IETF Logo Mail Archive

Re: [Last-Call] Secdir telechat review of draft-ietf-idr-bgp-flowspec-oid-14

"Juan Alcaide (jalcaide)" <jalcaide@cisco.com> Tue, 18 May 2021 18:31 UTC

Return-Path: <jalcaide@cisco.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E7343A1CA0; Tue, 18 May 2021 11:31:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.596
X-Spam-Level:
X-Spam-Status: No, score=-9.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=IFvfjOYU; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=AYcubKBY
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8AsKGZY8q9qc; Tue, 18 May 2021 11:31:49 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9F713A1B5D; Tue, 18 May 2021 11:31:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1570; q=dns/txt; s=iport; t=1621362708; x=1622572308; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=lB4jsZw4ZMnY/U55d3WLDjSrHNX+cQIUwXMwetbjz90=; b=IFvfjOYU+QwQ1mtQShwxb+zeR56gzESTNaQWQx0VFSsYWX42qesgU5of UpP6LuxHgPr1mzkAPIBbi/rdFsYgm6AksKFHy+vFa9eAXh9qnw9YISbLR 247qTtX8TYm9Bw+OPZgsoTLuFqKgelKXJdIjKAaZgLhq4iTx1vGWIb9/z s=;
X-IPAS-Result: A0AHAADVBqRgmIUNJK1aGwEBAQEBAQEBBQEBARIBAQEDAwEBAUCBQwYBAQELAYFSUYFYNjELhDyDSAOEWWCIdgOZaoEugSUDVAsBAQENAQE/AgQBAYRPAheBXQIlNAkOAgQBAQEBAwIDAQEBAQUBAQUBAQECAQYEFAEBAQEBAQEBaIVQDYZEAQEBBCMRDAEBNwELBAIBCBEEAQEDAiYCAgIwFQgIAgQBDQUIgmmCVgMvAQOeJAKKH3qBMoEBggcBAQYEBIUfGIITCYEQKgGCeoQOhlonHIFJRIFYgl8+hCsagxU2gi2BWIFWBEOBDxl6DA2Ue6cMCoMWmAWFWxGlPpU3pAcCAgICBAUCDgEBBoFUOIFbcBWDJFAXAg6OHwwNCYNOil1zOAIGCgEBAwl8iwMBgRABAQ
IronPort-PHdr: A9a23:AaE49xfRf615hlWV7Ml7PkZNlGM/r4qcDmcuAtIPhLdHc6Dl9JPnb wTT5vRo2VnOW4iTq/dJkPHfvK2oX2scqY2Av3YPfN0pNVcFhMwakhZmDJuDDkv2f/HvZi0+W s9FUQwt83SyK0MAHsH4ahXbqWGz6jhHHBL5OEJ1K+35F5SUgd6w0rW5+obYZENDgz/uCY4=
IronPort-HdrOrdr: A9a23:ordju6iGRxt1wHUQoGGBhfthrXBQXw913DAbv31ZSRFFG/FwyP rOoB1L73HJYWgqN03IwerwR5VpQRvnhPlICPoqTMmftW7dySqVxeBZnMXfKljbexEWmdQtrp uIH5IObeEYSGIK8foSgzPIU+rIouP3ipxA7N22pxwGIG0aCNAD0+46MHfnLqQcfnghOXNNLu vl2iMxnUvYRZ14VLXeOlA1G8z44/HbnpPvZhALQzQ97hOVsD+u4LnmVzCFwxY3SVp0sPQf2F mAtza8yrSosvm9xBOZ/XTU9Y5qlNzozcYGLNCQi/ISNi7nhm+TFcZcsvy5zXUISdOUmREXee r30lEd1gNImirsl1SO0F/QMs/boW4TAjHZuASlaDDY0L3ErXoBerp8bMRiA0HkA45KhqAh7E qNtFjp6qa/RCmw7xjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklXavoMRiKo7zPKt MeRv00JcwmB29yZEqp8lWHAObcFkjbOy32DXTqlvblpwS+rUoJhnfwnvZv60vo3KhNPKWsyd 60QJhVqA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,310,1613433600"; d="scan'208";a="740719731"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 May 2021 18:31:47 +0000
Received: from mail.cisco.com (xbe-rcd-005.cisco.com [173.37.102.20]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 14IIVlZs019616 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 18 May 2021 18:31:47 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xbe-rcd-005.cisco.com (173.37.102.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.15; Tue, 18 May 2021 13:31:46 -0500
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 18 May 2021 14:31:45 -0400
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Tue, 18 May 2021 13:31:45 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=biTvIuexJ6WmOyyT+gFfjyoGvc7SvRC7v58VWPOST7JhsROoxKD+Wb4UnX1WY5MeXs/lQ3lgswaY8LPyL+PjfbmbR9rShF/UAUK/nzyPl65Digu7JUi4NOmSO7D7Zc1tzdjv/xeUGcNuTjNJVl2oQmER8s9b3nk0unBFTaqzrOM7e0ZoAlSjHb9Qof/0+mT4lFyRapkEmdWyK4IhvVDhfUxhzXdgZWO/SKDp8TvWhvOApFGHtsjxwVIujs6QvxBTfnjZPzax32gyKwHbESPGuDiKsJq970L0QuaVysNCo22LKgyal8RXnAzTwwLTXNbZ0ax/wZquYNxsTBW7tijeiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lB4jsZw4ZMnY/U55d3WLDjSrHNX+cQIUwXMwetbjz90=; b=cQj2XU++uzm3JbSq2jdaivPu6Lx8fS5Hedwy1d6cXYlZswCY5W1AgmuLoADNhoIbCij7Cl/SYLCt3Q4wDNwLH5USMBB93Zrwds9ZcEwMUBXHSPyZpOT9e15+HMZbJMcInSuHSVnx3C5SlG0cE+yiCWOSdq+9O6K7Vg5lCP0xbemNsWDd/iG5Bl5WhZ7P/mf9mRGoHnCqVMXrq9N/COFkPGOd5oXQFQXcyaUp4L8okgdXO081lJopVBq774WoX60vBfiZ+Grbkw8WOfq5tgtjLg42WjMfEENLacSUBN2UWQ7c5+/pZdZ2P2UIMQovR0FYD+Up9WhavwjyhCCFrR742w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lB4jsZw4ZMnY/U55d3WLDjSrHNX+cQIUwXMwetbjz90=; b=AYcubKBYr2dwDCHrVWkGqnEgTJpy/0JFVJC5KHnn9+BW7h4J/7prsnAzH3/v7gM6rVLvzJoxIkTrYsKDjeoK8d4kUxWA5rKaRTALquXu6bPvQdVLRrna7w/jX6wonFd9YQNMDXJ8Uu8FtzjR5wjJ8HQRzudpXLjuar9jAnM/1M4=
Received: from BL1PR11MB5416.namprd11.prod.outlook.com (2603:10b6:208:319::22) by BL1PR11MB5239.namprd11.prod.outlook.com (2603:10b6:208:31a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.26; Tue, 18 May 2021 18:31:44 +0000
Received: from BL1PR11MB5416.namprd11.prod.outlook.com ([fe80::95e1:5bbb:188a:1aed]) by BL1PR11MB5416.namprd11.prod.outlook.com ([fe80::95e1:5bbb:188a:1aed%7]) with mapi id 15.20.4129.031; Tue, 18 May 2021 18:31:44 +0000
From: "Juan Alcaide (jalcaide)" <jalcaide@cisco.com>
To: Magnus Nystrom <magnusn@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-idr-bgp-flowspec-oid.all@ietf.org" <draft-ietf-idr-bgp-flowspec-oid.all@ietf.org>, "idr@ietf.org" <idr@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Secdir telechat review of draft-ietf-idr-bgp-flowspec-oid-14
Thread-Index: AQHXS5NNB9w8FFwMXUKOXI3DxAHAdarpkMQw
Date: Tue, 18 May 2021 18:31:44 +0000
Message-ID: <BL1PR11MB5416DC3632E638E47BDEC4B3CD2C9@BL1PR11MB5416.namprd11.prod.outlook.com>
References: <162130739076.21940.5228836987347937240@ietfa.amsl.com>
In-Reply-To: <162130739076.21940.5228836987347937240@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [83.38.90.229]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 32699b3c-f5c3-4a18-8ea0-08d91a2b306d
x-ms-traffictypediagnostic: BL1PR11MB5239:
x-microsoft-antispam-prvs: <BL1PR11MB5239255C57A948F01D33A0CECD2C9@BL1PR11MB5239.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cZmjeKuUlMzNnsCnB+LXe+sHIVeqdOZkNKRat4o99irlZIT/v+Vjl8c5CljJ3XupJ+JDnoFDUSLAf7NURIDd+MRDuxhQJ4Ur4eXK62D6Oh1+GGzkJGIMeNiVHpnG95/BxiB1UjCa8s0uqZlJUSenwdeZbgr41x4ey68OBS4R0his50Rwo/3OCokDDqaHwJdQxePSb+ZcbKS1p++0YJdKywVUOFQ2ydO5B9+JyZfOJET0qdgVpZXZ1V03mA7fRuHGSIc132M5dbkcjHLM1OcdwAP/prKG9ALNFaDOWVk/toHFtWWbivpHK73u3zsXyFam9JdLp80xcSnXYEvxJS29oW6TNe8tKr2nv21m5BWWdYmHJDEtFfbP2dMA0R+KikYyrodwr1YSxdp2o3msl3IKeO6LV8nEWm0a5yXnVUyDF2ubvcbydwcYZlg04/o7bHCJeS+3fWdMVZLVkbEtPEOHjKD46TJtGth6/m4qufdTp13SIk+ksQonUACTTBNjPZ8vv2kZ7M8xn2qHa/98xJGYhV/HMt3oTi/dqcGmesu1SARRLor++0MfScbhKFYIofj8uImkhTqrCueLSKZoBOh+0YdhI5qh499IDJ5Fw8lqUUY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL1PR11MB5416.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(39860400002)(396003)(366004)(136003)(4326008)(55016002)(9686003)(6506007)(53546011)(186003)(33656002)(38100700002)(122000001)(316002)(5660300002)(2906002)(478600001)(52536014)(110136005)(54906003)(8676002)(83380400001)(8936002)(26005)(7696005)(66946007)(66446008)(76116006)(64756008)(66556008)(66476007)(71200400001)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: +xmZ9ULRoJvfrkZFrYeAzGKHBXqXiG94apjD+ulL9CCQBp57u10uI3Lw3isbMfoD/q1e+zNpsmpUlSP6q6bQ0ga+CbuV9hN+8V/xsG2ZkOfK888Rbi6J2U9zHaDxgnzYLOos78FVwjL8OEPfyzw2GDyhXSjmer+zsR335P+viahiJRaTfwiXvlUGK0c1zxDMOJIfUpnnJydw7b6Hkdg8QIwLVpWAzKPEMKtqA745tv4FgwEmN/9y1YoazvtHpJGVlnwj6KxAQf4sBK8PKoZwsLP6SY6js4TmHDn41qXYJqxc+Norpvmz4nIreXGZGaHdFlABEXC/kP9YzWu5DDNq0jJCmT7tRPE33sEPF2iTc6I1ozCRo2BOrDBmw25EgdQmaWdt4HjU5v3vs+wUc8HtgPNQt80LW2qbac5lKXHsCmaZEAmb+aEDGANMlwdmwoHlIs8BSHi+tFauGoyVi1rA9DuvhpXHgu4wwcZdXwTE0OEtFyKNLK0U8W7EqPFPAnxFI2rYmHhA+2Vv93iJ8pCGFrih6V31ilgX4ULBESPUdiIk8qPRIAfLJA9Tk9VSJ1h38TL+E3yrVz0soCLUAFVzpH5Z4YTm/S0XlV8/XY/PNxdKUjYAOK597XXTFXACzu7EjEiFpaC4LPmKQDcNqSZ64886yS1A6fl2n0wPGjqWWbGuAgC7FZQDDcfYTKOVdgVhAVgzICSPF2g5LmfqS/ef2vmII515aF1kH+6wD3JCYKqkgHgwZhedqr7MGUodjN9CoYp7DOgm7m0/GwyyZRV/0o5vZMGyGwIlPjb/SnHuA3wl6gp92ZpCz3JTI+UM/hkxvj3Iyv1ucGfbuguZ/nfzwcDeTj38gkw4/4gIwOTGqr4UBEqDrDrTYX4E7Q++5RzzxYRCY2rQi2RWhyH2mAB7HMS9DLSIcFK4NtXR+9D86nPRreCTWcSf6cId/UyVIufKGAvOcAhR/OzQ1mwc1W6UgX62GfUEA9EpQbYsS7npeOShMFqHE5aou49KsYqUwcbS1A830WkyFxVYl9hg/7KL0F4SaIt5gj0wMIR8FMkpaaX8qiJOxhPF99TTII/+o9pOrYGDrMsWHCougB5XFhawPVryQ/MyLyNnixZlJALR+QLrm718UDV25Z4vz9o2CeezvCFJ5vDr5GR7ru+ijr+8MZZ78l2efur5BYRoNZlwrmtdx7bHdU3pZSHZxAF6SP+hRFIsq3YVdb8hNyacnNE7vIbqpUsp2NReFOz2HzKV53tNDKdijYEh9hVxIGxIkWJfL2135XOX9xGttzWa6pD5dBaZHyeSFwWa79/ycPaDc8s=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL1PR11MB5416.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 32699b3c-f5c3-4a18-8ea0-08d91a2b306d
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2021 18:31:44.6982 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DzOQ5J0kQNMQ9SKnPvvXcMqdldWhW6M/bIQ37yASvx2uMaPXnL0lpjlPlUWl1cbVks+nDGPUT/nHMnpZ2KkJ7w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5239
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.20, xbe-rcd-005.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/HYugsneAeFIW74E1og8-NhfcU9A>
Subject: Re: [Last-Call] Secdir telechat review of draft-ietf-idr-bgp-flowspec-oid-14
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2021 18:31:54 -0000

Thanks Magnus,

Based on several feedback, I plan to modify that paragraph as:

"
   If configuration (or other means beyond the scope of this document) 
indicates that the peer is not a route server, that optional rule 
SHOULD be enforced. If the indication is that the peer is not a route server or there is no conclusive indication, that optional rule SHOULD NOT be enforced.
"

Hope it's good

-J

-----Original Message-----
From: Magnus Nystrom via Datatracker <noreply@ietf.org> 
Sent: Tuesday, May 18, 2021 5:10 AM
To: secdir@ietf.org
Cc: draft-ietf-idr-bgp-flowspec-oid.all@ietf.org; idr@ietf.org; last-call@ietf.org
Subject: Secdir telechat review of draft-ietf-idr-bgp-flowspec-oid-14

Reviewer: Magnus Nystrom
Review result: Has Nits

I was asked to re-review -14 after my review of -13. I'd like to thank the authors for making updates based on my review of -13. The only additional suggestion I have is to ad a clarifying statement after the sentence "If the condition of the peer is unknown, the rule SHOULD not be enforced" along the lines of "As mentioned above, this does represent a security risk."

v2.23.0 | Report a Bug | By Email