Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-gshut-12: (with COMMENT)

<bruno.decraene@orange.com> Fri, 15 December 2017 09:29 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F94F127B60; Fri, 15 Dec 2017 01:29:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CSitWimxHe8U; Fri, 15 Dec 2017 01:29:26 -0800 (PST)
Received: from orange.com (mta134.mail.business.static.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48091127599; Fri, 15 Dec 2017 01:29:26 -0800 (PST)
Received: from opfednr07.francetelecom.fr (unknown [xx.xx.xx.71]) by opfednr20.francetelecom.fr (ESMTP service) with ESMTP id D6CBE408EE; Fri, 15 Dec 2017 10:29:24 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.17]) by opfednr07.francetelecom.fr (ESMTP service) with ESMTP id 9F5CD1C0067; Fri, 15 Dec 2017 10:29:24 +0100 (CET)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM24.corporate.adroot.infra.ftgroup ([fe80::a1e6:3e6a:1f68:5f7e%18]) with mapi id 14.03.0361.001; Fri, 15 Dec 2017 10:29:24 +0100
From: bruno.decraene@orange.com
To: "Smith, Donald" <Donald.Smith@CenturyLink.com>, Job Snijders <job@ntt.net>
CC: "grow-chairs@ietf.org" <grow-chairs@ietf.org>, Ben Campbell <ben@nostrum.com>, "draft-ietf-grow-bgp-gshut@ietf.org" <draft-ietf-grow-bgp-gshut@ietf.org>, "grow@ietf.org" <grow@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-gshut-12: (with COMMENT)
Thread-Index: AQHTdJP90cSHHsziR0WKcqR14+JgtqNC5XiwgABXlIqAAAS3gIAA4J+A
Date: Fri, 15 Dec 2017 09:29:23 +0000
Message-ID: <25199_1513330164_5A3395F4_25199_77_1_53C29892C857584299CBF5D05346208A4792253E@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <151322570465.6210.17202569330170241275.idtracker@ietfa.amsl.com> <15461_1513262548_5A328DD4_15461_64_1_53C29892C857584299CBF5D05346208A47920D36@OPEXCLILM21.corporate.adroot.infra.ftgroup> <68EFACB32CF4464298EA2779B058889D53D3936E@PDDCWMBXEX503.ctl.intranet> <5142_1513274623_5A32BCFF_5142_246_1_53C29892C857584299CBF5D05346208A4792151C@OPEXCLILM21.corporate.adroot.infra.ftgroup>, <20171214193819.GS95845@vurt.meerval.net> <68EFACB32CF4464298EA2779B058889D53D3961F@PDDCWMBXEX503.ctl.intranet>
In-Reply-To: <68EFACB32CF4464298EA2779B058889D53D3961F@PDDCWMBXEX503.ctl.intranet>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/fw2_WVSsEy1KAUgszhxfc5rHrTU>
Subject: Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-gshut-12: (with COMMENT)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Dec 2017 09:29:29 -0000


> From: Smith, Donald [mailto:Donald.Smith@CenturyLink.com]
> 
 > 
 > if (initial_ttl!=255) then (rfc5082_compliant==0)
 > Donald.Smith@centurylink.com
 > 
 > >       ________________________________________
 > >       From: Job Snijders [job@ntt.net]
 > >       Sent: Thursday, December 14, 2017 12:38 PM
 > >       To: bruno.decraene@orange.com
 > >       Cc: Smith, Donald; grow-chairs@ietf.org; Ben Campbell; draft-ietf-grow-bgp-gshut@ietf.org;
 > grow@ietf.org; The IESG
 > >       Subject: Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-gshut-12: (with
 > COMMENT)
 > >
 > >       On Thu, Dec 14, 2017 at 06:03:42PM +0000, bruno.decraene@orange.com wrote:
 > >       > > From: Smith, Donald [mailto:Donald.Smith@CenturyLink.com]
 > >       >  > Sent: Thursday, December 14, 2017 6:13 PM
 > >       > >
 > >       >  > I don't see anything around MD5/TCPAO authentication.
 > >       >
 > >       > This is correct, but this is really not specific to this document and
 > >       > the comment would apply to any information sent over BGP session, and
 > >       > probably to most of IDR document extending the protocol with
 > >       > additional field or usage.  If there is a need to discuss this all
 > >       > IETF document related to BGP, we can indeed add some text. Would the
 > >       > following text be ok with you?
 > >       >
 > >       > "This document does not change any underlying security issues
 > >       > associated with any other BGP Communities mechanism.  Unless a
 > >       > transport that provides integrity is used for the BGP session, the
 > >       > GRACEFUL_SHUTDOWN community may be added or removed by a man in the
 > >       > middle. However, the harm would be lower than adding or removing an
 > >       > NLRI, or adding a NO_EXPORT or NO_ADVERTISE community. Hence this does
 > >       > not constitute a new attack vector. Protection of the TCP session used
 > >       > by BGP is discussed in section 5.1 of RFC 7454,  security section of
 > >       > [RFC4271] and [RFC4272]."
 > >
 > >       I think the above is mostly good, but can be trimmed a little bit. The
 > >       following is on point and covers aspects relevant to GRACEFUL_SHUTDOWN.
 > >
 > >           "This document does not change any underlying security issues
 > >           associated with any other BGP Communities mechanism. Unless a
 > >           transport that provides integrity is used for the BGP session, the
 > >           GRACEFUL_SHUTDOWN community may be added or removed by a man in the
 > >           middle."

OK.
Personally, I feel that the precision that this does not constitute a new attack vector was useful, but I can live without; at least while waiting for the security review. 

 > >       Kind regards,
 > >
 > >       Job
 > 
 > Since in theory you could do this blindly (tcp slipping in the window), I would remove the MITM
 > and say by "unauthorized 3rd parties" or something like that.

Ok.
 
 > Otherwise this is better than putting all the other security recommendations from other rfcs [4271,
 > 4272] so I support referencing them instead.
 
Sorry, I'm not sure to follow. Are you fine with the text proposed by Job or would you prefer adding references to the RFCs (i.e.  section 5.1 of RFC 7454,  security section of [RFC4271] and [RFC4272].)

As draft -12 has just been IETF Last Called (again), in order to not create a mess, I'll wait for the end of the last call before uploading a -13.

Thanks
--Bruno
 
 > 
 > This communication is the property of CenturyLink and may contain confidential or privileged
 > information. Unauthorized use of this communication is strictly prohibited and may be unlawful.
 > If you have received this communication in error, please immediately notify the sender by reply e-
 > mail and destroy all copies of the communication and any attachments.
 > 


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.