Re: Genart last call review of draft-ietf-grow-large-communities-usage-06

Stewart Bryant <stewart.bryant@gmail.com> Wed, 19 April 2017 08:46 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C16213157F; Wed, 19 Apr 2017 01:46:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfQ1uRl2DjPz; Wed, 19 Apr 2017 01:46:57 -0700 (PDT)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF713131576; Wed, 19 Apr 2017 01:46:56 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id o81so74223789wmb.1; Wed, 19 Apr 2017 01:46:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=Ougxf9uJ25t+oNOaLThwQnfKjE44NoNBJsTUmD9K0i4=; b=bUpgBR07/A2qO3WX3zR+Z1rvZ/ajfcZUeL3Vr5dHQUCS1yc/OmAdcoD+Yi/ljXLOe9 iYSz1f8wxAuujq/pXBM8eZLenaCPzi08RWXHYRohd09oHqOPVgwXcUZrq/Eg7PTeCRC5 Ibr5ZFwvvZbp/k9+eM9CR220zBmhNhwDp0XDzlTIkzZk2d8s/hur4Rt+d/vxx0rJfcyw KYPs+LVyrLaopLXiNFjDNO6xlOtPWe0/MytWFFvr+YP6UySLrdfD8K0tw28Sm0C/Hotb QEUDAmhU7HTnHQ0kVaJ87XfTWJ+o5Ed74nFOIzmzxQdCHtCP6lggpmK9/77oy28iVj/1 iSjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=Ougxf9uJ25t+oNOaLThwQnfKjE44NoNBJsTUmD9K0i4=; b=cOh4MxD/NFa1mrwuzc87qNjP7xvcpMz9u6OUkT74aji1SveD9sxA8NhMG6TRel6mGW wh0CH/X1rD5frnIvLjN8lA1UJfjKc5IiSPD8e6dAR+kd9Bp78k1WhK46cyLnqXCKhWQl wsn/h7ylIiopOquneAhtMOTrAmk4IBdNUKb7ycE3BlJZCD73iNiwXacHLSGJIRFbl1iY 3jI90OpninU4LQIxqjJXf4mzDgkerHFhUef/RsKo03aR+WMONuzmbMkWqTzHyr9Wod60 uXs6DxwjIcbnBUr+mgkbMQiFf7ynD9XNwLpgb2X0zB5oOnnn2ysd7oYtnBxmUe6DFCkK t/XA==
X-Gm-Message-State: AN3rC/5Z7UYN8Akrscu8iuQuP4x/Q85IRjcvromNAfR7B7JV646TKQZE TjbLG+fjJ6zMQFyIHSs=
X-Received: by 10.28.165.13 with SMTP id o13mr1909942wme.139.1492591615207; Wed, 19 Apr 2017 01:46:55 -0700 (PDT)
Received: from [10.66.4.239] ([131.227.23.37]) by smtp.gmail.com with ESMTPSA id e21sm2859828wma.5.2017.04.19.01.46.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Apr 2017 01:46:54 -0700 (PDT)
Subject: Re: Genart last call review of draft-ietf-grow-large-communities-usage-06
To: Job Snijders <job@instituut.net>
References: <149252287543.16134.18005737444773296286@ietfa.amsl.com> <20170418235858.sgsa64r7b5th7zam@Vurt.local>
Cc: gen-art@ietf.org, grow@ietf.org, draft-ietf-grow-large-communities-usage.all@ietf.org, ietf@ietf.org
From: Stewart Bryant <stewart.bryant@gmail.com>
Message-ID: <21c205d9-eac4-9403-8450-6bce56b3bfe6@gmail.com>
Date: Wed, 19 Apr 2017 09:46:53 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170418235858.sgsa64r7b5th7zam@Vurt.local>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/U7XKIdMoUDidkbLo_XdCz0bdIjQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 08:46:58 -0000


On 19/04/2017 00:58, Job Snijders wrote:
>
>> ============
>>
>> 5.  Security Considerations
>>
>>     Operators should note the recommendations in Section 11 of BGP
>>     Operations and Security [RFC7454].
>>
>> SB> You do not address the question of whether there are new
>> SB> considerations, or considerations that are of increased importance?
> It is my understanding that RFC 8092 "BGP Large Communities" are just
> like RFC 1997 "BGP Communities", but ...  larger (for lack of better
> words). Referencing RFC 7454 seems plenteous.
>
> So, what if there are not any additional considerations, If there were,
> they would've been (or are) covered in RFC 8092's security section,
> right?
>
> This is an Internet-Draft targetted for Informational status, I'm not
> sure what you expect here.
I was wondering if there was more scope to make mischief at a distance 
in a less
less obvious way than before.

If everyone is happy that there is no additional risk then I am fine, 
but seems to
me the more knobs you give the mischeif maker to turn the more security 
risks
you have.

>> SB> Is there is text somewhere that discusses the integrity and
>> SB> synchronization of the parameters and any consequences that arise?
> the what now? Can you elaborate on the above?
So you rely on the nodes that receive these community strings to 
interpret them in
a common way. Maybe this is an already solved problem, or an known risk, 
but what
if the dictionaries get out of sync?

>> ===========
>>
>> Minor issues:
>>
>> 2.2.  Action Communities
>>
>>     Action Communities are added as a label to request that a route be
>>     treated in a particular way within an AS.  The operator of the AS
>>     defines a routing policy that adjusts path attributes based on the
>>     community.  For example, the route's propagation characteristics,
>>     the LOCAL_PREF (local preference), the next-hop, or the number of
>>     AS_PATH prepends to be added when it is received or propagated can
>>     be changed.
>>
>> SB> Although these are well known to the target audience, I think you
>> SB> need some references in the above para.
> What reference would you suggest? You feel the section 2.2 text cannot
> stand on its own?
As I said I imagine that all readers will know the definition of 
LOCAL_PREF and
AS_PATH, but normally we give a reference in a documnet like this.

- Stewart