Re: [i2rs] Kathleen Moriarty's Discuss on draft-ietf-i2rs-protocol-security-requirements-07: (with DISCUSS and COMMENT)

"Susan Hares" <shares@ndzh.com> Thu, 18 August 2016 12:08 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1107712DA32; Thu, 18 Aug 2016 05:08:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.738
X-Spam-Level: *
X-Spam-Status: No, score=1.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, RDNS_NONE=0.793] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MlxPfxpxX4j2; Thu, 18 Aug 2016 05:08:29 -0700 (PDT)
Received: from hickoryhill-consulting.com (unknown [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8495D12D9DE; Thu, 18 Aug 2016 05:08:27 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.167.170;
From: "Susan Hares" <shares@ndzh.com>
To: "'Juergen Schoenwaelder'" <j.schoenwaelder@jacobs-university.de>
References: <147146974235.23784.4389421535496134619.idtracker@ietfa.amsl.com> <013b01d1f8ee$31fa09b0$95ee1d10$@ndzh.com> <20160818073203.GA4338@elstar.local>
In-Reply-To: <20160818073203.GA4338@elstar.local>
Date: Thu, 18 Aug 2016 08:07:18 -0400
Message-ID: <04b501d1f949$116c63e0$34452ba0$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIa7Lz6VgZw6h2A0uGNzOgAA2Ic8QJ/RF5yARxv/cqfn9jgUA==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/Ph0-xvtxDBkL_6dziCzm3UzkNgM>
Cc: i2rs@ietf.org, i2rs-chairs@ietf.org, 'Kathleen Moriarty' <Kathleen.Moriarty.ietf@gmail.com>, 'The IESG' <iesg@ietf.org>, jhaas@pfrc.org, draft-ietf-i2rs-protocol-security-requirements@ietf.org
Subject: Re: [i2rs] Kathleen Moriarty's Discuss on draft-ietf-i2rs-protocol-security-requirements-07: (with DISCUSS and COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 12:08:31 -0000

Juergen: 

My example is the looking glass servers for the BGP route views project
(http://www.routeviews.org/) or a route indicating the presence of a
web-server that is public.   For the BGP I2RS route, a yang model could
replace the looking glass function, and provide events for these looking
glass functions.    For the web-server route,  an event be sent when that
one route is added.  

Sue 


-----Original Message-----
From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de] 
Sent: Thursday, August 18, 2016 3:32 AM
To: Susan Hares
Cc: 'Kathleen Moriarty'; 'The IESG'; jhaas@pfrc.org; i2rs@ietf.org;
i2rs-chairs@ietf.org;
draft-ietf-i2rs-protocol-security-requirements@ietf.org
Subject: Re: [i2rs] Kathleen Moriarty's Discuss on
draft-ietf-i2rs-protocol-security-requirements-07: (with DISCUSS and
COMMENT)

On Wed, Aug 17, 2016 at 09:16:48PM -0400, Susan Hares wrote:
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> > Section 3: 
> > Can you clarify the second to last sentence?  Do you mean there are
sections that indicate an insecure transport should be used?
> >   I2RS allows the use of an
> >  insecure transport for portions of data models that clearly 
> > indicate  insecure transport.
> 
> >  Perhaps:
> >  I2RS allows the use of an
> >  insecure transport for portions of data models that clearly 
> > indicate the use of an  insecure transport.

I still wonder how a data model writer can reasonably decide whether a piece
of information can be shipped safely over an insecure transport since this
decision often depends on the specifics of a deployment situation.

/js

PS: I hope we do not end up with defining data multiple times (once
    for insecure transport and once for secured transports).

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>