IETF Logo Mail Archive

Re: [Idr] WG adoption call for draft-abraitis-bgp-version-capability-08, to end September 25

Donatas Abraitis <donatas.abraitis@hostinger.com> Wed, 11 January 2023 12:50 UTC

Return-Path: <donatas.abraitis@hostinger.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E7E4C14CE2F for <idr@ietfa.amsl.com>; Wed, 11 Jan 2023 04:50:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hostinger.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tDu9GJLK4omc for <idr@ietfa.amsl.com>; Wed, 11 Jan 2023 04:50:13 -0800 (PST)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35B0FC14CF1B for <idr@ietf.org>; Wed, 11 Jan 2023 04:50:12 -0800 (PST)
Received: by mail-lf1-x135.google.com with SMTP id bq39so23392393lfb.0 for <idr@ietf.org>; Wed, 11 Jan 2023 04:50:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hostinger.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=qdw11zF4e8zEHopbhTSIrL2P/6ptp0iDHXCxps0eJC0=; b=FnXSxQzwys4B9aFiwy/vHwYyGQFLE7L0FbcC8/2FixreAEE1RjnChMTRqN14y9GwMK S3c8POvxhzbwRKKSm0fXBd9lWLPet+5QMKfdT8fkDWMpvNj0hvjivL1pE7TMrLqIENSM 5h4Jx+h0D3PeiWplCm0rdFCWlOGhQg1KOy2zxu5N8xOkJ8syvc8zZUMnQKA+pP57NS/L SPGrHAOWysBjNBs99lyxJ7AiZY5GjpOq/8oE5ff9vzj2EZD6cqo8qoVyRflAXitiwk31 iiGpYso5QgtS6JZzOLWFjYTS9pHxBajn8I++zeu9HBvytEDx7wQxYuKFC207/dgx/s47 JcKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qdw11zF4e8zEHopbhTSIrL2P/6ptp0iDHXCxps0eJC0=; b=EIMullaAMnDrIyATuNbnmQvj1WvvENiBOgh+baLIGMpVUQW1WW6xi5poslg6ckQcXb O/xly9/33ui1QL4gDSvy8uaRr7WFobyPZ2QDjM9g9vAnOkbrhDd+pCMDeMI1zfIui8yv 1Is8vZXYK8xThs6+8Ii12dIybV8BtkQNvzsTlSz/gImYn32vouoS/TudtZPf6bhp9b7l BSGPWkM3MbqFA7m8ZMFkck6r6xbUrQddqtVAy32NqVsf1CTOxHllbC2ka7BoFemrB29+ fjL65HEyIzPdBz24pn15/yWJmfsSa+NjVUmFqTUin0A0BJG0He8AXn9lomcu1cAkZu7P uchg==
X-Gm-Message-State: AFqh2krlC05SasFL1sWdN6/IsenOu0vpAQspXvXapewQdkY9a0RRbF4g ycD0PjCXzbmIiiyi6lu+vWxvSVXCLJ+ChcKw9qhjBGCfKlSEV9uVpKQUIxa+H6OhuDh2fxAw8lP dBJHmiofhIVI4
X-Google-Smtp-Source: AMrXdXsp8hijtSPhYGU6fPsNkiz/VnxhXSTNgFuf7rUQ4qDWgI9xqs0A0bCFVP6TnCiEt/gLtyMLryuVsi5Qm4k22z4=
X-Received: by 2002:a05:6512:2315:b0:4cc:8fb8:b263 with SMTP id o21-20020a056512231500b004cc8fb8b263mr434487lfu.112.1673441410656; Wed, 11 Jan 2023 04:50:10 -0800 (PST)
MIME-Version: 1.0
References: <081E5E98-8D7B-452E-8517-EECBE72E3D7F@juniper.net> <64E754F4-CB63-4F2E-92A3-43ADEA1EC4AB@juniper.net> <20201028215313.GA8863@pfrc.org> <CAOj+MMFH35TB10gpeX80645qEZF3irFk0XVyyLZzkXagcTtwAA@mail.gmail.com> <20201029113316.GB8863@pfrc.org> <CAOj+MMHvVgP0SSTSLqcUHizfk_kR1tUjo0u8p3AnKiuHFr=VaQ@mail.gmail.com> <BYAPR11MB3207AE20610604C5310C0BBAC0140@BYAPR11MB3207.namprd11.prod.outlook.com> <007c01d6ae71$4513eec0$cf3bcc40$@tsinghua.org.cn> <8560_1604052018_5F9BE432_8560_210_1_53C29892C857584299CBF5D05346208A48FDBBFD@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <20201103163259.GC7455@pfrc.org> <CAJwpseXrj46EY7ccXYNH-aWqfykGD99obOaA5qLMNHfoWG7ptQ@mail.gmail.com> <CAMMESsx=c__3UR57zCXLUp62q2ua9YXPT90f-ThqDUJzCYiGjQ@mail.gmail.com> <CAOj+MMG+_aHkc0=+FNvJ8tcTu9W-GpmVxJf=6JeD=zZK+AyjUw@mail.gmail.com> <CAJwpseWAt5oUEMqUE85m+PNSEv_kfONScUSdGooq4XpP6EwFYg@mail.gmail.com> <CAOj+MMHCvyE7vDiP3iBOC+EHgpBsKUESXs4GvcHFbHj_VSChTg@mail.gmail.com> <CAJwpseWOaqP6zXYY2gPN3J47gEbDfcyCtt91C9PH5nZDnK6vJQ@mail.gmail.com> <CAOj+MMGTXB+XSyXCJKugVzKwEi=u8d7nP1LzKdYKJcSHXd9CiA@mail.gmail.com> <CAJwpseULj4_FTELt9WQbU8jqDVdO_GNUvcFxgxQONWViYzksVQ@mail.gmail.com> <CAOj+MMFnawJt=J2z0qWNmkPLoq6n+F9tKC+F+_hBtpJ=Xqe8iA@mail.gmail.com> <CAJwpseXG0SCN=+XZQqYavzu=i4sTetyKRDVDHrRg0mbD14BuCQ@mail.gmail.com> <65C185D6-D194-4865-A678-8F85EFB50DAD@pfrc.org> <CAOj+MMG6y0B6ZaPwLSn+5rvmuhtKWvEBw8MWAOgLWtw7n3dUag@mail.gmail.com> <A09C18C3-5038-4719-931B-2C86A3BCFF49@pfrc.org> <CAOj+MMFRKx5qHS5ZGaUcwwVMHB=sKnyxqP0F53XUeqhTR=tufA@mail.gmail.com> <BYAPR11MB3207F034217BE9E981B7D4CEC0FC9@BYAPR11MB3207.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB3207F034217BE9E981B7D4CEC0FC9@BYAPR11MB3207.namprd11.prod.outlook.com>
From: Donatas Abraitis <donatas.abraitis@hostinger.com>
Date: Wed, 11 Jan 2023 14:49:58 +0200
Message-ID: <CAJwpseU5_rUaC+PXgt=AU=DJ3umc-1DfH2pcNZ=We6iWHz_hrQ@mail.gmail.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Cc: Robert Raszuk <robert@raszuk.net>, Jeffrey Haas <jhaas@pfrc.org>, Alvaro Retana <aretana.ietf@gmail.com>, Bruno Decraene <bruno.decraene@orange.com>, IDR List <idr@ietf.org>, John Scudder <jgs@juniper.net>
Content-Type: multipart/alternative; boundary="000000000000d5c07005f1fc7001"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/mdrNYMPIK-3UZ8LbDqYkfT-n-ag>
Subject: Re: [Idr] WG adoption call for draft-abraitis-bgp-version-capability-08, to end September 25
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2023 12:50:17 -0000

>Roughly the right idea, but your examples probably don't quite hit the
level of specificity that you're looking for.  For example, Juniper has
different products that ship as a given version number and may vary
slightly by platform.

That's why a free form is IMO just a way to go because who knows what's
gonna happen with the format vendors are planning to use?

>If we would use URL to carry a pointer to the information the URL can be
shortened to be a fixed length of a few characters which could be really
easy to process and presented  to users in a pretty uniformed way
across any receiver.

I don't think this is the right place to show URLs and even more, waste the
operator's time (automated or not).

On Wed, Jan 11, 2023 at 2:13 AM Jakob Heitz (jheitz) <jheitz@cisco.com>
wrote:

> I think if we can settle on a way to avoid collisions, it should be fine.
>
> So, in my case, for example: “
> cisco.com/XR.7.9.1/optionalstringtoencodefeatures”.
>
> I promise not to send my customers’ peers to malicious websites.
>
>
>
> Regards,
>
> Jakob.
>
>
>
> *From:* Robert Raszuk <robert@raszuk.net>
> *Sent:* Tuesday, January 10, 2023 3:20 PM
> *To:* Jeffrey Haas <jhaas@pfrc.org>
> *Cc:* Donatas Abraitis <donatas.abraitis@hostinger.com>; Alvaro Retana <
> aretana.ietf@gmail.com>; Jakob Heitz (jheitz) <jheitz@cisco.com>; Bruno
> Decraene <bruno.decraene@orange.com>; IDR List <idr@ietf.org>; John
> Scudder <jgs@juniper.net>
> *Subject:* Re: [Idr] WG adoption call for
> draft-abraitis-bgp-version-capability-08, to end September 25
>
>
>
> Hi Jeff,
>
>
>
> Very good points.
>
>
>
> But I am not sure if they are really applicable here ?
>
>
>
> Keep in mind that we are talking about p2p BGP OPEN Msg between PE & CEs
> (computes with lot's of machines - bare metal or virtual). Moreover what is
> proposed is really informational with little to no bearing into operational
> aspects of the subject BGP session.
>
>
>
> So while I am all for making right, robust and secure protocol encoding
> decisions it seems that especially in BGP we have lot's of other security
> holes which if exploited could have a much bigger negative impact.
>
>
>
> Regards,
> R.
>
>
>
> On Wed, Jan 11, 2023 at 12:11 AM Jeffrey Haas <jhaas@pfrc.org> wrote:
>
> Robert,
>
>
>
> Please note that the points I'm about to make is intended to more broadly
> discuss the URL issue and isn't saying you're making these recommendations.
>
>
>
> On Jan 10, 2023, at 5:47 PM, Robert Raszuk <robert@raszuk.net> wrote:
>
>
>
> I would like to just highlight one IMHO very cool property hidden in yr
> note ... If we would use URL to carry a pointer to the information the URL
> can be shortened to be a fixed length of a few characters which could be
> really easy to process and presented  to users in a pretty uniformed way
> across any receiver.
>
>
>
> Before we move forward with any specific shortened-URL proposal, it's
> likely we'll want to get comment from those with expertise in the security
> implications of shortened URLs.
>
>
>
> Certainly, many vendors maintain a domain name for shorter URLs for
> various contexts.  That's likely not the main concern.
>
>
>
> URL shortening services are probably a Very Bad Idea since they're in an
> entire vector of attacks on their own.
>
>
>
> (We also introduce all of the interesting headaches about interaction with
> the PKIX certificate infrastructure.  See my prior comments in the BGP
> autoconfiguration discussions if you're interested.)
>
>
>
> One possible mitigation for some of the attacks given the problem to be
> addressed is to permit an IANA registered prefix for the URI/URL.  This
> means rather than carrying a potentially long URL to a specific resource,
> you carry something like the Private Enterprise Number's[1] instance of
> your registered prefix and a suffix portion of the URL.  The rest of the
> data is contained in the structured data at the other side of the expanded
> URL.
>
>
>
> I'd encourage Donatas to continue the discussion on such structured data
> before we worry over-much about how to point to it in BGP. :-)
>
>
>
> -- Jeff
>
>
>
> [1] https://www.iana.org/assignments/enterprise-numbers/
>
>

-- 

*Donatas Abraitis*
*Principal Systems Engineer*
@: donatas.abraitis@hostinger.com
W: www.hostinger.com

-- 
This
 message and its attachments may contain privileged and confidential 
information. If you are not the intended recipient, do not use, copy, or
 
disclose this information. Please notify the sender and permanently 
delete 
the message from your system.

v2.23.0 | Report a Bug | By Email