Re: [Idr] Shepherd report on draft-ietf-idr-bgp-bestpath-selection-criteria-11.txt
"Susan Hares" <shares@ndzh.com> Tue, 04 June 2019 11:23 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0C5D12006D; Tue, 4 Jun 2019 04:23:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.948
X-Spam-Level:
X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2JbZGjTpREe; Tue, 4 Jun 2019 04:23:50 -0700 (PDT)
Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5277512002F; Tue, 4 Jun 2019 04:23:50 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.224.176;
From: Susan Hares <shares@ndzh.com>
To: idr@ietf.org
Cc: draft-ietf-idr-bgp-bestpath-selection-criteria@ietf.org
References: <006601d51ac6$e8e7cd90$bab768b0$@ndzh.com>
In-Reply-To: <006601d51ac6$e8e7cd90$bab768b0$@ndzh.com>
Date: Tue, 04 Jun 2019 07:23:45 -0400
Message-ID: <007f01d51ac7$f9409130$ebc1b390$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0080_01D51AA6.72309EE0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGKJ2JIa3waJ8XdejCra0UQmRY1lKchP8TQ
Content-Language: en-us
X-Antivirus: AVG (VPS 190604-1, 06/03/2019), Outbound message
X-Antivirus-Status: Not-Tested
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/wr_SVGr30xvEmldqleSqqaHNnp8>
Subject: Re: [Idr] Shepherd report on draft-ietf-idr-bgp-bestpath-selection-criteria-11.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jun 2019 11:23:52 -0000
I missed one other editorial issue that must be resolved in the abstract in version 12. Old:/ BGP specification prescribes 'BGP next-hop reachability' as one of the key 'Route Resolvability Condition' that must be satisfied before the BGP bestpath candidate selection./ New:/ BGP specification (RFC4271) prescribes 'BGP next-hop reachability' as one of the key 'Route Resolvability Condition' that must be satisfied before the BGP bestpath candidate selection./ Sue Hares From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Susan Hares Sent: Tuesday, June 4, 2019 7:16 AM To: idr@ietf.org Subject: [Idr] Shepherd report on draft-ietf-idr-bgp-bestpath-selection-criteria-11.txt Basic status: ready for IESG with two additions 1. RFC5512 is being replaced by draft-ietf-tunnel-encaps-12.txt Page 3., section 3, paragraph 2: OLD: /A dynamic signaling such as BGP encapsulation SAFI (or tunnel encap attribute) may be used to convey the data plane protocol chosen by the policy/ New:/A dynamic signaling such as BGP encapsulation SAFI [RFC5512], or Tunnel encapsulation attribute [draft-ietf-idr-tunnel-encap-12.txt] may be used to convey the data plane protocol chosen by the policy./ Why: draft-idr-tunnel-encaps-12.txt is going to hit the IESG on June 7th (see John's email) Alvaro (AD) and IESG will probably ask for the change. Choice: Leave this until AD reviews with my comments or change to my text. It can be an informative reference to [draft-ietf-idr-tunnel-encap-12.txt] https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-bestpath-selection-crite ria/ 2. Your security statement is not strong enough. IHMO, this feature can actual help OAM reduce one attack fact. Old: /This draft doesn't impose any additional security constraints./ New:/ While this daft does not specifically add any additional security constraints, it can provide support a general error handling that improves the security against some attacks. The resolving a route to a particular forwarding path allows BGP routes to be selected on a currently available forwarding path. This feature allows the OAM to only select and track active paths rather than "possible paths". The BGP "possible paths" provide one attack face for insertion of routes that resolve these "possible paths" at a later time. / If this set of comments work for you, please update this in version-12. If not, please consider how to strengthen the security section in version-12.txt. Once I see your updates in version-12, I will send this off to the IESG. Cheerily, Susan Hares
- [Idr] Shepherd report on draft-ietf-idr-bgp-bestp… Susan Hares
- Re: [Idr] Shepherd report on draft-ietf-idr-bgp-b… Susan Hares