Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-gshut-12: (with COMMENT)

[<bruno.decraene@orange.com>]

> From: Smith, Donald [mailto:Donald.Smith@CenturyLink.com]
 > Sent: Thursday, December 14, 2017 6:13 PM
> 
 > I don't see anything around MD5/TCPAO authentication.

This is correct, but this is really not specific to this document and the comment would apply to any information sent over BGP session, and probably to most of IDR document extending the protocol with additional field or usage.
If there is a need to discuss this all IETF document related to BGP, we can indeed add some text. Would the following text be ok with you?

"This document does not change any underlying security issues associated with any other BGP Communities mechanism.  Unless a transport that
   provides integrity is used for the BGP session, the GRACEFUL_SHUTDOWN community may be added or removed by a man in the middle. However, the harm would be lower than adding or removing an NLRI, or adding a NO_EXPORT or NO_ADVERTISE community. Hence this does not constitute a new attack vector. Protection of the TCP session used by BGP is discussed in section 5.1 of RFC 7454,  security section of [RFC4271] and [RFC4272]."

Regards,
--Bruno

 > 
 > >From https://tools.ietf.org/html/rfc6198
 > 
 > " Security considerations MUST be addressed by the proposed solutions.
 >    In particular, they SHOULD address the issues of bogus g-shut
 >    messages and how they would affect the network(s), as well as the
 >    impact of hiding a g-shut message so that g-shut is not performed."
 > 
 > I may have missed it somewhere?
 > 
 > 
 > if (initial_ttl!=255) then (rfc5082_compliant==0)
 > Donald.Smith@centurylink.com
 > 
 > ________________________________________
 > From: GROW [grow-bounces@ietf.org] on behalf of bruno.decraene@orange.com
 > [bruno.decraene@orange.com]
 > Sent: Thursday, December 14, 2017 7:42 AM
 > To: Ben Campbell
 > Cc: grow-chairs@ietf.org; draft-ietf-grow-bgp-gshut@ietf.org; grow@ietf.org; The IESG
 > Subject: Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-gshut-12: (with COMMENT)
 > 
 > Ben,
 > 
 > Thanks for your review and comments.
 > More inline. [Bruno]
 > 
 > > From: Ben Campbell [mailto:ben@nostrum.com]
 > >
 >  > Ben Campbell has entered the following ballot position for
 >  > draft-ietf-grow-bgp-gshut-12: Yes
 >  >
 >  > When responding, please keep the subject line intact and reply to all
 >  > email addresses included in the To and CC lines. (Feel free to cut this
 >  > introductory paragraph, however.)
 >  >
 >  >
 >  > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
 >  > for more information about IESG DISCUSS and COMMENT positions.
 >  >
 >  >
 >  > The document, along with other ballot positions, can be found here:
 >  > https://datatracker.ietf.org/doc/draft-ietf-grow-bgp-gshut/
 >  >
 >  >
 >  >
 >  > ----------------------------------------------------------------------
 >  > COMMENT:
 >  > ----------------------------------------------------------------------
 >  >
 >  > I'm balloting "yes" because I think it's important to publish this. But, like
 >  > Alvaro,  I wonder why this is not standards track, BCP, or just about anything
 >  > but informational. So I support his DISCUSS, including his the comments on how
 >  > to resolve it.
 > 
 > [Bruno] Well noted: we now have 3 AD asking for STD track.
 > If you don't mind, to avoid duplication, I'll follow up on Alvaro's email. (in short, STD track is ok for
 > me)
 > 
 >  > -1, last paragraph: This references RFC 8174, but does not use the actual 8174
 >  > boilerplate. Is there a reason not to do so?
 > 
 > [Bruno] My mistake: I had a comment to reference RFC 8174 rather than RFC 2119. I was not
 > aware that this also implied changing the text.
 > My understanding is the following:
 > OLD:
 >          <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
 >          "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
 >          and "OPTIONAL" in this document are to be interpreted as
 >          described in RFC 8174 <xref target="RFC8174"/>.</t>
 > 
 > 
 > NEW
 >         <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
 >       NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
 >       "MAY", and "OPTIONAL" in this document are to be interpreted as
 >       described in [BCP14] <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only
 > when, they
 >       appear in all capitals, as shown here.</t>
 > 
 > 
 > 
 > That being said, the irony is that RFC 8174 does not use an upper case "should":
 > "Authors who follow these guidelines should incorporate this phrase near the beginning of their
 > document:"
 > https://tools.ietf.org/html/rfc8174#section-2
 > 
 > --Bruno
 > 
 > _____________________________________________________________________________
 > ____________________________________________
 > 
 > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou
 > privilegiees et ne doivent donc
 > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par
 > erreur, veuillez le signaler
 > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant
 > susceptibles d'alteration,
 > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 > 
 > This message and its attachments may contain confidential or privileged information that may be
 > protected by law;
 > they should not be distributed, used or copied without authorisation.
 > If you have received this email in error, please notify the sender and delete this message and its
 > attachments.
 > As emails may be altered, Orange is not liable for messages that have been modified, changed or
 > falsified.
 > Thank you.
 > 
 > _______________________________________________
 > GROW mailing list
 > GROW@ietf.org
 > https://www.ietf.org/mailman/listinfo/grow
 > 
 > 
 > This communication is the property of CenturyLink and may contain confidential or privileged
 > information. Unauthorized use of this communication is strictly prohibited and may be unlawful.
 > If you have received this communication in error, please immediately notify the sender by reply e-
 > mail and destroy all copies of the communication and any attachments.
 > 


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.