IETF Logo Mail Archive

Re: [Idr] Secdir early review of draft-ietf-idr-bgp-ct-30

Kaliraj Vairavakkalai <kaliraj@juniper.net> Tue, 09 April 2024 02:38 UTC

Return-Path: <kaliraj@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32B0FC14F60B; Mon, 8 Apr 2024 19:38:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.172
X-Spam-Level:
X-Spam-Status: No, score=-2.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.08, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="ca7FW5nA"; dkim=pass (1024-bit key) header.d=juniper.net header.b="PFKCmvQc"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pzB5j1lXpShT; Mon, 8 Apr 2024 19:38:06 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81BC6C14F5FE; Mon, 8 Apr 2024 19:38:06 -0700 (PDT)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 438KvRM9005311; Mon, 8 Apr 2024 19:38:05 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=PPS1017; bh=0ljFZI2ydvaIRuHm+iBMd1 pIUwyAdw8w4v5RVxlhL1o=; b=ca7FW5nAqCMCy0L5IH+lZmKBVe+cMhkgge61CR ejI0qAvCIhPB71vYGcph/T8txDiiCe+SAD1RiQO6EMqUZf5eUX9RgRp4aCnp1JJ1 AVky+7SQhO5cnKFG9ZZlEKeFE3rvQPhuywkU/qBGh4LIKdMqccEnwMsFndkus9QY SR1J0voHdO4OPj0+MNqvDrMLmMRd2j6AG39zVdFBbdVUTNE4vAV2EZqnMwCWa7dQ Gh+Y7oOE7eme9NRIcE6s8g6eYDZTVuljddnSfrDNFI73xUyN6u7D0o5a+1qqyrWk elQEHagXXJCaWaEGOkfidbmH0idH3c63s2bQ4AH+cZic/MuA==
Received: from co1pr03cu002.outbound.protection.outlook.com (mail-westus2azlp17014042.outbound.protection.outlook.com [40.93.10.42]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 3xb5gu4knv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 08 Apr 2024 19:38:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ocs9R86kPubRX8IDqW15W++3fcuazfirVf8ZKhkWm1VXk0w+DGdclL7+u98o09/j5j1brib5MCctATSpk9MXFjaQq8ohwkIdHpJS7KLE/4Eu7rOwhCZnp9cr+VzLrV+7i2rlTlLFqY3Zf0+2W3H+/ft0vXVYB3g945BYLScgDqCFpunbTwpj6tuAwUjvWenVoJ4l/PcCUcZfzGPtDreKhds+K5oiPKOTBotIsBY+4saCL+uWNw7+bZf1khWdR6gCxIq/5BZ5eNG7cvhqOlbz5hqEC3S/wsuhnEIFq+nvSC+X+0siwQrwCBBx1oeuQSFqzN96Eyjw+Rb08ImkVaPKcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0ljFZI2ydvaIRuHm+iBMd1pIUwyAdw8w4v5RVxlhL1o=; b=fXGaN40gp/96OfzJn7x2HvrGxqHmc5uKStBRdehoZTJLzgo2Hb/0uLjwQ55xwrbI5faKXFKBcPolYu9xVHMAiaVDuD08e9rlSRNHKd5FieoVzqi4ZbZczTf2+SR+5OYVUzZMXQt7NOFDOSmxH5uKLiG/ZFUiSltBUx3yqbtgdlYqC+BA9mWHwhgOmR2GElytT3+SIyCw5dd2HmW3nhx31XZqR98uCT2OatF9KFAQJ6gid9Sbb8q01mTt/FAjH229s3fyAlxlWCKJVzPEbDKur1PTofTXvG+EycKgHamkA/xTogEIW1hKvfQcR3D+YQUS35W1I6HjhKhI6OaowQTUmg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0ljFZI2ydvaIRuHm+iBMd1pIUwyAdw8w4v5RVxlhL1o=; b=PFKCmvQcL/lNzOmBq0aaxkH4IUlpPFGMaLKfquXuSuFBY4nIk1x1R/S7UJYbyvMXgGkA8z+suWOSFlb5ZlbOsxC2I2tHTwX/gLIzmQGIodUthEI7Oh4DT9+X9ygyHSQ8yxi+R1Uns2TMQgbwUoBEX3059C1vzuA8EwXVySxDPvA=
Received: from SJ0PR05MB8632.namprd05.prod.outlook.com (2603:10b6:a03:394::12) by DS0PR05MB9966.namprd05.prod.outlook.com (2603:10b6:8:de::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.53; Tue, 9 Apr 2024 02:38:02 +0000
Received: from SJ0PR05MB8632.namprd05.prod.outlook.com ([fe80::6443:5fe8:4bff:5b2a]) by SJ0PR05MB8632.namprd05.prod.outlook.com ([fe80::6443:5fe8:4bff:5b2a%3]) with mapi id 15.20.7409.053; Tue, 9 Apr 2024 02:38:02 +0000
From: Kaliraj Vairavakkalai <kaliraj@juniper.net>
To: Magnus Nyström <magnusn@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-idr-bgp-ct.all@ietf.org" <draft-ietf-idr-bgp-ct.all@ietf.org>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] Secdir early review of draft-ietf-idr-bgp-ct-30
Thread-Index: AQHaiXQNaw235JpktECr2I6DwVpe5bFfOpR0
Date: Tue, 09 Apr 2024 02:38:02 +0000
Message-ID: <SJ0PR05MB8632FDD8A3852BA61687C652A2072@SJ0PR05MB8632.namprd05.prod.outlook.com>
References: <171255343637.3005.42205344596392120@ietfa.amsl.com>
In-Reply-To: <171255343637.3005.42205344596392120@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2024-04-09T02:36:36.7852930Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR05MB8632:EE_|DS0PR05MB9966:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jlbAhISUzz8aYG1QmRadM+Aol4rsanKupwHlPrpdkSQmCUTHayQ7Rwpxv5xb2YWIlZ/hHpvXLzdzoByaxcEGz8D8rjyVrM83vEfuOS8ypLILyxi6k0P2f5BoSAUWDgfm/CWXtMc7KQQSg1bBANmiSoxXe9z+EMvvcmc2+eDuJiDhxKYF+tGmFQvwZ0RglQvuSysbX4yV/4F1ovYdqZju7ndOd04aGqUny3TNmcekuLCE8BbhznqdkmSwEnRtrMqrxf6wYFi1ihcGpGsgAsxIBI3+BeyLzSygJBN1VcFX28SCZ1xL69ofJb4rHacBLTxKrZ+Jn+SjcJiy0jFfWaOMFK/DQ+pIHLnNGF++9R0Iux4KB4e/6UGc5Z0mcf1P8Bih5GE2o8Z+wzcy4ORj8YmEOgjqOi++5yE2mXs35lrsXdOh/b0HCcN+J28UsO/2xqzllpfBAC5RXka/iep0YpKmpD5Dlr6UJmenGwXxnGakgIV/Bi9Xf7+p/eXr7BqTns551JR0Iy/7YtetJUmR5uXMVuxNRawH2wpGGkHFKUPJjL9Hc4Rbu7KBBHQSu2NUH2rAVUohnbNTF1FOZ199cxJO6jCVD8spB7F3RCWcK/5jMWE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR05MB8632.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: fvQ1XgOq1iEAnH0zZUj+4eZUyjavnSZSuFHKxnalejFmB61mIFmQvBtEbEEs7BPvyMWY9iAMCP0IJoV1kEjVSrPYmNIbHTFNOj+k1aNEM3GB4Z9pISeEUcyCFVAwHMb9wYzZRhatLZwqpbY791Dk1zYVhgIUwazvCUJdKKVY1upbKMzZwlSQTstALXNHIm+15guImBE2MFEAzgxkMAmWicw3JxAdC/+i8GrK9F+9IRCZoXzRy1VZeUlqCC7NhXUNkwRamS4Js2lJ2XhwPbOraQa770Uccn8Xx8X7CFrwC1mJWKFhjeTTBip8KquCPILVDc0dOVvKE9CYi5gDMY4mpgdURxCbSRxU2ffowuu72RrL8QE+b6MG4AAJexepx2nKKL1waEJcUPLNdJM6B75HvELXlGGfh0tBaPjPJi+/9pUhRNsyp2AhpjAnWyFvih9vEBCoHLn6AcS8K9UfsVFT1Tp7F7S7i2PJWPWts6blNkI4FhICt9f5TR09WfiNG4KDN9RBFkt+H0TlJWE3Q7iLwVL7+5mjfrG8Yy56ukQVpyFR2jiFoeYq9K1mJ+3G55rynVnzobpTCzxPwskAwf6ZQxrnpIm9nRf/63blp8YkYbtMAHReoJvpEGhnfMEVp01rgVDzk1vJhnyGjM27lHgyr+MUtxE5r+lSwLtYjsMGjvrljBtd9FMnCvEBOI5ludgEQWGuSL9FYvObK6pHrg7BHCGCJC6HXWPoOlQtk6pTxfqSZrIe0G9hMBo2pAhs4+q8cTBjKBXcOlAmgWhpnV/sVJDk6uYqG1PDrqjg5azLmysIxYfJgJc8qMPqR0itQBBjmclqbd/mFK2DESbt25QEyQtlG8zuKzsuUxSaEVvEacQQdn/gb7fy0c624trIf9hVUkKBxRDMSr9TkolPU8pFY9f7r2s9o2147jvPZN7tLVw43QppztSMPX7GHeuWYgXEJ4BhKhUDboLBghnqhz+KkncNF93ongnnox7LdeLJfWE1e4oMJTasn/mKkIxkooy7bUoTLNlV6auzLYsKAD2OzrTTcEvTwZJsSJTe/Mh+rtsWkxAxTp9M4PING3bbsCWKu7pRSS8gM7jutvojPWgcLKcDZswXfRwIyj0tW3tHc6VsqeMQdFXZGbiQk7vF2WwWAAzAeMaAa7/wYMnhkXFczDQDF9kVWy+iOxJ5Xk2dNF0mPp1KJWd1Ytrcwm5i8/0rRH40MNuG71mx274ap5LTzB4SPhumyb6DJGmeLAHWXTvhgE9X/ZgH1F8W4ZiVsPcr/mFJxFnIHIpB7vG8cxPNYrPJtgamKCCYp+UE3E/Eu1uOO3jf7Stw9obRfLNHGY29mFn5dWHJ7PBPVG9JkAq6MzmISyH0MqxJ7TvIkJX+c5fPn8PUf/5W9woeyktNPSayypxihtcymFArydo7c6TVBAqDIUgEj7nkDC68LjUdfGRxxBtbuFjJIbvWIBTSKdMwVi5Vb3UOU0yxEa0fCNMP5AHnshE5Z+HsoBDTGbe92Pe8C6+03+XUUrfovXWYnh88cGazVeL1mJdoXDG6pdoiQfYmjIx5uL/1NB2Dm90ExyNPjgfdCVAVPM1a+cmKy0+ptbZLCNp1jhpuJuW469YLyg==
Content-Type: multipart/alternative; boundary="_000_SJ0PR05MB8632FDD8A3852BA61687C652A2072SJ0PR05MB8632namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR05MB8632.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a80704af-24ab-45e4-87ca-08dc583e13e7
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2024 02:38:02.4386 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8Nof1GMwEvpD//djQuDeuUQ5bheLfjNi8y90zs2SY5D+YchWL03VJx81AZWf+joWEmQenWJKGpc6UDghgD4mXg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR05MB9966
X-Proofpoint-ORIG-GUID: 3huOZo6YStvzs2IbBaWSLjt5uVysS-5O
X-Proofpoint-GUID: 3huOZo6YStvzs2IbBaWSLjt5uVysS-5O
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-08_19,2024-04-05_02,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 lowpriorityscore=0 malwarescore=0 suspectscore=0 bulkscore=0 impostorscore=0 priorityscore=1501 clxscore=1011 mlxscore=0 phishscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2404010003 definitions=main-2404090014
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/JLJ7jywuP-ROlyk6kwt8M52I6Mg>
Subject: Re: [Idr] Secdir early review of draft-ietf-idr-bgp-ct-30
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2024 02:38:10 -0000

Hi Magnus,

> was this meant to say "existing BGPsec solutions" or "the existing BGP solution"?

I think we should change it to ‘existing BGP solutions’. Agree.

Thanks,
Kaliraj



Juniper Business Use Only
From: Idr <idr-bounces@ietf.org> on behalf of Magnus Nyström via Datatracker <noreply@ietf.org>
Date: Sunday, April 7, 2024 at 10:17 PM
To: secdir@ietf.org <secdir@ietf.org>
Cc: draft-ietf-idr-bgp-ct.all@ietf.org <draft-ietf-idr-bgp-ct.all@ietf.org>, idr@ietf.org <idr@ietf.org>
Subject: [Idr] Secdir early review of draft-ietf-idr-bgp-ct-30
[External Email. Be cautious of content]


Reviewer: Magnus Nyström
Review result: Has Nits

Comparing with my original review (-18) the authors have addressed my concerns.
There is one remaining, probably smaller, issue: The Security Considerations
section states: "In order to mitigate the risk of the diversion of traffic from
its intended destination, existing BGPsec solution could be extended and
supported for this SAFI." - was this meant to say "existing BGPsec solutions"
or "the existing BGP solution"? Also, it isn't clear how BGPsec should be
extended - and if it would provide any substantial benefit over the mechanisms
described herein (the remainder of this paragraph states: "The restriction of
the aplicability of this SAFI to its intended well-defined scope limits the
likelihood of traffic diversions. Furthermore, as long as the filtering and
appropriate configuration mechanisms discussed previously are applied
diligently, risk of the diversion of the traffic is significantly mitigated.").


_______________________________________________
Idr mailing list
Idr@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/idr__;!!NEt6yMaO-gk!B2BvMqPMR2r1KICWj3Vip_HLeDU5abmgtAXxyMwbmZhtzxUlyiprfSYhkYvbMBSGgTiBOIH3LSaGNns$<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/idr__;!!NEt6yMaO-gk!B2BvMqPMR2r1KICWj3Vip_HLeDU5abmgtAXxyMwbmZhtzxUlyiprfSYhkYvbMBSGgTiBOIH3LSaGNns$>

v2.23.0 | Report a Bug | By Email