Re: Genart last call review of draft-ietf-grow-large-communities-usage-06

Stewart Bryant <> Wed, 19 April 2017 08:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8C16213157F; Wed, 19 Apr 2017 01:46:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jfQ1uRl2DjPz; Wed, 19 Apr 2017 01:46:57 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DF713131576; Wed, 19 Apr 2017 01:46:56 -0700 (PDT)
Received: by with SMTP id o81so74223789wmb.1; Wed, 19 Apr 2017 01:46:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=Ougxf9uJ25t+oNOaLThwQnfKjE44NoNBJsTUmD9K0i4=; b=bUpgBR07/A2qO3WX3zR+Z1rvZ/ajfcZUeL3Vr5dHQUCS1yc/OmAdcoD+Yi/ljXLOe9 iYSz1f8wxAuujq/pXBM8eZLenaCPzi08RWXHYRohd09oHqOPVgwXcUZrq/Eg7PTeCRC5 Ibr5ZFwvvZbp/k9+eM9CR220zBmhNhwDp0XDzlTIkzZk2d8s/hur4Rt+d/vxx0rJfcyw KYPs+LVyrLaopLXiNFjDNO6xlOtPWe0/MytWFFvr+YP6UySLrdfD8K0tw28Sm0C/Hotb QEUDAmhU7HTnHQ0kVaJ87XfTWJ+o5Ed74nFOIzmzxQdCHtCP6lggpmK9/77oy28iVj/1 iSjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=Ougxf9uJ25t+oNOaLThwQnfKjE44NoNBJsTUmD9K0i4=; b=cOh4MxD/NFa1mrwuzc87qNjP7xvcpMz9u6OUkT74aji1SveD9sxA8NhMG6TRel6mGW wh0CH/X1rD5frnIvLjN8lA1UJfjKc5IiSPD8e6dAR+kd9Bp78k1WhK46cyLnqXCKhWQl wsn/h7ylIiopOquneAhtMOTrAmk4IBdNUKb7ycE3BlJZCD73iNiwXacHLSGJIRFbl1iY 3jI90OpninU4LQIxqjJXf4mzDgkerHFhUef/RsKo03aR+WMONuzmbMkWqTzHyr9Wod60 uXs6DxwjIcbnBUr+mgkbMQiFf7ynD9XNwLpgb2X0zB5oOnnn2ysd7oYtnBxmUe6DFCkK t/XA==
X-Gm-Message-State: AN3rC/5Z7UYN8Akrscu8iuQuP4x/Q85IRjcvromNAfR7B7JV646TKQZE TjbLG+fjJ6zMQFyIHSs=
X-Received: by with SMTP id o13mr1909942wme.139.1492591615207; Wed, 19 Apr 2017 01:46:55 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id e21sm2859828wma.5.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Apr 2017 01:46:54 -0700 (PDT)
Subject: Re: Genart last call review of draft-ietf-grow-large-communities-usage-06
To: Job Snijders <>
References: <> <20170418235858.sgsa64r7b5th7zam@Vurt.local>
From: Stewart Bryant <>
Message-ID: <>
Date: Wed, 19 Apr 2017 09:46:53 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170418235858.sgsa64r7b5th7zam@Vurt.local>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Apr 2017 08:46:58 -0000

On 19/04/2017 00:58, Job Snijders wrote:
>> ============
>> 5.  Security Considerations
>>     Operators should note the recommendations in Section 11 of BGP
>>     Operations and Security [RFC7454].
>> SB> You do not address the question of whether there are new
>> SB> considerations, or considerations that are of increased importance?
> It is my understanding that RFC 8092 "BGP Large Communities" are just
> like RFC 1997 "BGP Communities", but ...  larger (for lack of better
> words). Referencing RFC 7454 seems plenteous.
> So, what if there are not any additional considerations, If there were,
> they would've been (or are) covered in RFC 8092's security section,
> right?
> This is an Internet-Draft targetted for Informational status, I'm not
> sure what you expect here.
I was wondering if there was more scope to make mischief at a distance 
in a less
less obvious way than before.

If everyone is happy that there is no additional risk then I am fine, 
but seems to
me the more knobs you give the mischeif maker to turn the more security 
you have.

>> SB> Is there is text somewhere that discusses the integrity and
>> SB> synchronization of the parameters and any consequences that arise?
> the what now? Can you elaborate on the above?
So you rely on the nodes that receive these community strings to 
interpret them in
a common way. Maybe this is an already solved problem, or an known risk, 
but what
if the dictionaries get out of sync?

>> ===========
>> Minor issues:
>> 2.2.  Action Communities
>>     Action Communities are added as a label to request that a route be
>>     treated in a particular way within an AS.  The operator of the AS
>>     defines a routing policy that adjusts path attributes based on the
>>     community.  For example, the route's propagation characteristics,
>>     the LOCAL_PREF (local preference), the next-hop, or the number of
>>     AS_PATH prepends to be added when it is received or propagated can
>>     be changed.
>> SB> Although these are well known to the target audience, I think you
>> SB> need some references in the above para.
> What reference would you suggest? You feel the section 2.2 text cannot
> stand on its own?
As I said I imagine that all readers will know the definition of 
AS_PATH, but normally we give a reference in a documnet like this.

- Stewart