IETF Logo Mail Archive

Re: Questions regarding the security mechanisms//RE: CRH and RH0

Robert Raszuk <robert@raszuk.net> Fri, 22 May 2020 16:11 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 880BB3A0AD7 for <ipv6@ietfa.amsl.com>; Fri, 22 May 2020 09:11:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2V05ApAp9V7r for <ipv6@ietfa.amsl.com>; Fri, 22 May 2020 09:11:28 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A5743A0AEF for <6man@ietf.org>; Fri, 22 May 2020 09:11:28 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id l25so9650055edj.4 for <6man@ietf.org>; Fri, 22 May 2020 09:11:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5cckVZqWplNoQIBQf+CBAb2LWAZqVcSLbOvs5nVbuHA=; b=eSWgxhIS33EWqgam/6mgS91NJ7X8D6m3QqiI2z42e0jxjjHViR6MjZvEXk6BMQJk+F ncVn2VH6IPXCpz6anPXQNvvhkYR8nOKIHow7lSmSS+DUFfSITebcClkMpNlwK3qf4YN+ ZKGq3yv+BBchDfGakz1WGD2exe6Nf9clf/mmF4XnxWjF3Zw3rFKxC1o43Ar014FJh1GN cF65FRI8KNcaqyd4M0gcxVYA1J/1xC1LTa6lj4TH0ytrpBWDSzre2a7TPVLVQ0jKRQpC MFXKDXMP76ycxmKsgsgOsI5YZB+NhZ3Z+uQiLd9q95RxJBIspNNVxJ17OzZ9aEIXtwmY vdjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5cckVZqWplNoQIBQf+CBAb2LWAZqVcSLbOvs5nVbuHA=; b=OdNQEwQDM6YcLyP20N625XjHtXc2jiX5zV1iMlfcB9ybqpm50FXkZh3ijId+WH5ky7 EFdbJBbY1Hh2a4hyIGcv8pTD0A3t2iKORZWzpIA+diAY/j6Nr00OYZSgy1LHFGoWAwct nT53cOXRMrv/V00XW3a6ZpfwaKUFEsj9Sbg0RqU3O6O/aP8dilPgVSIEcAFqirDqqNhE Bb2NSs2uA6FptsWLIRILqvowGagsdhxLUwfv7Wj5h4Rj38X9WdHpCtETCVsxFcFrGV/s UIsi+iYIvJQUlURXk2o1nENq0gbOk6Udplz8GhR5aOmvGNoc0UdbLk4CHPBhOcdx4KST tSfw==
X-Gm-Message-State: AOAM530LQmO6pVT74xS7pUzIvQlpzFbSYud2Vh/SVybfHpP8b9OSgvGH kA030VZRpT+zzhoJjZCy8TTT4dRvB9o6a+wEA6m3kw==
X-Google-Smtp-Source: ABdhPJz1NWClma3ViE6ELmLO+X7hpet6NRjFVpbvktcpvgpi+nT/KTiaMpK4OvhfDPFBRQHBNAfWj/rF9VYy65P9erE=
X-Received: by 2002:a50:f111:: with SMTP id w17mr3699501edl.41.1590163886419; Fri, 22 May 2020 09:11:26 -0700 (PDT)
MIME-Version: 1.0
References: <23488ea0d4eb474c9d7155086f940dae@huawei.com> <006c01d62aa1$8c195520$a44bff60$@com> <DM6PR05MB634863122645FD4981B97F71AEBD0@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S35thGuTgTmCFozU=3MULW8V95OwA5GdqQ7OGrA-agR7Hw@mail.gmail.com> <891ccad03b484c7386ab527d89143f8c@huawei.com> <87E86EE4-7D6C-49A3-A965-317C3F95A346@juniper.net> <ab0b9d67d294464fb886b9cb5e7639a5@huawei.com> <592214BF-5340-40A6-86C8-430C87AC0171@juniper.net>
In-Reply-To: <592214BF-5340-40A6-86C8-430C87AC0171@juniper.net>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 22 May 2020 18:11:12 +0200
Message-ID: <CAOj+MMFvrCgt0BVEga4CRE6EK6CPwzUzsYCtAKGEXZ5pLrZXtg@mail.gmail.com>
Subject: Re: Questions regarding the security mechanisms//RE: CRH and RH0
To: John Scudder <jgs=40juniper.net@dmarc.ietf.org>
Cc: "Xiejingrong (Jingrong)" <xiejingrong@huawei.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, 6man <6man@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000095c75d05a63ee15e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Gc_ea2bIjZbIPc9yYw3Ql072bNM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2020 16:11:32 -0000

Hi John,

I am afraid any new technology IETF adopts to work on should support a
basic minimum of network functionality.

And while I know some people still depend on IGP or BGP convergence in
their networks - new designs are more and more based on local
protection (node or link).

Therefore it should be in the interest of the authors of the new proposal
to describe how local protection works with their idea. Not the other way
around.

Unless you are questioning the need for local protection all together and
thinking that seconds or minutes of outage is all ok. (Which I do sincerely
hope you do not).

Many thx,
R.


On Fri, May 22, 2020 at 6:01 PM John Scudder <jgs=
40juniper.net@dmarc.ietf.org> wrote:

> I’m not sure if it’s worth pursuing this much farther considering it’s not
> directly applicable to CRH as such. However:
>
> On May 22, 2020, at 11:51 AM, Xiejingrong (Jingrong) <
> xiejingrong@huawei.com> wrote:
> >
> > [XJR] The "complemented per-node protection " is very useful for a
> layered security mode.
>
> I might be convinced if you have reasons for this that address the
> analysis I provided in my own message. However, a bald statement that it’s
> “very useful” without further support doesn’t seem too helpful.
>
> Regards,
>
> —John
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email