> Tue, 15 September 2015 12:41 UTC
Return-Path: <juancamilo.cardona@imdea.org>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E73B1B2B8A; Tue, 15 Sep 2015 05:41:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M6reGtO08bqk; Tue, 15 Sep 2015 05:41:08 -0700 (PDT)
Received: from estafeta21.imdea.org (maquina46.madrimasd.org [193.145.15.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECF5F1ACDCF; Tue, 15 Sep 2015 05:41:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by estafeta21.imdea.org (imdea mail daemon) with ESMTP id B65FE1B946A; Tue, 15 Sep 2015 14:37:32 +0200 (CEST)
X-Virus-Scanned: by antispam-antivirus system at imdea.org
Received: from estafeta21.imdea.org ([127.0.0.1]) by localhost (estafeta21.imdea.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a1rwhmysBSWy; Tue, 15 Sep 2015 14:37:32 +0200 (CEST)
Received: from [172.16.4.198] (unknown [193.145.14.94]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: juancamilo.cardona) by estafeta21.imdea.org (imdea mail daemon) with ESMTPSA id 1A24E1B9469; Tue, 15 Sep 2015 14:37:32 +0200 (CEST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Camilo Cardona <juancamilo.cardona@imdea.org>
In-Reply-To: <D21D8361.D02AE%aretana@cisco.com>
Date: Tue, 15 Sep 2015 14:41:05 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <45222C63-19C8-4478-89E6-9A49C9CEC529@imdea.org>
References: <20150818200348.20146.83912.idtracker@ietfa.amsl.com> <FF194D71-98B3-4F7F-A271-C177617CA4DC@imdea.org> <D21D8361.D02AE%aretana@cisco.com>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/grow/B4cTSxezYf0Z9nsAcj94gDhQLhU>
Cc: "grow-chairs@ietf.org" <grow-chairs@ietf.org>, "grow@ietf.org grow@ietf.org" <grow@ietf.org>, "draft-ietf-grow-filtering-threats.ad@ietf.org" <draft-ietf-grow-filtering-threats.ad@ietf.org>, "draft-ietf-grow-filtering-threats@ietf.org" <draft-ietf-grow-filtering-threats@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-grow-filtering-threats.shepherd@ietf.org" <draft-ietf-grow-filtering-threats.shepherd@ietf.org>
Subject: Re: [GROW] Alvaro Retana's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2015 12:41:10 -0000
Hi Alvaro, It becomes a security problem when an AS uses any of the techniques to willingly affect another one. However, as Joel mentioned, we removed any type of reference to security, as operators use these almost never for this purpose. At one point, we even removed the security considerations, but we were advised to add it again as a warning to cover that cornercase. I understand your point. As this is becoming a loop, I will take the advise of the chairs and the AD of what to do.. Camilo > On 15 Sep 2015, at 14:24, Alvaro Retana (aretana) <aretana@cisco.com> wrote: > > On 9/15/15, 7:48 AM, "Camilo Cardona" <juancamilo.cardona@imdea.org> wrote: > > Camilo: > > Hi! > >>> ---------------------------------------------------------------------- >>> COMMENT: >>> ---------------------------------------------------------------------- >>> I have a non-blocking comment related to the characterization of the >>> unexpected traffic flows (and a nit). >>> Section 6. (Security Considerations) Throughout the document the >>> unexpected traffic flows were characterized as potential policy >>> violations, not as routing security issues as is done here. I know that >>> the text has gone around the point of malicious intent (or not) before, >>> but I think that if you¹re going to mention that it could be a "potential >>> routing security issue², then you should say something more about it >>> (even if it is the result of non-malicious intent) ‹ or just leave it at >>> policy violations. >> >> <JCC> The security section indeed mentions that the objective of the >> document is security, however, we stopped focusing on that aspect at an >> earlier version. We¹ll correct that part to something along the next >> lines: >> >> OLD: The objective of this document is to inform on this potential >> routing security issue, and analyze ways for operators to defend against >> them. >> NEW: The document informed on the potential routing security issue, and >> analyzed ways for operators to defend against them. > > That does not solve the point I was trying to make. > > The point is this: this (the sentence above) is the only place in the > draft where an unexpected traffic flow is characterized as a ³potential > routing security issue². If you¹re going to characterize it that way, > then I think you should explain more: why is is a security issue, what is > the effect, what can be done to avoid it, etc. > > You mention that the security focus is no more; that¹s in line with what > Joel wrote (in the thread related to Kathleen¹s comments: > > On 9/1/15, 12:11 PM, "iesg on behalf of joel jaeggli" > <iesg-bounces@ietf.org on behalf of joelja@bogus.com> wrote: > >> We worked pretty hard to keep both the attack terminology out of the >> document and to keep the focus on the non-malicious action of ordinary >> actors. I think it's better that we don't lump that in with malicious >> action of varying varieties. > > I fully agree! You can make the decision, but if it was me, I would just > take the sentence out. > > Thanks! > > Alvaro. >
- [GROW] Alvaro Retana's No Objection on draft-ietf… Alvaro Retana
- Re: [GROW] Alvaro Retana's No Objection on draft-… Camilo Cardona
- Re: [GROW] Alvaro Retana's No Objection on draft-… Alvaro Retana (aretana)
- Re: [GROW] Alvaro Retana's No Objection on draft-… Camilo Cardona