Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12

"Juan Alcaide (jalcaide)" <jalcaide@cisco.com> Tue, 16 March 2021 19:36 UTC

Return-Path: <jalcaide@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F363A0C86; Tue, 16 Mar 2021 12:36:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=NHxc6Z3C; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=QRethIyb
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AxTIDQWkfg1C; Tue, 16 Mar 2021 12:36:11 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA06A3A0C84; Tue, 16 Mar 2021 12:36:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2776; q=dns/txt; s=iport; t=1615923371; x=1617132971; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=hEWfuiXIbsqB3cIu/7957WP/TV1fSrbLxOvk7q/fquM=; b=NHxc6Z3CrEfCkPEFmDmSg0oN0soZk0WQgjTXHRxnw6z4Np6jFteTSP/e dTBS5HfZ0N8xEvsfPVR/waAlIGxROjoa0sMao8EwHRgz/Gyn+j4jPgZVc SJrkYZqav9yVF2ZVGbbVnn/47vCfI4qtrkosawu+A0gAXvEtHHavaEIrn 8=;
X-IPAS-Result: =?us-ascii?q?A0B5AACLB1FgkJRdJa1aHQEBAQEJARIBBQUBQIE9BgELA?= =?us-ascii?q?YFSUYFXNjEKhDeDSAOFOYhEmS6BLoElA1QLAQEBDQEBMgIEAQGETQIXgV8CJ?= =?us-ascii?q?TYHDgIDAQEBAwIDAQEBAQUBAQECAQYEFAEBAQEBAYY4DYZFAwMjEQwBATAHA?= =?us-ascii?q?Q8CAQgODAImAgICMBUQAgQBDQ2CaIJWAy8BA6IUAooed4EygwQBAQaFJxiCF?= =?us-ascii?q?AmBDyoBgnWECYZEJhyBSkKBEUOCWD6EQ4MUNYIrgkQIYgSBZGsWJxSUFaYMC?= =?us-ascii?q?oMCnGCDPpBfj3iUdKJUAgICAgQFAg4BAQaBWwwlgVlwFYMkUBcCDY4fDA0Jg?= =?us-ascii?q?02KWXM4AgYBCQEBAwl8iyotgQcBgQ4BAQ?=
IronPort-PHdr: A9a23:MxQVRh1qGquYh3RFsmDPW1BlVkAck7zpIg4Y7IYmgLtSc6Oluo7vJ 1Hb+e4FpFDMVITfrflDjrmev6PhXDkG5pCM+DAHfYdXXhAIwcMRg0Q7AcGDBEG6SZyibyEzE MlYElMw+Xa9PBtaHc//YxvZpXjhpTIXEw/0YAxyIOm9E4XOjsOxgua1/ZCbYwhBiDenJ71oK xDjpgTKvc5Qioxnec4M
IronPort-HdrOrdr: A9a23:mm12RaEcR5t5K1WupLqEeseALOonbusQ8zAX/mp2TgFYddHdqt unm+4V2QSxpDEaXnwhnt7oAtjjfVr385lp7Y4NeYqzRQWOghrKEKhOz6vHhwfhFSr36/JH2c 5bGMJDIfD5EFQSt6rHySa1H9sqyNOEtICE7N2uq0tFYhptb8hbgTtRLia+PglISBJdBZw/fa D92uNiqyC7cXoaKuSXb0NpY8H5q9fGlI3rbHc9bnYawTOThjCl4qOSKXel9yoZOgkv/Z4StV LoqUje+ristfG9xHbnpgru06g=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,254,1610409600"; d="scan'208";a="654968266"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Mar 2021 19:36:08 +0000
Received: from mail.cisco.com (xbe-aln-006.cisco.com [173.36.7.21]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 12GJa8YO025680 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 16 Mar 2021 19:36:08 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xbe-aln-006.cisco.com (173.36.7.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Tue, 16 Mar 2021 14:36:08 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Tue, 16 Mar 2021 14:36:07 -0500
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 16 Mar 2021 15:36:06 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mvEIOXZC/2o9+AgfE0WUMrhmBrKKgYxvoD0KFaWOdjWhXdbQtffLLKYGLu82Qa4lviNBNgZ69cMyHaP3VPB4txHshrAzZ8lqiFM4CNP5vjaYKJrZGdhS0wyyX269BdWbSiFA/7eiSdcznzRPCI0MdmemdplkdOMLObnoLY8KSuI5BeN/ATI1la1plQ223IpkVJzVS/Re+PeBqsZu5OqeinfuSI+nDDVnz/AC9ngpZexhYDTvsvL81aDW2AsRrVhPVHAXvjPteGETxFwXjxK2QRmyaf8gD0FBXZslVpqVUqc4S+kSbdh0B1LxfRQNRGFBm+uC7QFiZu/KkKLbJcJf3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hEWfuiXIbsqB3cIu/7957WP/TV1fSrbLxOvk7q/fquM=; b=L6PBb6/yBd+nqWeLxZIg2YEMTfS4uar9tGJosRM8824mJX89oSiaen4rq8Ra1HY57t2uTsOpWyBriVtWkZ2/o2YOJ2A0qzf40c2g3I3Jm1iYPEPnbRWQmh3SQkkdGiAu4MTecWuQIcyuT3M+nhzN5PWWlZl6fWFSSue7graTxH6x8YnNAJL3bruHUccCOF6OmfPNWuM8Q53GC3hqEIcl5tX2hexQ991+9YhlBrAPae1HEEGdCU13pK1aRQAMmldrvU9Eqi663w/RTLknrQryPExyna/EAKHgJ/vvASdtvvPCfr1idff7JdE/P/ZhAzMe5/0mhAnV6s8AnfoL7XE4BA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hEWfuiXIbsqB3cIu/7957WP/TV1fSrbLxOvk7q/fquM=; b=QRethIybL6ANY2mC+UdxVr9Zqd6LVrhnmkUJjnHkfOnCicMGpA6e30/W6sM454v/W8WoA5b6HUGu598pWyl+R0K9cG+yIh9rDK0f9owLB7p3Bt4rjDSIlCDyAFiz17WWmC4DIxK5P9KrjiWsuUdsJiwrBbRJq+7wXGoYMnGQlIY=
Received: from DM6PR11MB3194.namprd11.prod.outlook.com (2603:10b6:5:5c::25) by DM5PR11MB1676.namprd11.prod.outlook.com (2603:10b6:4:10::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Tue, 16 Mar 2021 19:36:05 +0000
Received: from DM6PR11MB3194.namprd11.prod.outlook.com ([fe80::749f:f98b:7d54:c223]) by DM6PR11MB3194.namprd11.prod.outlook.com ([fe80::749f:f98b:7d54:c223%3]) with mapi id 15.20.3933.032; Tue, 16 Mar 2021 19:36:05 +0000
From: "Juan Alcaide (jalcaide)" <jalcaide@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>, "draft-ietf-idr-bgp-flowspec-oid@ietf.org" <draft-ietf-idr-bgp-flowspec-oid@ietf.org>
CC: Susan Hares <shares@ndzh.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, IDR List <idr@ietf.org>
Thread-Topic: AD Review of draft-ietf-idr-bgp-flowspec-oid-12
Thread-Index: AQHW9QDI2xQHpdk2Z0uhqDf2mVgKOap9sTZAgAA2NYCACB0UUIABM80AgAAKxJA=
Date: Tue, 16 Mar 2021 19:36:05 +0000
Message-ID: <DM6PR11MB3194D8C6B94EAD8E1CB2B4C5CD6B9@DM6PR11MB3194.namprd11.prod.outlook.com>
References: <CAMMESsxqRWK2vDPyj-0_ruYoW7pkautFc09MoFBUTKxG23=tyA@mail.gmail.com> <DM6PR11MB3194B28B0BD8A3AF913ECB0ECD919@DM6PR11MB3194.namprd11.prod.outlook.com> <CAMMESsyUtogXkjiQGfP=SDXzNdOu-FJ-e1-NbppD_mZcq+yGkQ@mail.gmail.com> <DM6PR11MB3194D2E820E675E9C1D65639CD6B9@DM6PR11MB3194.namprd11.prod.outlook.com> <CAMMESswZE+2SD_pFnzXC50cVvJf6XuoWf+uGhkvk7hGsrP0G2w@mail.gmail.com>
In-Reply-To: <CAMMESswZE+2SD_pFnzXC50cVvJf6XuoWf+uGhkvk7hGsrP0G2w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [83.58.38.13]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 87476634-4570-4947-0fb1-08d8e8b2bd94
x-ms-traffictypediagnostic: DM5PR11MB1676:
x-microsoft-antispam-prvs: <DM5PR11MB167605133316463CDFCF36BBCD6B9@DM5PR11MB1676.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3LHC1T9l8tzY0d9pEQ2S9VV4n1x+jy5dHbHVJHTPRjOzjBSvzQ27G0yL+7EYNe+d4ITPqyDkTt/3ZlRa4Va1vD/u//BA6giHy5xw4F+ksN8r6/d026UNbvnK9Ume6Q+961tg+mNhDqNQXOOG12CUSV3h82N3OqOvWFO33KPUTbC26W1pxjnAF27M2642hKKudORDDkD7OeN72/W01j/ntU1VJkc8KmOh7lo/yuPG/OHK69WKNQ78//UjwtwnaLvttPx7k+v6xGTe1txoC3RbBap4JLT7FKTyTZ82omrE9GjilL5LwES3LogmW4xorpwQnT/hFnTKNwyxy4eOCRPvnqHmalNBcu6PeVvjgAlVBu9XLr+ozSEFd5ckbiLo8Boe51MF8ijcHydL8Vq7Crrkk+8T5R2uXrVufW9fQfqUSzbxKJ2nsWK8NpaEr1SF2poOtxxSuQNxQri14T5M4gZqDSfL12hewqAUadT3x5ERiKz8wxl3m5u95rDk52okn+riTUCv+lDLwOTz/bc5FAjxZw0JHRdkq06OgeHR+lYqmM0AQK7J5bedqGbPtAb0syHSVrJr3hjyH1Zl45xQ710jmKdBQMDNxwGAfIxpTCyz330=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB3194.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(346002)(366004)(39860400002)(376002)(136003)(33656002)(66946007)(83380400001)(76116006)(478600001)(186003)(5660300002)(86362001)(2906002)(66574015)(66556008)(8936002)(71200400001)(110136005)(54906003)(7696005)(66476007)(55016002)(8676002)(26005)(4326008)(52536014)(6506007)(64756008)(316002)(66446008)(9686003)(21314003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?K3BnSzBpRE04Um10cUZxeElpZmg3bWhHVlU4WkplS2lkNGZxTnI0WURpbTVD?= =?utf-8?B?UFVTMG11WFkwMTZHaEx0ZyttTU5YaENCWHB2VHRHZS9pVThHL1JiTGxkd1V1?= =?utf-8?B?VVZRM2h4SFA1dkVKR2c5S2g3VE5hc0ZFVmZKTjBWUnlPdmZra3lCY2U3MlA5?= =?utf-8?B?UGZjYjl6Rk9xMFZLZlUxN3Yya0dsUURqWUJJUTdBY0xZSWtlTzhqRVdXckI1?= =?utf-8?B?TElNeGdzSlZ6YUVOMnQ2NDM1S2FFSGtXQ2twNTFqOVh5blZmU1dQQzk3OUt4?= =?utf-8?B?Mm93dXFnaWp1Sy9lVk8wRXk2Tnl3SXg4aUR2cGN5bmFNM3FBQnE0UW43aXlK?= =?utf-8?B?TjBJaWlUb2hpVklDaWZHQzdpYWFCSCszUklkdzV6YmhLbEVoMXdXWk1mL3hF?= =?utf-8?B?RFFzdDNLWXlmeGVOek9lS3h3T1BQRFl6YkR4RkVUNDhLZlV2cGY4SEZBSDNj?= =?utf-8?B?TTFMQ1BOOTE1OENUdnJUZ1lZalFWd0d1TkRTMGVrM01QNFhsUTVqUFBjZ3Y1?= =?utf-8?B?RXN4c2NpdXFtNkZqVEZsVmI4V0dLNWpRQmtCeW56VHJtNXZTS2lXRWtUWFd5?= =?utf-8?B?Y24xUm5vRXgyQW10M095UnZ4M01oVGgxQXZuekszZmljelRmcEpIQi9VRTU5?= =?utf-8?B?Wm16SzhFc2haZWc4NHdWYkREK243cWZyeWRJZXF2SWFOaEorTlVjR2ZiNjNU?= =?utf-8?B?eCtqeDF3Z1VuNmg5MnFSalQwM3lndk1PRVpuN085WHhuMUZ3Ti9CZGpTY1JK?= =?utf-8?B?TjJCaGl5SlkvYUpsY3VnS09OSUo0RDYwK3E3VXpnWDdtaGtDWHpjVjhUTklX?= =?utf-8?B?MU9tbWwvWWRVTW5PS1JFR2hCc3JTTWdJQS9FVDFBaEdtbHQyOGZMQnBWSmx6?= =?utf-8?B?VVVhcHp0VnJMQkdJT0pVZkpKeHlEMzBMYjJRV0hBNk15cS9iNm1zbk4vbFJa?= =?utf-8?B?TjY4Tk1RbG5CckQ0TllGVFhhRnZIamlabzFaL1JoTzEyVUFnUFozU28rSXQy?= =?utf-8?B?eEF6akh2dUpPZ0pnRi8rS3ZMU1VaTFdoc0N5QjM0K1VCN1Y2L21kclVSNVFK?= =?utf-8?B?OFNQZmpHVGFrckVYeUtnVjYvZkZlcitoNWI3VDk1eWh1Rms5Q1NWVmNYSzYv?= =?utf-8?B?ODdIeVFCemlTbjlOQ0VLMXZIUmZWOG5LU0p1UE5tSERoNUcraTUxZ2hBa0pO?= =?utf-8?B?TER0TjhPclkvN1dHOUtpM28rVjBFU2h0ZlZya0RQWkFUTHhyRWxlNzE5K3A2?= =?utf-8?B?WXVPTGlRZjAzeTd1OU16VmE5UW5FZjFOeExFM1pjdUdYa3MyaFdZcmZlZ0Ro?= =?utf-8?B?YlZJdmtMSDNQU0hpcjZyQTFiTmVKd1c0aG9LUU5Td0hQZThSdHVZYlFrLzRU?= =?utf-8?B?Zmk5UWZxZ1NUM0NiVXRzZ25LbUVLSHUreEZQSlUrdXIxYWdteHZoREZVTVgx?= =?utf-8?B?Tk82YzczUU8zRUFhNzJhK3ZNVmZ0d2hYenk4c3pZOTlWZjI5VzEzN3luRnUy?= =?utf-8?B?SXhDVmlCNFZXYytpbGNEVTZTV1JhZ0QzQllmaTh5QmdMMVZDS3BKUDhLcXhO?= =?utf-8?B?NXM2RW5tT1RBU3E1NDYwakZlYiswZGgwUGZsODRQUml2Y2hvVEgwNmdWOW8x?= =?utf-8?B?STR3cm1sWUpwc3owNDJiQzAvMTE4TmkyZSsrV0FwSEpsY2VQeTJ2NG1VZm81?= =?utf-8?B?K0wyalNXVUViVCs4VnVLTUt3SFlmaWVsWmE3cnpITGl6QStnTkxCUFRMZ2hH?= =?utf-8?Q?nwB65UeGML0dSlmfdo=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB3194.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 87476634-4570-4947-0fb1-08d8e8b2bd94
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2021 19:36:05.3546 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0hyCjQsfCsSl9jOApBrlJuRCwzFOyfuKkAyLqd5IEPu6sDdrckIw2GSSQXYFIviJIwng1NfS101hAQJVBCpECA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1676
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.21, xbe-aln-006.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/y_Wn8cp2GT3-EIrs1S9eKzi4KVU>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2021 19:36:13 -0000

Inline



The "normal" iBGP case is different than the confederation case where we do find an eBGP relationship.


[JUAN]:

Consider 
R1(AS-65001)--R2(AS-65001)--- R3(AS-65002)--R4(AS65002) ==== R5 (AS 701)
R1, R2, R3, R4 belong to the same confederation (AS 100)
R2-R3 have an ebgp-confed peering session

R5 advertises the FS route and the unicast route
R4 does the AS_PATH check (i.e. making sure the AS_PATH of the unicast route and the FS route received from R5 are both AS_PATH ='701 XXX')
R3 does not do the AS_PATH check (from the route received from R4)
Why R2 should do the AS_PATH check from a router received from R3? (i.e. making sure the AS_PATH of the unicast route and the FS route are both AS_PATH = '(XXX) 701 XXX')




In short, yes.  rfc6793 formally Updated rfc4271, so any interpretation of the AS_PATH has to consider what rfc6793 says.
[JUAN]: I'll be happy to remove it. It adds too much detail. But it seems to me that all new rfcs are assuming rfc6793 is already implemented. Trying to implement rfc8955 without rfc6793 would be undefined.



As you mention, rfc8955 considers eBGP.  The fact that it doesn't say anything about iBGP shouldn't be interpreted as trusting those peers.
Even if that was the intent in rfc8955, this document deals directly with iBGP so it makes it the best place to call the risk out.

[JUAN]: I think that's a bit open for interpretation. Quoting rfc8955:

<snip>
The Flow Specification received from an internal BGP
   peer within the same autonomous system [RFC4271] is assumed to have
   been validated prior to transmission within the internal BGP (iBGP)
   mesh of an autonomous system.
</snip>

You can read that iBGP validation is not needed because eBGP validation was successful, what implies iBGP is trusted.
Rfc8955 should have mentioned if that assumption was not true 100% of the time. There are different 'levels' of what it means to be 'trusted'.

Regardless, it doesn't hurt to mention it here. 


-J