Return-Path: <jhaas@pfrc.org>
X-Original-To: idr@mail2.ietf.org
Delivered-To: idr@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1])
	by mail2.ietf.org (Postfix) with ESMTP id 047048CD5FD8;
	Wed, 19 Nov 2025 15:02:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
	SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key)
	header.d=pfrc.org
Received: from mail2.ietf.org ([166.84.6.31])
	by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Oc8j5lhsMAAx; Wed, 19 Nov 2025 15:02:52 -0800 (PST)
Received: from prospero.pfrc.org (prospero.pfrc.org
 [IPv6:2a02:4780:2d:e7d4::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by mail2.ietf.org (Postfix) with ESMTPS id 7D44F8CD5FD0;
	Wed, 19 Nov 2025 15:02:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pfrc.org;
	s=prospero20250622; t=1763593364;
	bh=oLvZ2Xm/5FenUQ0rlEjzuxdExwOQbiYfm1uQ2JdlEoc=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
	b=DJUUGklYwxFRFF/n4iSfGqQzBOMJr+rw8MzUUW9zjFzDh9O1yEIph9+dpZVP3q+Xs
	 T9RCwcCW7ZwJfu4BuEfVE2rrPm3CZcJMZWqz7NNX0ZC0cRAaM9jZ9ZPwth1gAK6YYc
	 59GcoLtDA6JGr1k83helnMAkRH/GszIx/A+KtXEI51AmT0J2XwamG97ITPwmK4SBsM
	 dpAullq7JESQ8D5wlHqi5V7bNP8fcqJ3F1QgEfG2sl+l4xarX7+hWXwnZQCLaznQVP
	 eAvl3ZG1zF8yCetMkW8l3eyz8YdPpspcZ0hfu/QpV+CzTZTiFJZFb3314wYEK3oy+6
	 VTPISZOJ3u9Og==
Received: from [IPV6:2600:1702:80c0:8960:6564:d851:4659:f75e] (unknown
 [IPv6:2600:1702:80c0:8960:6564:d851:4659:f75e])
	by prospero.pfrc.org (Postfix) with ESMTPSA id A442B80006;
	Wed, 19 Nov 2025 23:02:44 +0000 (UTC)
Content-Type: multipart/alternative;
 boundary="------------Y1M0iwqfTzRXLGPuErY8W90n"
Message-ID: <39353f41-b19c-4dea-bde1-a6c278a019c7@pfrc.org>
Date: Wed, 19 Nov 2025 18:02:44 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Ketan Talaulikar <ketant.ietf@gmail.com>,
 Deb Cooley <debcooley1@gmail.com>
References: 
 <176107589259.922.7123160603901796938@dt-datatracker-675c8fd764-bsflw>
 <CAH6gdPyJ55853-UdL6RuDnHcd4nohMARY6JyeaCehXg_zZnarA@mail.gmail.com>
Content-Language: en-US
From: Jeffrey Haas <jhaas@pfrc.org>
In-Reply-To: 
 <CAH6gdPyJ55853-UdL6RuDnHcd4nohMARY6JyeaCehXg_zZnarA@mail.gmail.com>
Message-ID-Hash: NPFQZ7TRYAO6NSGTGHAA5QOBCU2XNL6G
X-Message-ID-Hash: NPFQZ7TRYAO6NSGTGHAA5QOBCU2XNL6G
X-MailFrom: jhaas@pfrc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-idr.ietf.org-0;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-idr-link-bandwidth@ietf.org,
 idr-chairs@ietf.org, idr@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: =?utf-8?q?=5BIdr=5D_Re=3A_Deb_Cooley=27s_No_Objection_on_draft-ietf-idr-link?=
 =?utf-8?q?-bandwidth-19=3A_=28with_COMMENT=29?=
List-Id: Inter-Domain Routing <idr.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/idr/x9J0RdnORjfdjH8L8nocsNqmLTU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Owner: <mailto:idr-owner@ietf.org>
List-Post: <mailto:idr@ietf.org>
List-Subscribe: <mailto:idr-join@ietf.org>
List-Unsubscribe: <mailto:idr-leave@ietf.org>

This is a multi-part message in MIME format.
--------------Y1M0iwqfTzRXLGPuErY8W90n
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit


On 11/19/25 12:06, Ketan Talaulikar wrote:
> Hi Deb,
>
> I see that the authors have not responded to your comments and so I 
> will attempt to clarify. The authors/WG should feel to respond/clarify.
>
> On Wed, Oct 22, 2025 at 1:15 AM Deb Cooley via Datatracker 
> <noreply@ietf.org> wrote:
>
>     Section 6, para 1:  This specification points to RFC 4360, which
>     points to RFC
>     1997, which says that Security Issues are not discussed. I'm
>     guessing it isn't
>     that part of the RFC 4360 Sec Con section that is being referred? 
>     RFC 4360
>     does also have a short note on the need for a 'transitive trust
>     relationship
>     back to the source of the information' and that the mechanism for that
>     relationship is out of scope. If this concept is still an issue,
>     perhaps it
>     should be in 'Operational Considerations?
>
>
> KT> Looks like RFC4360 skimmed through reviews on this front. If it is 
> any consolation, the IDR WG is working on RFC 4360bis and this comment 
> is better addressed there. I will drop a message to the authors of 
> that draft to point this out. That said, it seems not appropriate for 
> this specific type of Extended Community to take the burden of 
> security considerations applicable to all extended communities in 
> general. Does that work?

Indeed, please let's try to patch core spec deficiencies in this draft.

That said, this is an excellent moment for the IESG to decide what 
security deficiencies are in the core spec and get those added as issues 
to the 4360 bis in github.  We're hoping to move that to IDR working 
group last call soon and this bit of reflection would be helpful.

-- Jeff


--------------Y1M0iwqfTzRXLGPuErY8W90n
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 11/19/25 12:06, Ketan Talaulikar
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAH6gdPyJ55853-UdL6RuDnHcd4nohMARY6JyeaCehXg_zZnarA@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div dir="ltr">Hi Deb,
          <div><br>
          </div>
          <div>I see that the authors have not responded to your
            comments and so I will attempt to clarify. The authors/WG
            should feel to respond/clarify.</div>
          <br>
        </div>
        <div class="gmail_quote gmail_quote_container">
          <div dir="ltr" class="gmail_attr">On Wed, Oct 22, 2025 at
            1:15 AM Deb Cooley via Datatracker &lt;<a
              href="mailto:noreply@ietf.org" moz-do-not-send="true"
              class="moz-txt-link-freetext">noreply@ietf.org</a>&gt;
            wrote:<br>
          </div>
          <blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Section
            6, para 1:  This specification points to RFC 4360, which
            points to RFC<br>
            1997, which says that Security Issues are not discussed. I'm
            guessing it isn't<br>
            that part of the RFC 4360 Sec Con section that is being
            referred?  RFC 4360<br>
            does also have a short note on the need for a 'transitive
            trust relationship<br>
            back to the source of the information' and that the
            mechanism for that<br>
            relationship is out of scope. If this concept is still an
            issue, perhaps it<br>
            should be in 'Operational Considerations?<br>
          </blockquote>
          <div><br>
          </div>
          <div>KT&gt; Looks like RFC4360 skimmed through reviews on this
            front. If it is any consolation, the IDR WG is working on
            RFC 4360bis and this comment is better addressed there. I
            will drop a message to the authors of that draft to point
            this out. That said, it seems not appropriate for this
            specific type of Extended Community to take the burden of
            security considerations applicable to all extended
            communities in general. Does that work?</div>
        </div>
      </div>
    </blockquote>
    <p>Indeed, please let's try to patch core spec deficiencies in this
      draft.</p>
    <p>That said, this is an excellent moment for the IESG to decide
      what security deficiencies are in the core spec and get those
      added as issues to the 4360 bis in github.  We're hoping to move
      that to IDR working group last call soon and this bit of
      reflection would be helpful.</p>
    <p>-- Jeff</p>
    <br>
  </body>
</html>

--------------Y1M0iwqfTzRXLGPuErY8W90n--