IETF Logo Mail Archive

Re: [Idr] Can we eliminate the "IETF Review" Capablities range? [was: Re: I-D Action: draft-ietf-idr-capabilities-registry-change-04.txt]

Donald Eastlake <d3e3e3@gmail.com> Thu, 23 May 2019 16:46 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0CEB120126 for <idr@ietfa.amsl.com>; Thu, 23 May 2019 09:46:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id moF9a0RW22_N for <idr@ietfa.amsl.com>; Thu, 23 May 2019 09:46:29 -0700 (PDT)
Received: from mail-it1-x12e.google.com (mail-it1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A68BD120127 for <idr@ietf.org>; Thu, 23 May 2019 09:46:27 -0700 (PDT)
Received: by mail-it1-x12e.google.com with SMTP id g24so3936119iti.5 for <idr@ietf.org>; Thu, 23 May 2019 09:46:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=sIux3oXJRWYmiYhx6YatA5+y2bQjUgdzndWy8WLDWN8=; b=RbRRixpCugon7WunHcXgyltZknzHV4ypcjNOj5CMPrOs2K+DQEApuji5SAJtJOuOWY XnBIjZUQUtZkm/d6qSDeAbiV3kMp3XyG2Pv6ZmXMMpb0QOydGQbcoXndrGKADkgU3GPt 5qreIBekBCM6897+K0qXAPwFqdPhNMnhWiAJ8/i883c2N3Wn0MRWNt4FhiU6GZIOqleY uATgEjZnwFUv9NH0FDhlLZX6dfoEUMc/QSslCHDO1SHA8FFJx6Vv/4H+R2tchrHu2YO+ QcI44Wo6NgSLb3+yZGge21HGgaGzFDHVyN/lM/fseajfj50W2jwXQk+IKbz/j+5pNbn0 jwFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=sIux3oXJRWYmiYhx6YatA5+y2bQjUgdzndWy8WLDWN8=; b=Il6T310oTi/JtCtTUT+QwdOgD+qpUz2AQI52OIlqngTrMPfM8UuSjvQSb1FeoVNgf+ DZdXy2rFg8HB1DLF37f+sf41T9d1+/d6jiBYeyjFyNWzLqHMfe1b8aF1Em9/eHfsoACa PUrqVXA8HsAex7Ldz1Ju/tNQOBicRc83qbkmQLczGhUiJN0VllhQRzgpBFq/3xdKJLw5 4Ot2/mwfVqBs7MyvU7FnjzxuG6ULUUCDcAdSbhum0FEb2RhJYT0y8Sgqp10xVXjLnWzl Q1jxcxXQ76dCwD2scKeT96PdmNo2DMwVuAXS+G/5JZo8cmDsEoXtmBBfEVNCeKG77vLv Uelw==
X-Gm-Message-State: APjAAAVzj4aPkIGybzl+0w5ACH9xZ1ZZ91U3zrW5Ph3NbnM11b1mk9JR KU780qDlgXeZjy/lluz7V2I/5DSQcxO2gqchoyizY3/s
X-Google-Smtp-Source: APXvYqwut6GnnSE0DxeIrYgYV0RWkD+ekdRu6FkCEHj5Q4vKxNs05lPV/0nD5z2nSlVlbon4zhxPEuckRv+qEQ7beKo=
X-Received: by 2002:a24:3304:: with SMTP id k4mr7447216itk.161.1558629986198; Thu, 23 May 2019 09:46:26 -0700 (PDT)
MIME-Version: 1.0
References: <155860518236.3859.4116481267193969204@ietfa.amsl.com> <F34580D3-0033-45CA-B90A-78A37DE22F9B@juniper.net> <015701d51184$a55712c0$4001a8c0@gateway.2wire.net>
In-Reply-To: <015701d51184$a55712c0$4001a8c0@gateway.2wire.net>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 23 May 2019 12:46:15 -0400
Message-ID: <CAF4+nEFECnN-UAdYzmtX5ZtjdRqF8fsBfsofm4yWU6daF-ZAmw@mail.gmail.com>
To: "idr@ietf.org" <idr@ietf.org>
Cc: John Scudder <jgs=40juniper.net@dmarc.ietf.org>, tom petch <ietfc@btconnect.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/XbCYHB10jbsw4Xtz0oQLP6nVi-A>
Subject: Re: [Idr] Can we eliminate the "IETF Review" Capablities range? [was: Re: I-D Action: draft-ietf-idr-capabilities-registry-change-04.txt]
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2019 16:46:32 -0000

Hi,

The somewhat limited protection against abuse of First Come First
Served is in Section 3.3 of RFC 8126:

   IANA always has the discretion to ask the IESG for advice or
   intervention when they feel it is needed, such as in cases where
   policies or procedures are unclear to them, where they encounter
   issues or questions they are unable to resolve, or where registration
   requests or patterns of requests appear to be unusual or abusive.

Should IANA not notice abusive requests for FCFS code points such that
enough were consumed to significantly constrain future assignments, I
assume some sort of special I* action would be taken to revoke the
assignments. That being said, I think that in this case the code point
space is so small that some reserved or IETF Review or similarly
restricted subrange should exist.

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 1424 Pro Shop Court, Davenport, FL 33896 USA
 d3e3e3@gmail.com

On Thu, May 23, 2019 at 12:33 PM tom petch <ietfc@btconnect.com> wrote:
>
> ----- Original Message -----
> From: "John Scudder" <jgs=40juniper.net@dmarc.ietf.org>
> Sent: Thursday, May 23, 2019 11:10 AM
>
> > On May 23, 2019, at 12:53 PM,
> internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote:
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the Inter-Domain Routing WG of the IETF.
> >
> >        Title           : Revision to Capability Codes Registration
> Procedures
> >        Author          : John Scudder
> > Filename        : draft-ietf-idr-capabilities-registry-change-04.txt
> > Pages           : 5
> > Date            : 2019-05-23
> >
> > This is a version bump to refresh the draft, which had expired. There
> are two outstanding points I can think of:
> >
> > 1. I’ve received a report of another use of Capability 129 (different
> from the one reported in the draft). I’m following up with the reporter
> to find out if that needs to be documented in the draft, if it does I’ll
> issue a revision.
> >
> > 2. The draft currently leaves Capabilities 1-63 as “IETF Review”. As I
> ’ve mentioned in another thread recently, I’ve become skeptical of the
> value of splitting registries between IETF Review and FCFS. Here are
> some options, listed in order of my own preference:
> >
> > 2.a. Make 1-238 all FCFS.
> > Pro: this is the easiest allocation policy with the least admin
> overhead. There is no decision required as to which range to select, so
> less confusion.
> > Con: there’s a theoretical risk of the number space being completely
> consumed, without any formal way for the WG to prevent it. (A “run on
> the bank”.)
> > Rebuttal: this hasn’t been seen to happen in practice. Also, we do
> reserve 255 in case we need it for future extension.
> >
> > 2.b. Make 1-63 Reserved, 64-238 FCFS.
> > Pro: as above, but without the chance that the number space could be
> completely consumed since 1-63 is protected. If that range is needed in
> the future, another draft can be written to reclassify it as IETF Review
> again, or as whatever is desired at that time.
> > Con: it’s a slightly more complicated solution to what may be a
> non-problem.
> >
> > 2.c. Leave it as written in version 04, 1-63 IETF Review, 64-238 FCFS.
> > Pro: it’s what we’ve already been discussing and nobody (other than
> me, in this note) has raised an objection so far.
> > Con: authors are required to choose between the two ranges, experience
> shows that many assume that IETF Review is “better” for some reason.
> This holds up number allocation, retards implementation, and invokes
> additional administrative overhead without returning any concrete
> benefit.
> >
> > I’d be interested in discussion of these options. Once these points
> are settled IMO the draft is ready for last call.
>
> John
>
> I see it as a question of security.  The Internet used to consist of
> friendly, helpful people who worked together to make it happen.  Now
> there is a whole raft of evil people, some state actors, some
> individual, some corporate - in fact, actors of any kind.
>
> So, if we make it FCFS, and an evil actor sets out to sabotage us, what
> mechanisms do we have to stop them?  Think of the kind of mechanisms
> that routers have to stop them being overwhelmed.
>
> As RFC8126says,
>
> "   It is also important to understand that First Come First Served
>    really has no filtering.  Essentially, any well-formed request is
>    accepted."
>
> so we have no defence against a DoS attack.  We have not had one such
> yet but as they say of pilots, there are those who have landed with the
> wheels up and there are those who will land with the wheels up.
>
> We should reserve enough entries, i.e. IETF Review, to accommodate our
> needs for, say, the next decade.
>
> Tom Petch
>
> > Thanks,
> >
> > —John
> >
>
>
> ------------------------------------------------------------------------
> --------
>
>
> > _______________________________________________
> > Idr mailing list
> > Idr@ietf.org
> > https://www.ietf.org/mailman/listinfo/idr
> >
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr

v2.14.0 | Report a Bug | By Email