Re: [Idr] Roman Danyliw's Discuss on draft-ietf-idr-tunnel-encaps-20: (with DISCUSS and COMMENT)
Alvaro Retana <aretana.ietf@gmail.com> Thu, 07 January 2021 20:02 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 774E33A0D08; Thu, 7 Jan 2021 12:02:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4qPIuyTAHQn; Thu, 7 Jan 2021 12:02:12 -0800 (PST)
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E709F3A104E; Thu, 7 Jan 2021 12:01:23 -0800 (PST)
Received: by mail-ej1-x636.google.com with SMTP id ce23so11388453ejb.8; Thu, 07 Jan 2021 12:01:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=n8AryuOcsLqhtdtLv9sPeqGkA39PV8bGs3NszDNzirY=; b=LDAED7ApFEA2foNsBqASnzGdvk9XE1ohofY8lhn6yRnXfZBskGu1dj5bAnV07bDKPS jIlFvyAx44WV5i9uOmaxKk+aEOQT5Mv1FmKDnSfaTfgiXtBwk8D7XEUv2gjC1Qi6a559 IvjRWkrJ+kjCxaL2zMomQECJBbyohZTNkrIh2RqbcgNpSpZVorUbLr3/MemqsHcvlI62 oIlcZDRCIdkhgCdLYNWOzLqNRkjOQGdVhcsmHnm0QiHwRKwh+0Wo+QBi06AwAAchVUOr +pI71cFNALDc9xmIk6oejE5HHz852ZGv8MyrU3cxShL/hosh4aAzebYpb5ud+Cc9FjFf XSFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=n8AryuOcsLqhtdtLv9sPeqGkA39PV8bGs3NszDNzirY=; b=DbyEUrFBDTV/GeRwMgOcHrHIZPys8RLCwoZ1hlvQ/1B860CAwy1365HBTAoAc3E29u 1xoRM33iQwIw6hEhA48T1Tf2NPCIqqbiQ8c0e5bOPWhZMWqJQZPRiB7IysjmJDla/q74 u2G9+pslUaJtaccl5oV/wabnVa64eC7z/qAgpOjuH8tGCE/01zghBYKMVqCyER2b9kkq LEt0antyvkIVFEhA3V86zGgzzzY+GjNKlXmbY/IkEhzn9HRyYsBnWZ3zLtdrKmUTjeJN Rj24RHJtvSkCsh2GewDUytYHzgZB9WvNTsjxtbN7r7zVouuxEHRW20oYhAN2JITTh+y0 Z8CQ==
X-Gm-Message-State: AOAM533gt+D7XbtZZ00ODCdOG7NrG/8Si9NFGyz/kmePMJlnQoSG5L8/ P4iRU138uLidECN4C6TRj65kk2Yru3i3FPRESOc=
X-Google-Smtp-Source: ABdhPJxkC4/Yj90tyS4xJ4Gw0J0uttK0tqMb2U5glDq7xQoE8Hkowny2KJ87MZilYmuYNOtFrOQ2Xugw7YI96iuAqY8=
X-Received: by 2002:a17:906:e247:: with SMTP id gq7mr326265ejb.27.1610049682429; Thu, 07 Jan 2021 12:01:22 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Thu, 7 Jan 2021 15:01:21 -0500
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <6290214a809c48418e8f6c90eb1cc027@cert.org>
References: <160700777482.26979.18432434254166024114@ietfa.amsl.com> <DD341C8B-0702-48E1-8411-F99190C8B07D@juniper.net> <6290214a809c48418e8f6c90eb1cc027@cert.org>
MIME-Version: 1.0
Date: Thu, 07 Jan 2021 15:01:21 -0500
Message-ID: <CAMMESsxrjgO93QZdS35c8jBXreC2mPmGjmxEyF_wJ_75SRidzA@mail.gmail.com>
To: John Scudder <jgs@juniper.net>, Roman Danyliw <rdd@cert.org>
Cc: Hares Susan <shares@ndzh.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000064589b05b854e7d7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/VrIXxIUIEY4Su1xiw3bRRjeXGR4>
Subject: Re: [Idr] Roman Danyliw's Discuss on draft-ietf-idr-tunnel-encaps-20: (with DISCUSS and COMMENT)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2021 20:02:15 -0000
Roman: Hi! Happy New Year! John just submitted -21 which should address your concerns. Can you please take a look? Thanks! Alvaro. On December 3, 2020 at 11:09:28 AM, Roman Danyliw (rdd@cert.org) wrote: Hi John! Yes, IMO, making it MUST, doesn't require new text. Saying SHOULD means there is additional behavior to cover with mitigation guidance. I leave it to the WG to determine the right approach. Personally, I agree with your intuition, if someone wants to extend this work they can update it more formally to relax the constraints. Roman > -----Original Message----- > From: John Scudder <jgs@juniper.net> > Sent: Thursday, December 3, 2020 10:59 AM > To: Roman Danyliw <rdd@cert.org> > Cc: The IESG <iesg@ietf.org>; draft-ietf-idr-tunnel-encaps@ietf.org; idr- > chairs@ietf.org; idr@ietf. org <idr@ietf.org>; Alvaro Retana > <aretana.ietf@gmail.com>; Hares Susan <shares@ndzh.com> > Subject: Re: Roman Danyliw's Discuss on draft-ietf-idr-tunnel-encaps-20: (with > DISCUSS and COMMENT) > > Would dialing the SHOULD up to a MUST be sufficient to address your concern? > My previous comment notwithstanding, it occurs to me that if someone does > want to perform an Internet-wide experiment such as I was speaking of, they > could write a spec that updates ours, that relaxes the MUST and provides the > necessary additional security analysis. > > —John > > > On Dec 3, 2020, at 10:02 AM, Roman Danyliw via Datatracker > <noreply@ietf.org> wrote: > > > > [External Email. Be cautious of content] > > > > > > Roman Danyliw has entered the following ballot position for > > draft-ietf-idr-tunnel-encaps-20: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut > > this introductory paragraph, however.) > > > > > > Please refer to > > https://urldefense.com/v3/__https://www.ietf.org/iesg/statement/discus > > s-criteria.html__;!!NEt6yMaO- > gk!UgyOh1apt3GeZZrjSh_rt0RuCTnVgC56GutlFG > > 4vPhwJoDDhz3rRloP77frNgw$ for more information about IESG DISCUSS and > > COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-iet > > f-idr-tunnel-encaps/__;!!NEt6yMaO- > gk!UgyOh1apt3GeZZrjSh_rt0RuCTnVgC56G > > utlFG4vPhwJoDDhz3rRloOT5jjipA$ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > Per the conversation on my original COMMENT (thanks for the quick > > response), > > > https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/idr/hV2t6- > 8mq2dOvmXO-PvLuiON5o4/__;!!NEt6yMaO- > gk!UgyOh1apt3GeZZrjSh_rt0RuCTnVgC56GutlFG4vPhwJoDDhz3rRloOmECod2w > $ , I'm escalating this item to a DISCUSS. > > > > Section 11 > > However, it is intended that the Tunnel Encapsulation attribute be > > used only within a well-defined scope, e.g., within a set of > > Autonomous Systems that belong to a single administrative entity. > > > > As this applicability text should be read as a normative SHOULD, > > please provide a discussion on the risks of open Internet usage in the Security > Considerations. > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Thank you to Scott Kelly for performing the SECDIR review. > > > > ** Section 1.5. Per “Because RFC 8365 depends on RFC 5640, it is > > similarly obsoleted.”, this seems inconsistent with the meta-data > > header in the document (as RFC8365 isn’t obsoleted). > > > > ** (original COMMENT, see DISCUSS above) Section 11. Please use > > normative language on the applicability text restricting use to a > > single administrative domain. > > > > OLD > > However, it is intended that the Tunnel Encapsulation > > attribute be used only within a well-defined scope, e.g., within a > > set of Autonomous Systems that belong to a single administrative > > entity. > > > > NEW (or something like this) > > > > However, the Tunnel Encapsulation attribute MUST only be used within a > > well-defined scope such as a set of Autonomous Systems that belong to > > a single administrative entity. > > > > ** Section 12. Typo. s/tunnelling/tunneling/ > > > > ** Section 15. Clarifying text > > OLD > > "hijacking" of traffic (insertion of > > an undesired node in the path) > > > > NEW > > "hijacking" of traffic (insertion of an undesired node in the path > > allowing for inspection or modification of traffic, or avoidance of > > security controls) > > > > > >
- [Idr] Roman Danyliw's Discuss on draft-ietf-idr-t… Roman Danyliw via Datatracker
- Re: [Idr] Roman Danyliw's Discuss on draft-ietf-i… John Scudder
- Re: [Idr] Roman Danyliw's Discuss on draft-ietf-i… Roman Danyliw
- Re: [Idr] Roman Danyliw's Discuss on draft-ietf-i… Alvaro Retana
- Re: [Idr] Roman Danyliw's Discuss on draft-ietf-i… Roman Danyliw