Re: [Idr] Warren Kumari's Yes on draft-ietf-idr-shutdown-08: (with COMMENT)
Job Snijders <job@instituut.net> Mon, 22 May 2017 16:57 UTC
Return-Path: <job@instituut.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DD8A126CF6 for <idr@ietfa.amsl.com>; Mon, 22 May 2017 09:57:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=instituut-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ay-4gpuvqkEW for <idr@ietfa.amsl.com>; Mon, 22 May 2017 09:57:31 -0700 (PDT)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9ADE12EB29 for <idr@ietf.org>; Mon, 22 May 2017 09:57:30 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id 7so1440240wmo.1 for <idr@ietf.org>; Mon, 22 May 2017 09:57:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=instituut-net.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=et4jao9L9GwCkhmWny2/h3CJ3qF4h3I4CczNe3anQFM=; b=vpi9bFZBZFoE4ipZwyPAbttvRUPd7Cdoqvw66DLpDmoLH34BMFA4veOYQFnyJTLYLh nQsb97dCSvV+iZLBKx97DQbB2CoMEX08SsPaRZCqXrFrXQeJMXwEc6uQugtPp4aGRKEp A7iV2X6OATyuNQlTQbLf9mc4OqR0vgbselYlogM818EE6RP68FHxVHkWdh2rzorR/OR8 pbMhfEg/c2IKVk3vtut0fr8XLps6UbAlcwZcn2Elk4THiCdaWYOcoxb5k4+FRsYoUWye YVw1OJDH4U8bLIi8ffzXfOuShZbym381TAk/H2iwu+wXtyZsZ6HxII4+JdQZnV4aosXx buiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=et4jao9L9GwCkhmWny2/h3CJ3qF4h3I4CczNe3anQFM=; b=UZDdIRuEayAWIcdNhzUyrhfPvKY97IkYAiNFhi472VA1iTsl2MjuD1mVmM1W7cXqzM AZPgAPIR0KpOSZKnum6V/81qj7QJF/MKdWyhB1uJsHH4DBLcrlwYUiIV+E5CqhgD6NA1 BnS3b5+Ha6BfWH9zIZSmR3zk2f+ZhYirNvENlEul8eTajRcV/dVNm+KLaXnmMFEdgUpB w0tFSuySa4W7knuGNszaruqckoJOxCGv/d0DezthtYcL7FB5uVyPYbnVHzn6gyILUcPm PzBFovG2T/WNIUk6zoY3iNRA6ZBQDKgPVqfV6hMIvPIqgV2p9CAZWe6pZWppvrWpXuhh oDIQ==
X-Gm-Message-State: AODbwcBUb/ryMdJKOfqxCIQkCG7d32fLi/hpw6k8jkVeuHR5gpWm+LCg Vv+Ka8ic/4vioXqj
X-Received: by 10.80.195.17 with SMTP id a17mr18239207edb.9.1495472249299; Mon, 22 May 2017 09:57:29 -0700 (PDT)
Received: from localhost ([2001:67c:208c:10:8d65:8a05:9b0c:6c7e]) by smtp.gmail.com with ESMTPSA id e35sm2767726edb.40.2017.05.22.09.57.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 May 2017 09:57:28 -0700 (PDT)
Date: Mon, 22 May 2017 18:57:27 +0200
From: Job Snijders <job@instituut.net>
To: Warren Kumari <warren@kumari.net>
Cc: The IESG <iesg@ietf.org>, idr@ietf.org, draft-ietf-idr-shutdown@ietf.org, idr-chairs@ietf.org
Message-ID: <20170522165727.j3b66kuiozdzcsnr@hanna.meerval.net>
References: <149547150337.5542.9055637503089744791.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <149547150337.5542.9055637503089744791.idtracker@ietfa.amsl.com>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: NeoMutt/20170306 (1.8.0)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/am48s3Zv4coiB3ODTbnGftfHle0>
Subject: Re: [Idr] Warren Kumari's Yes on draft-ietf-idr-shutdown-08: (with COMMENT)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 16:57:33 -0000
Dear Warren,
On Mon, May 22, 2017 at 09:45:03AM -0700, Warren Kumari wrote:
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Having had to deal with many instances of "<ring ring>Hey, my BGP session
> with you just went down, whatsup?!", "Yes, it's a maintenance. I sent you
> mail about it last month, then last week, then this morning, then 5
> minutes before pulling the session. You even generated a ticket for me,
> it's # [1432323] 'kthnxbye...<click>" I think that this is the best thing
> since sliced bread (of course, I also thought jabber over BGP was
> cool).
>
> Some nits:
> 2. Shutdown Communication
> Shutdown Communication: to support international characters, the
> Shutdown Communication field MUST be encoded using UTF-8.
> perhaps:
> "MUST be encoded using UTF-8 "Shortest Form" encoding"? (from
> Security Considerations) - or Alexey Melnikov's suggestion...
The Security section already contains normative text to that effect, so
wouldn't that be somewhat redundant?
I can add it, but then would be two references in this document to the
concept of "Shortest Form" encoding, on top of it also being the
recommendation through [UTR36].
> Also, *perhaps* it is worth noting that it might be possible for someone
> to send:
> 'BGP going down\nMay 22 11:19:12 rtr1 mib2d[42]: SNMP_TRAP_LINK_TYPE:
> ifIndex 501, ifOperStatus "Interface is a small turnip", ifName
> ge-1/2/3'
> and that logging of these should strip control characters. This may
> already be covered in syslog...
Stripping / sanitizing is also covered by referencing RFC5198 as per
Alexey Melnikov's suggestion.
As to your direct example, the security section contains:
"This specification minimizes the effects of visual spoofing attacks
by limiting the length of the Shutdown Communication."
If you can suggest different (more accurate) wording that would be
appreciated.
Note: your attempted visual spoofing attack example is 140 bytes, the
specification only allows up to and including 128 bytes.
Kind regards,
Job
- [Idr] Warren Kumari's Yes on draft-ietf-idr-shutd… Warren Kumari
- Re: [Idr] Warren Kumari's Yes on draft-ietf-idr-s… Job Snijders