Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-idr-extended-experimental-00.txt]
Jeffrey Haas <jhaas@pfrc.org> Tue, 01 November 2016 17:31 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E989129508 for <idr@ietfa.amsl.com>; Tue, 1 Nov 2016 10:31:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.913
X-Spam-Level:
X-Spam-Status: No, score=-1.913 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_C=1.486, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w3E_r8xqYoEK for <idr@ietfa.amsl.com>; Tue, 1 Nov 2016 10:31:43 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id CF76C1294AD for <idr@ietf.org>; Tue, 1 Nov 2016 10:31:43 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id E5B121E337; Tue, 1 Nov 2016 13:34:14 -0400 (EDT)
Date: Tue, 01 Nov 2016 13:34:14 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Peter Hessler <phessler@theapt.org>, Jared Mauch <jared@puck.nether.net>
Message-ID: <20161101173414.GA19036@pfrc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <E82AD6A0-8F80-4E75-A4EC-CBE88D5AC289@puck.nether.net> <20161101170414.GD24817@gir.theapt.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/E28Ix2axkn58PjFK1cied9BPQgk>
Cc: idr@ietf.org
Subject: Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-idr-extended-experimental-00.txt]
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 17:31:45 -0000
On Tue, Nov 01, 2016 at 06:04:14PM +0100, Peter Hessler wrote: > if adopted by the WG, I'd be interested in tightening it up a bit more > but that can be handled then. On Tue, Nov 01, 2016 at 01:10:59PM -0400, Jared Mauch wrote: > I’m for adopting this draft as well. > > I would like to clean up the security text, as there is a lot of history behind the section 6 text: Feel free to suggest patches: https://github.com/jhaas-pfrc/extended-experimental > 6. Security Considerations > > This document does not introduce any new security considerations into > the BGP-4 protocol. While the injection of unknown or badly > formatted Optional-Transitive Path Attributes has been and remains an > issue impacting the stability of the Internet, this proposal doesn't > increase exposure to that issue. It is rather expected that this > proposal helps remediate the accidental attack surface that > incremental BGP protocol work exposes to the Internet at large. > - snip - > > I believe it should acknowledge that in the pre-7606 world the handling > was as defined but subsequently considered harmful and with 7606 covers > the risks from this document. Simply put, striking the text after the first > paragraph and saying the handling in 7606 covers the risk SHOULD be > sufficient. Time constraints aside, I thought a bit about this as I was scribbling up a quick security section. I think it might make sense to do some level of brief overview of the issues RFC 7606 addressed in prior sections as part of the motivation of why we need a bit better sandboxing of early work. Section 1 covers this to some extent. However, I'm not sure it belongs in the considerations for this document. -- Jeff
- [Idr] [internet-drafts@ietf.org: I-D Action: draf… Jeffrey Haas
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Jakob Heitz (jheitz)
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Peter Hessler
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Jared Mauch
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Jeffrey Haas
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Nick Hilliard
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … heasley
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Jeffrey Haas
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Jeffrey Haas
- [Idr] New Version Notification for lizhenqiang@chinamobile.com
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Dongjie (Jimmy)
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Jeffrey Haas
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Dongjie (Jimmy)
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Marco Marzetti
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Colin Petrie
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Jeffrey Haas
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … John G. Scudder
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … Jeffrey Haas
- Re: [Idr] [internet-drafts@ietf.org: I-D Action: … John G. Scudder