[ippm] Roman Danyliw's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 26 October 2022 02:21 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: ippm@ietf.org
Delivered-To: ippm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5AAC14F74E; Tue, 25 Oct 2022 19:21:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-ippm-ioam-conf-state@ietf.org, ippm-chairs@ietf.org, ippm@ietf.org, marcus.ihlar@ericsson.com, marcus.ihlar@ericsson.com
X-Test-IDTracker: no
X-IETF-IDTracker: 8.19.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <166675086250.47604.7864402101541987293@ietfa.amsl.com>
Date: Tue, 25 Oct 2022 19:21:02 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/MMcT7U-oQzdnhuMee97rV0YSgpM>
Subject: [ippm] Roman Danyliw's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2022 02:21:02 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-ippm-ioam-conf-state-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-conf-state/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 6. A deployment can increase security by using border filtering of incoming and outgoing echo requests/replies. Thanks for calling out the security impact of echo request/replies. Since the cited RFC9197 reminds the reader that a “network operator is expected to enforce policies that prevent IOAM traffic from leaking outside of the IOAM-Domain”, why is this guidance not mandatory? Would the following text be more appropriate? NEW A deployment MUST ensure that border filtering drops inbound echo requests with a IOAM Capabilities Container Header from outside of the domain, and drops outbound echo request/replies with IOAM Capabilities Headers leaving the domain. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Chris Lonvick for the SECDIR review. Section 3.1. Typo. s/begining/beginning/ Section 6. Typo. s/securiy/security/
- [ippm] Roman Danyliw's Discuss on draft-ietf-ippm… Roman Danyliw via Datatracker
- Re: [ippm] Roman Danyliw's Discuss on draft-ietf-… xiao.min2
- Re: [ippm] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [ippm] Roman Danyliw's Discuss on draft-ietf-… xiao.min2
- Re: [ippm] Roman Danyliw's Discuss on draft-ietf-… xiao.min2