IETF Logo Mail Archive

Re: [ippm] Roman Danyliw's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS and COMMENT)

xiao.min2@zte.com.cn Wed, 26 October 2022 07:36 UTC

Return-Path: <xiao.min2@zte.com.cn>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D52D0C14CE41; Wed, 26 Oct 2022 00:36:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dZ1f3nbdVhnS; Wed, 26 Oct 2022 00:36:09 -0700 (PDT)
Received: from mxhk.zte.com.cn (mxhk.zte.com.cn [63.216.63.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFA2FC14F72A; Wed, 26 Oct 2022 00:36:06 -0700 (PDT)
Received: from mse-fl2.zte.com.cn (unknown [10.5.228.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxhk.zte.com.cn (FangMail) with ESMTPS id 4My0wj0Ts0z8RTZM; Wed, 26 Oct 2022 15:36:05 +0800 (CST)
Received: from njxh01app01.zte.com.cn ([10.41.132.205]) by mse-fl2.zte.com.cn with SMTP id 29Q7ZtXF099064; Wed, 26 Oct 2022 15:35:55 +0800 (+08) (envelope-from xiao.min2@zte.com.cn)
Received: from mapi (njxh01app01[null]) by mapi (Zmail) with MAPI id mid201; Wed, 26 Oct 2022 15:35:57 +0800 (CST)
Date: Wed, 26 Oct 2022 15:35:57 +0800
X-Zmail-TransId: 2af96358e35d77a1d75d
X-Mailer: Zmail v1.0
Message-ID: <202210261535570590272@zte.com.cn>
In-Reply-To: <166675086250.47604.7864402101541987293@ietfa.amsl.com>
References: 166675086250.47604.7864402101541987293@ietfa.amsl.com
Mime-Version: 1.0
From: xiao.min2@zte.com.cn
To: rdd@cert.org
Cc: iesg@ietf.org, draft-ietf-ippm-ioam-conf-state@ietf.org, ippm-chairs@ietf.org, ippm@ietf.org, marcus.ihlar@ericsson.com
Content-Type: multipart/mixed; boundary="=====_001_next====="
X-MAIL: mse-fl2.zte.com.cn 29Q7ZtXF099064
X-Fangmail-Gw-Spam-Type: 0
X-FangMail-Miltered: at cgslv5.04-192.168.250.137.novalocal with ID 6358E365.000 by FangMail milter!
X-FangMail-Envelope: 1666769765/4My0wj0Ts0z8RTZM/6358E365.000/10.5.228.133/[10.5.228.133]/mse-fl2.zte.com.cn/<xiao.min2@zte.com.cn>
X-Fangmail-Anti-Spam-Filtered: true
X-Fangmail-MID-QID: 6358E365.000/4My0wj0Ts0z8RTZM
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/88fDUArPNQxJ-S-kc8TrK63-xLU>
Subject: Re: [ippm] Roman Danyliw's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2022 07:36:10 -0000

Hi Roman






Thank you for the review and thoughtful comments.


Please check inline the proposed changes that will be incorporated into the next revision.





Best Regards,


Xiao Min







Original



From: RomanDanyliwviaDatatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>;
Cc: draft-ietf-ippm-ioam-conf-state@ietf.org <draft-ietf-ippm-ioam-conf-state@ietf.org>;ippm-chairs@ietf.org <ippm-chairs@ietf.org>;ippm@ietf.org <ippm@ietf.org>;marcus.ihlar@ericsson.com <marcus.ihlar@ericsson.com>;marcus.ihlar@ericsson.com <marcus.ihlar@ericsson.com>;
Date: 2022年10月26日 10:21
Subject: Roman Danyliw's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS and COMMENT)


Roman Danyliw has entered the following ballot position for
draft-ietf-ippm-ioam-conf-state-07: Discuss
 
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
 
 
Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/  
for more information about how to handle DISCUSS and COMMENT positions.
 
 
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-conf-state/
 
 
 
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
 
Section 6.
 
   A deployment can increase security by using border filtering of
   incoming and outgoing echo requests/replies.
 
Thanks for calling out the security impact of echo request/replies.  Since the
cited RFC9197 reminds the reader that a “network operator is expected to
enforce policies that prevent IOAM traffic from leaking outside of the
IOAM-Domain”, why is this guidance not mandatory?
 
Would the following text be more appropriate?
 
NEW
A deployment MUST ensure that border filtering drops inbound echo requests with
a IOAM Capabilities Container Header from outside of the domain, and drops
outbound echo request/replies with IOAM Capabilities Headers leaving the domain.
 [XM]>>> Yes, I think the text proposed by you is more appropriate. Typo s/a IOAM Capabilities/an IOAM Capabilities.
 
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
 
Thank you to Chris Lonvick for the SECDIR review.
 
Section 3.1.  Typo. s/begining/beginning/
 
Section 6.  Typo. s/securiy/security/
 [XM]>>> OK, will fix. Thank you for catching them.

v2.40.4 | Report a Bug | By Email | System Status