IETF Logo Mail Archive

Re: Questions regarding the security mechanisms//RE: CRH and RH0

Robert Raszuk <robert@raszuk.net> Fri, 22 May 2020 17:27 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B956F3A0C4E for <ipv6@ietfa.amsl.com>; Fri, 22 May 2020 10:27:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wjmh9tGH1FN7 for <ipv6@ietfa.amsl.com>; Fri, 22 May 2020 10:27:57 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB61B3A0B8F for <6man@ietf.org>; Fri, 22 May 2020 10:27:56 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id n24so13901787ejd.0 for <6man@ietf.org>; Fri, 22 May 2020 10:27:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Qo9cGto4rro2tDfBtMC5zYsGuGUECBOBrueM+MpXnXw=; b=Gqgvnwai8WeyHhINPAD5EHO9z8Txl6HgEZShFAI9a6mArqNxTbgY132oySiZ3hT1nc gpA56zgsg/iGUkLO90+DH5Bd+bK/dqkfeifZYuYvJdYWSwkeDui3Xfm8KKrbx8aVbbM2 3dufHq9V7GCI4g+2lsFVs5/UVGJXI+aIQNjaYOqBXkcLRwT3ndPLOPfVI10FgPnVnYZ9 geGQa2gGt5dOP6fQA4/6/x4a98P5xip++xjEiNsigK1aivTaqB34/GOLpNx+dXofm0YL GwBBQISyY1qq4sZR+B0fyyn+borFojYl0dymZRnOsmABpw+TrZy7CTNG6jS9gTUQle+z T80A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Qo9cGto4rro2tDfBtMC5zYsGuGUECBOBrueM+MpXnXw=; b=TuLRglnEkME6r9QNNv1UhuTeuLBMkKOJvTqpyubkAdYMqId5aSc/CWmNXDCeOQmBk7 7iQfMDFYZdRcsvBp8/tsF1HmUXjk9EHErJIbgmHtI1qKO1A0iMXfwX+45qesOGGF+25R TS1h4lwz91QGmeS57UDyB1RYjRZJdRECWU9qU+VSLg0huZj8eYy+gG2AIrEWt5+bQiVP /GTsPt0pWZKb52AsSv2eVXZtrlDvp9wML3Cxmi8mVxEgw6TAZ+JcYKi/y3E1SINNSb0m B1idxetWGy2WzRyteZOQKVKPzwGfHAMJUc1gxwTRHS2hnc5G44r+M8g5Lk546gFBJjnf N8Fw==
X-Gm-Message-State: AOAM5336f5RuaW852/emqfcIn3b/6EeY0jrhJ6K6wqDyqmmVPh7wqjMn myeIm/ODUaQigk/KvJoDnQDpZssPQdbKXAc9RU3nFw==
X-Google-Smtp-Source: ABdhPJw7vaELUjkC0jmNF4zI5lVpOXiqfatRvdy324HRChbF97Wv7kfbeR52p2QjkeABgPllf4+kpTE27R+zrYOHo1I=
X-Received: by 2002:a17:906:d86:: with SMTP id m6mr9409001eji.470.1590168475307; Fri, 22 May 2020 10:27:55 -0700 (PDT)
MIME-Version: 1.0
References: <23488ea0d4eb474c9d7155086f940dae@huawei.com> <006c01d62aa1$8c195520$a44bff60$@com> <DM6PR05MB634863122645FD4981B97F71AEBD0@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S35thGuTgTmCFozU=3MULW8V95OwA5GdqQ7OGrA-agR7Hw@mail.gmail.com> <891ccad03b484c7386ab527d89143f8c@huawei.com> <87E86EE4-7D6C-49A3-A965-317C3F95A346@juniper.net> <ab0b9d67d294464fb886b9cb5e7639a5@huawei.com> <592214BF-5340-40A6-86C8-430C87AC0171@juniper.net> <CAOj+MMFvrCgt0BVEga4CRE6EK6CPwzUzsYCtAKGEXZ5pLrZXtg@mail.gmail.com> <5D82212D-463A-4CB4-8B2D-C4D26E92F245@juniper.net>
In-Reply-To: <5D82212D-463A-4CB4-8B2D-C4D26E92F245@juniper.net>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 22 May 2020 19:27:45 +0200
Message-ID: <CAOj+MMEA_Su048iPAnrNz+cHt-cVuEdpSV49dFSjno1wYeJO6A@mail.gmail.com>
Subject: Re: Questions regarding the security mechanisms//RE: CRH and RH0
To: John Scudder <jgs@juniper.net>
Cc: "Xiejingrong (Jingrong)" <xiejingrong@huawei.com>, Ron Bonica <rbonica@juniper.net>, 6man <6man@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000001aae5805a63ff31a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Evnox_N9ox3tHGWVit-smozuamA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2020 17:27:59 -0000

Does this mean that I can not fork such "conversation" and ask about
connectivity restoration with CRH ?

R.


On Fri, May 22, 2020 at 7:12 PM John Scudder <jgs@juniper.net> wrote:

> Hi Robert,
>
> Your comments have no relevance to the conversation I’m having with
> Jingrong. You’ve completely misunderstood, we are talking about security.
>
> —John
>
> On May 22, 2020, at 12:11 PM, Robert Raszuk <robert@raszuk.net> wrote:
>
> Hi John,
>
> I am afraid any new technology IETF adopts to work on should support a
> basic minimum of network functionality.
>
> And while I know some people still depend on IGP or BGP convergence in
> their networks - new designs are more and more based on local
> protection (node or link).
>
> Therefore it should be in the interest of the authors of the new proposal
> to describe how local protection works with their idea. Not the other way
> around.
>
> Unless you are questioning the need for local protection all together and
> thinking that seconds or minutes of outage is all ok. (Which I do sincerely
> hope you do not).
>
> Many thx,
> R.
>
>
> On Fri, May 22, 2020 at 6:01 PM John Scudder <jgs=
> 40juniper.net@dmarc.ietf.org> wrote:
>
>> I’m not sure if it’s worth pursuing this much farther considering it’s
>> not directly applicable to CRH as such. However:
>>
>> On May 22, 2020, at 11:51 AM, Xiejingrong (Jingrong) <
>> xiejingrong@huawei.com> wrote:
>> >
>> > [XJR] The "complemented per-node protection " is very useful for a
>> layered security mode.
>>
>> I might be convinced if you have reasons for this that address the
>> analysis I provided in my own message. However, a bald statement that it’s
>> “very useful” without further support doesn’t seem too helpful.
>>
>> Regards,
>>
>> —John
>
>
>

v2.23.0 | Report a Bug | By Email