Re: [GROW] Eric Rescorla's No Objection on draft-ietf-grow-bgp-reject-08: (with COMMENT)
Eric Rescorla <ekr@rtfm.com> Thu, 08 June 2017 02:36 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81D7312957C for <grow@ietfa.amsl.com>; Wed, 7 Jun 2017 19:36:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HnYJgbDphXgk for <grow@ietfa.amsl.com>; Wed, 7 Jun 2017 19:36:34 -0700 (PDT)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEF9812960D for <grow@ietf.org>; Wed, 7 Jun 2017 19:36:23 -0700 (PDT)
Received: by mail-yb0-x22c.google.com with SMTP id 202so6816490ybd.0 for <grow@ietf.org>; Wed, 07 Jun 2017 19:36:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=j9lArGCLx1F1bqJ3ZuE2uSV30nUDPbIDld8H3w02N74=; b=VicTx4bmDMF7t3W6ysjrgzm0CPdfqNxTuro2O7JiXjKLrUteZ59yL5VRBXV9tBsmRo 3StvVfZkPAfRMCRdGg/wpfgO/CUbg4kBzS+iM6H05tU6CCl6h2X47BX7u/FnEKDJAgwi xUwxeEb+LW8zEccpz5utZAmNFsfClAJfczrSiaJcILovlKgTfdY5YyxBxRqTRBXb4add Vw4Vg6f+3oCQBulzh967hDIw0BAx3cwQEBlPDH6678rzZ+hw967jZHBnI3/7BfBTZXQg YzjA3kctB8D3Up3qiDhljMfXVofeZv69sLQaU9AH48MIQ0dUMF/us3FJGQljbzAGfiW7 awcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=j9lArGCLx1F1bqJ3ZuE2uSV30nUDPbIDld8H3w02N74=; b=dsWGhLPK2qWsDLmcquEluiGw8rwhENR5zG7+41CuNQ87Qphm/Sv9Hyb+WtX7AKiRWK o3lgwR0o0Q6/zVKCbkxI37r5RODjvR2jgiV03bYvA/c0ySANg6S9MNhCnysnhqAFnH8F hYX/Sm4p9sL747TXqb+yKHBf19MMmnVXdVvMxO9o7jVi7KnnW1O5MzFBF33dyY8vXvLt EZSTWTE1wwV95GjXBo+/DeCfyFKWoAyMZaDmPzwsPAB/C8S1ZKT7l/UL3mtM6ltx0dpX BveEoBPI/oyhU78KmOmH9wEIGh0WoEGvsQGBTvNkxflKHW9gwb3Q70xfdfLi1WjvWWX1 Qh5g==
X-Gm-Message-State: AODbwcCpuRqt/F7rl19Vuf4oQOClUZfgoFes3KtN/ORKkIolnQ+ZJ3NE OW1oI6wEu75I6tCJlL3pNt+AKxphNw20Cz9FqQ==
X-Received: by 10.37.83.65 with SMTP id h62mr9030019ybb.92.1496889382919; Wed, 07 Jun 2017 19:36:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.4 with HTTP; Wed, 7 Jun 2017 19:35:42 -0700 (PDT)
In-Reply-To: <CACWOCC-_hzfVjP+J1fk0jwMLPV+JN3EFnvAuod2ntou+AwPNYw@mail.gmail.com>
References: <149677140103.3863.5658765780389706738.idtracker@ietfa.amsl.com> <20170607233451.v6qtyxoxo364vowy@dhcp-222-168.meetings.nanog.org> <CABcZeBPtY6VeoR-iwv2E7pLTc-hYWun9sVnjimCz0+aHWgwNTw@mail.gmail.com> <CACWOCC-_hzfVjP+J1fk0jwMLPV+JN3EFnvAuod2ntou+AwPNYw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 08 Jun 2017 04:35:42 +0200
Message-ID: <CABcZeBNdUQu18bi3Ww0Ve_N6KY2XAy15V+we-CwBfrPU-zoN+w@mail.gmail.com>
To: Job Snijders <job@ntt.net>
Cc: Alvaro Retana <aretana@cisco.com>, Christopher Morrow <christopher.morrow@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-grow-bgp-reject@ietf.org, grow@ietf.org, grow-chairs@ietf.org
Content-Type: multipart/alternative; boundary="001a113e6450effae2055169b7ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/eXAavT5JeE3-Wu66EkRorfdRc_8>
Subject: Re: [GROW] Eric Rescorla's No Objection on draft-ietf-grow-bgp-reject-08: (with COMMENT)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2017 02:36:35 -0000
Perhaps An implementer could leverage an approach described as "the N+1 and N+2 release strategy". In release N+1, the implementer introduces a new configuration parameter to configure "egbp insecure-mode". Upon installation of release N+1, if the value is not configured, an "insecure" value will be automatically generated and saved to the configuration, and an implementer could begin to display informational warnings to the operator that certain parts of the configuration are incomplete. Thus, In release N+1, operators of the BGP implementation become aware that a configurable value exists in the implementation, and can prepare accordingly. In release N+2 or later, the default value becomes "secure". As a result, any new installation of release N+2 will adhere to this document. Installations upgraded from version release N+1 will adhere to the previous insecure behavior, if no modification was made to the "ebgp insecure-mode" configuration parameter. Note that versions upgraded directly from N to N+2 will change their behavior from "insecure" to "secure". On Thu, Jun 8, 2017 at 4:13 AM, Job Snijders <job@ntt.net> wrote: > > On Wed, 7 Jun 2017 at 19:06, Eric Rescorla <ekr@rtfm.com> wrote: > >> On Thu, Jun 8, 2017 at 1:34 AM, Job Snijders <job@ntt.net> wrote: >> >>> Hi Eric, >>> >>> On Tue, Jun 06, 2017 at 10:50:01AM -0700, Eric Rescorla wrote: >>> > ---------------------------------------------------------------------- >>> > COMMENT: >>> > ---------------------------------------------------------------------- >>> > >>> > I am having a little trouble reading Appendix A. >>> > >>> > If I understand correctly, the idea is: >>> > >>> > - In version N, you have a behavior X >>> > - In version N+1, you introduce a setting S with default value S=X >>> > - In version N+2 you change the default to S=!X >>> > >>> > However, the text says that "installations upgraded from release N+1 >>> > will adhere to the previous insecure behavior" >>> > >>> > Do you need to say that in N+1, you save the value S=X so that in N+1, >>> > it continues to apply? >>> >>> If in N+1 you save S=X, then in N+2, if S is defined as X, behaviour X >>> will apply. >> >> >> Well, yes. >> >> >> >>> If S is not defined, or defined otherwise (like with a fresh >>> install, not an upgrade), you will have !X behaviour. >>> >> >> Yes. >> >> My question is whether in the N+1/N+2 paradigm you are proposing that in >> N+1 you save S=X. >> > > > Yes. > > Do you have a proposed sentence that should be added if this isn't clear? > > Kind regards, > > Job >
- [GROW] Eric Rescorla's No Objection on draft-ietf… Eric Rescorla
- Re: [GROW] Eric Rescorla's No Objection on draft-… Job Snijders
- Re: [GROW] Eric Rescorla's No Objection on draft-… Eric Rescorla
- Re: [GROW] Eric Rescorla's No Objection on draft-… Job Snijders
- Re: [GROW] Eric Rescorla's No Objection on draft-… Eric Rescorla