IETF Logo Mail Archive

[Idr] Shepherd report on draft-ietf-idr-bgp-bestpath-selection-criteria-11.txt

"Susan Hares" <shares@ndzh.com> Tue, 04 June 2019 11:16 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FD3A12006D for <idr@ietfa.amsl.com>; Tue, 4 Jun 2019 04:16:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.948
X-Spam-Level:
X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYHc6BvLX8NY for <idr@ietfa.amsl.com>; Tue, 4 Jun 2019 04:16:13 -0700 (PDT)
Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9786E12002F for <idr@ietf.org>; Tue, 4 Jun 2019 04:16:13 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.224.176;
From: Susan Hares <shares@ndzh.com>
To: idr@ietf.org
Date: Tue, 04 Jun 2019 07:16:08 -0400
Message-ID: <006601d51ac6$e8e7cd90$bab768b0$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0067_01D51AA5.61D82960"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdUaweXfdtXBpxDASSe0kO479cMVaw==
Content-Language: en-us
X-Antivirus: AVG (VPS 190604-1, 06/03/2019), Outbound message
X-Antivirus-Status: Not-Tested
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/erF9If0OABv-K4iQFZ3U01XmOI4>
Subject: [Idr] Shepherd report on draft-ietf-idr-bgp-bestpath-selection-criteria-11.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jun 2019 11:16:16 -0000

Basic status:  ready for IESG with two additions

 

1.       RFC5512 is being replaced by draft-ietf-tunnel-encaps-12.txt 

 

        Page 3., section 3, paragraph 2: 

 

    OLD: /A dynamic signaling such as BGP encapsulation SAFI (or tunnel
encap attribute)

              may be used to convey the data plane protocol chosen by the
policy/

   New:/A dynamic signaling such as BGP encapsulation SAFI [RFC5512], or 

              Tunnel encapsulation attribute
[draft-ietf-idr-tunnel-encap-12.txt] 

              may be used to convey the data plane protocol chosen by the
policy./ 

 

  Why:  draft-idr-tunnel-encaps-12.txt is going to hit the IESG on June 7th
(see John's email)

             Alvaro (AD) and  IESG will probably ask for the change.  

 

   Choice: Leave this until AD reviews with my comments or 

                  change to my text.  It can be an informative reference to
[draft-ietf-idr-tunnel-encap-12.txt]

 

https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-bestpath-selection-crite
ria/

 

2.       Your security statement is not strong enough. 

   

 IHMO, this feature can actual help OAM reduce one attack fact.  

 

  Old: /This draft doesn't impose any additional security constraints./

 

  New:/ While this daft does not specifically add any additional security
constraints, 

                it can provide support a general error handling that
improves the security against some attacks. 

 

                The resolving a route to a particular forwarding path allows
BGP routes to be selected on 

               a currently available forwarding path.  This feature allows
the OAM to only select and 

               track active paths rather than "possible paths".  The BGP
"possible paths" provide one 

              attack face for insertion of routes that resolve these
"possible paths" at a later time. / 

 

     If this set of comments work for you, please update this in version-12.


    If not, please consider how to strengthen the security section in
version-12.txt. 

 

 

Once I see your updates in version-12, I will send this off to the IESG. 

 

Cheerily, Susan Hares

v2.23.0 | Report a Bug | By Email