IETF Logo Mail Archive

Re: [Last-Call] secdir review of draft-ietf-6man-spring-srv6-oam

"Zafar Ali (zali)" <zali@cisco.com> Fri, 09 April 2021 06:31 UTC

Return-Path: <zali@cisco.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1B463A10E2; Thu, 8 Apr 2021 23:31:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.917
X-Spam-Level:
X-Spam-Status: No, score=-11.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=G+FP1yh+; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=N7lKxZQj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aeCJRrcOEPsc; Thu, 8 Apr 2021 23:31:41 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95DA63A10AA; Thu, 8 Apr 2021 23:31:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14769; q=dns/txt; s=iport; t=1617949900; x=1619159500; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=6gwjPh4FrHvwDI01T4RTN33I8yBlgj/snC44Xel4TwU=; b=G+FP1yh+pXVgSVfkoE/AetQUNbWshksBicM6ZkQoPXDMsaf3KC7JSxkj SrtqvtbugD+zxa2G+Cb6hlzMeTCl9q72pilvmr2kWRKXW5k5+G3cKb9iD 1AsHAIlhrMwCftNzh6PTjh3kshk1DWqJQ3U23/+kj3p+4Dz+kOxofpk1g Y=;
X-IPAS-Result: A0DzAQBB9G9gmIENJK1aHAEBAQEBAQcBARIBAQQEAQGCEoEjMFF+WjYxCoQ4g0gDhTmILSUDii6KF4R2glMDVAsBAQENAQEqCAIEAQGEUAIXgWACJTgTAgMBAQEDAgMBAQEBAQUBAQECAQYEFAEBAQEBAQEBaIVQDYZEAQEBAQMjHQEBNwEPAgEIDgMDAQIrAgICHxEdCAIEAQ0FGYJYAYF+VwMvAQIMPp81Aoofd4EygQGCBAEBBoE3Ag5BgxkNC4ITAwaBOYJ2gnESPkYBAYZOJxyBSUKBEycMEIJfPoIeQgEBAgGBfQ2CajWCK4FYCWM4MgEDOBkCIoEqFy8BGBGREwSDKodpjHiRBlsKgwuBIYcygRCNYYU4BB+DTYp4liyVFYtqgxaPQBOEVgIEAgQFAg4BAQaBI0ghgVtwFTsqAYI+UBcCDo4fGYNXhRSFRXMCNgIGAQkBAQMJfIsGAYEOAQE
IronPort-PHdr: A9a23:62f+uBShMbYTLQDjX3l1j7QkEdpso0nLVj590bIulq5Of6K//p/rI E3Y47B3gUTUWZnAg9pAjPfQvK2mXnYPst6Ns3EHJZpLURJNycAbhBcpD8PND0rnZOXrYCo3E IUnNhdl8ni3PFITFJP4YFvf8Xm18DgdF1P4LwUmbujwE5TZ2sKw0e368pbPYgJO0Ty6Z746L Bi/oQjL8McMho43IacqwRyPqXxNKIxr
IronPort-HdrOrdr: A9a23:i6LFCK3Aysb+Sp3jm6ppQQqjBfB2eYIsi2QD101hICF9Wvez0+ izgfUW0gL1gj4NWHcm3euNIrWEXGm0z/9IyKErF/OHUBP9sGWlaLtj44zr3iH6F0TFmNJ1/Z xLN5JzANiYNzdHpO7x6gWgDpIEyN6I7KiniY7lvghQZCtBApsQiDtRIACdD0FwWU1iDZ02CJ KT6qN81kSdUF4Qadm2AWRAYvjbq7Tw5dPbSDMlJzpi0gmBiju09KX3eiL54j4yWy5CqI1Sil TtvBf+4syYwpSG4z/ak1Te9pFH3Obmo+EzePCkrugwBnHShh2zZIJnMofy/AwdhO208l4lnJ 3tjn4bTr5OwkjcdG20vhfhsjOIuF1FhhOSqi77vVLZrcP0Xz48AcZa7LgpDyfx0VYqv913zc twrgSknqdXFh/JkWDc4NXFRnhR5zKJiEciiuIagjhjV5IfYtZq3PUi1X5Sea1weB7S2cQCKq 1DHcvc7PFZfRexdHbCpFRix9SqQzAaAgqGalJqgL3X7xFm2FRCi2cIzs0WmXkNsLgnTYNf2u jCOqN00JlTU84ta75nDutpe7r0NkX9BTb3dE6CK1XuE68Kf1jXrYTs3bkz7Oa2PLsF0YU1g5 aEdF9Dr2Y9dwbPBKS1rdh22yGIZF/4cSXmy8lY6ZQ8kKb7XqDXPSqKT01rnNCnp/kZH83HS/ e+MJ9bGJbYXCzTMLcM+ze7d4hZKHEYXsFQkM08QUiyrsXCLZCvtuGzSoeUGJPdVRIfHk/vCH oKWzb+YO9a6FqwZ3P+iB/NH3fkekn1+4NsALHXltJjkbQlB8lpiEw4mF657saEJXlpqaotZn ZzJ7vhj+e8vmm5/WHB6m1zIRpDBkNJ4LHtOkk64TMiAgfRS/Iuqt+fcWdd0D+sPRlkVf7bFw ZZuhBq466tNoeRwiojEtqjNWqfgxIo1Sq3ZqZZvpfGydbue5s+AJpjZbd4Eh/TEQdp3Sxwrn 1YVQMCTkjDNz/nhKm/lqYIDOXHe9QUunbxHedk7Vbk8WSVv4UGW2YSVT/Ga7/nvS8eAx5vwm BX34BaqryagjqrIXY4m40DQS1xQVXSJqlHAgSDbJhTgZbxdmhLPD23rA3frQ0vcWz38EhXoW rtIUSvCK32K2sYnGxE2aD3914xTEGhRgZbb3B3tpAVLxWahl96zfKLaq2v02GYd1sFxaUHPC vYZCYJSzketeyfyASYg3KLG3kg2/wVT5/gJaVmfLfJ1ny3LoqU0akAAv9P5Z5gcMvjq+kRTI ukCkCoBSK9D+MiwAqOoHk5fCFytXk/iPvtsSeVoVSQzTo6AfDIJk5hSKxeK9aA73L8T/LN1J lil9o6sa+xNWr2A+T2hZ3/fnpGKhnJp3SxQPxtoZdIvbgqvL82BoLFS1LzpTl69QR7KN2xmF IVQax97ryEMohzf9YKcyYc+lYyjtyAIEYirwSeOJ5xQXg9y3vAe9+Z6bvBrrQiRleMowb9Il GT+SxQ9fWtZVrI6ZcKT6YrZWhGYkk173pvuP6Yf4rLEQOwaqVN+kG5PnLVSs4VdIGVXbEL6h B07NGDk7XJK2722AXMsSB6JawL+WC9Ws+2CB+NH+kN89HSAyX6voK6pMqoyDHwQn+nbk5dg4 tPf0kZdN5ChTkvl5df6Fn4doXn5kY+10JD6jRmnEP30oeo4G3HDVhLWDep9ql+TH1WKDyUls zL/uiTyWTl7DVE0ZfFEl1MftsmIalncqHnayF0KcYRu7a0/60gxiRbCS1eelIBtA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,208,1613433600"; d="scan'208,217";a="698776516"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Apr 2021 06:31:39 +0000
Received: from mail.cisco.com (xbe-aln-003.cisco.com [173.36.7.18]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 1396VdWp026834 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 9 Apr 2021 06:31:39 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xbe-aln-003.cisco.com (173.36.7.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 9 Apr 2021 01:31:39 -0500
Received: from xfe-aln-001.cisco.com (173.37.135.121) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 9 Apr 2021 01:31:39 -0500
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-001.cisco.com (173.37.135.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Fri, 9 Apr 2021 01:31:39 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L3IJk9ULKG4Ke5Yn3on6iRj58LjmUCtY0IEbaVS0l+GEZ5w5U7G05/fC6pbXe/JmIi+akttnKbQf+rf6jBnPVZy4ijU+lXuLJQbwdFfLAAmInr75uvX5jc/hQdBEkpLCxYQGjXSxz3y9Kt9r18wvdSQRklnrWnUSj5ADjJbD83ma5Ab08tXc6I7r865xlC3sCapF8psl64tZBWbEhyrZOiwZdN5oZDu5W9YNDzOvnpRNcMea5JncQwJIBC6XZ4b4aSoIeZZ/DzHUYV9xcbnERdRGQiEurLSkCmKMboEhgRQfHU1zQcGmLVtelxVOhlWaw/+fDt0WfGJT1uRRe/xdSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6gwjPh4FrHvwDI01T4RTN33I8yBlgj/snC44Xel4TwU=; b=CDk7JusV7VtFnIdAtSFQzxI35Z/+JfcoK6PbIRxG3oOEcFPMxdVI9dA8brwAWvoCeXLAryj45ChOfpH8uHpdz1y5w0r11F1o4HPTBE0yEjYZXz8XYYdt/E5En8rX/QG9zLmQvzRYTO2mVBgw1fgrXojvaaV2gxX1Az59CJkeCkEUc+Ykncum9OPvcVRrz52N5dOvgTsR5foNyiX5DKmoNr0/y2j+viaax3l35o9tQtBd1rSX+VGOeSk2mY47k7tzKnvDVZBGN45B/G5LHogScrqFSJ8ZSWUvwvJI4iz+dN3LFrd3JSUBePMXgLiFNS9zpWkPjOJMcd59sCAit5C/jg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6gwjPh4FrHvwDI01T4RTN33I8yBlgj/snC44Xel4TwU=; b=N7lKxZQjX+Q5IouZGWGNutQ2TBVbzRHwOe23hAHBaXB1zxlZQkuhk1KiaXtOeCDki0EILUyhszIrlWSrwtSW3mXPhAPeXXMs3G++/ZIYDg502NEKj9jm+/VpZ8OgvZ+CB8OBzMeik7hqst8pozPEfqGMJQotoBDO6ZpCRzeP+YE=
Received: from DM6PR11MB4692.namprd11.prod.outlook.com (2603:10b6:5:2aa::11) by DM6PR11MB3146.namprd11.prod.outlook.com (2603:10b6:5:67::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.29; Fri, 9 Apr 2021 06:31:38 +0000
Received: from DM6PR11MB4692.namprd11.prod.outlook.com ([fe80::9156:1513:54bf:2fe3]) by DM6PR11MB4692.namprd11.prod.outlook.com ([fe80::9156:1513:54bf:2fe3%9]) with mapi id 15.20.4020.016; Fri, 9 Apr 2021 06:31:37 +0000
From: "Zafar Ali (zali)" <zali@cisco.com>
To: Dan Harkins <dharkins@lounge.org>, "last-call@ietf.org" <last-call@ietf.org>
CC: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-6man-spring-srv6-oam.all@ietf.org" <draft-ietf-6man-spring-srv6-oam.all@ietf.org>, "Zafar Ali (zali)" <zali@cisco.com>
Thread-Topic: secdir review of draft-ietf-6man-spring-srv6-oam
Thread-Index: AQHXLMGd3yDuQxq5ZkmT+lZUpXaX5qqrd2qA
Date: Fri, 09 Apr 2021 06:31:37 +0000
Message-ID: <3ECFC23D-9375-4CFA-8117-9EABE64CBC65@cisco.com>
References: <e99f57d9-af94-3e49-c982-4a8956a01392@lounge.org>
In-Reply-To: <e99f57d9-af94-3e49-c982-4a8956a01392@lounge.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21031401
authentication-results: lounge.org; dkim=none (message not signed) header.d=none;lounge.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [47.185.233.68]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 92c701e1-5a54-46a5-9c7d-08d8fb212108
x-ms-traffictypediagnostic: DM6PR11MB3146:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB31466B70A449EFEE30186892DE739@DM6PR11MB3146.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: C44JRvfWYl9mySx76e15AVqwAUUIhrvJ51DcJsVSERvYQrKrJqmGzqzPY7XcO/Pua1WLNMx4i/TVuJgP2s/i4cFWZfmPTAdLjRj2r9wwT4X0Ax2urkG+iBZ9gcSlLhd9qWXVDTFVDFutTV6oE1zusf7t6G4DbAhOIgjTMIBmX+L3iOr2q1XbQw3RU//Ojas/SvNm3I7qX+UU+7qsyYHmR2+xEtvNwu9iKzWBlkrZx/mvqTO2t+Ie7KfXfG4XypmJOSsvWFqqFOxkYl/Gf+ogK4LWm4IO3574PUL9qZHA5ekldvwWJorj5dax96aNSHN5T0uadfnAR97fkMuZDGTxSnFdEZdFSuYJVQvtQ3gYtXejP79eV49nkb9gdww7qH+d014Xh+UiA3wtxg5Q1pksDwb41yhXEM+9L/D7W7DKUW0gFmJcPqcdLZuCNEhWWUXifjrJjLTXRbdPr0D/d+PO/XxMHnWardHew2gAYLqt8M8VgBh5LAe4SUeYxIgySZSnpLFMxQDYDYMSCGS8xMZrTIo8OyTM7/WYzAbcJCdAtyseMbqEs1+Vh/GJvaGOnVhpaOnh6TqAMsIwBKvlFxONsTOcDlvfcoIun8IUdwFj5CwEx2g8aDOkZK8NuGX+jCWSLsCWeFWWA9DW6Xt4bo9kTjcWZj6tg3klVrZ4LUDsZ8jZnUkHniPnf5L7BRG5+285DYBMftqcXUXujI9rJiqF8iPjYwHpDlkfPoosURzGS7pLN+IMjnsg0TWfh3ofFHmIkzIx7nczQmsuToY5C2PM6A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4692.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(346002)(366004)(136003)(376002)(39860400002)(8676002)(966005)(33656002)(478600001)(71200400001)(86362001)(76116006)(2906002)(66574015)(6486002)(83380400001)(110136005)(107886003)(316002)(66446008)(66556008)(66476007)(5660300002)(54906003)(64756008)(2616005)(66946007)(53546011)(36756003)(166002)(8936002)(6506007)(4326008)(26005)(9326002)(91956017)(186003)(38100700001)(6512007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: mxYetW/OYUSVdFzUAUz6MZgZsYwzSLXUUK1oIRS911NgCOJxI4+fdd+iMEDIXxwjh6JyneO3ItbjPvSl3WVRgbuA6AssoinjvTToASURW5D0oTzyMUKtjymGMOUSza+N3KsSrwAwY0BJWDtyXlxpR609TlHBk3YNGC76w5pVVeutMJbPKlKeoaLyhsJUy3pUG+EZ+dR1Ql14g58uVUldUKVwcmXb9Wi1CerxjDD4VgxfmO+uD0T9UdZA7aZfH5Ho8NCiaas1ERaJ3CyyGpOda0zonOPE3attqJNHTOMTqjRxWjcbDsSgAGNuYC8tjrw5mhAD2Mxtqh2tFZFhfLWCRJ90LqPFb9CWoXPBeoaGPflo2DaKPAYwkOHegohPp0Nekk+utUaQHOf4nunpYjNN74H53vuNH3DeTk40e+2cS3T1ILsjXRdUSNcaHl/Mz5iUw7x8sLzzXWgODgy9zbLIt4+ZqEUxJRx/YeRZthjrGo+m/u1gBUdlHAoOAiKKQFoVnjjvU9/bOrhbyR+7TBeLDwHuiAzfprtu7vvSW+ONXsTd0p1TgNsDyGMnahTyO79/gNgONuXKIiO5i83nyxXFnuuMOpBaQ9fPDsSpZ+rVQrOJHdP/B8gTi82Z0QGeODbycb8R3P4zE27ZjBK9C/z2i6Ilx0jF/oMlwbjBYBzN5BNqb7B/SBFskT+V1F5ZLS3ruNAiD4e5XUZxHJbW/Q7no1IYBsUjsNdk9NDmrdBsSOBmsmIstxiUino63T5JlDsPsydapLfKjoyb46Zhe7x1LB6JBCfMKNpzb1HhMx0PN75szHys/HRjWyS5WbrHLvTVAz+nG3ImvNhtFq3CEfb2FWEOJEdKrLO9ib5zYkdLTchHMipw30WnkbaaJPnRcSUYgyTRkT3kuAzNLtNYaUzkqcm99JJlvuv7uX8zMOfahSff0RPcoAi4BQnNkLMx2w1VMm6IBqUYTCk+nYKVZfZfQJPl6WO7AKjygnM88O5wDwephQBnI1HMYi74jFmWwwaD+IPytbXV6xa3GSr+Y2eKAfM8tta7nf3mca33gIN6jASU9cFBAdaszyY6zvigdKdWxd7+VVw6uUs3Usmtpsr9IDw7r/IlIMrl/k4zyBTojzKsfYHZsQY7x+7owsMRjFsIO/uKWR5TXR2MXEZAmCrjr5WnkIUXf6VfYXTxzEtpmJvdaQiunH4qyAlnE7cYfBE7E6upWTRV9DRyMBWdzIsvM94tEwcvt0yTNxi1ltl1UQwvFRgxz1EWI0dDN0evy9CBXJjG3263x0pdNfaK0CyUTpk6vD7IcpNRufhAC1CBAvuAYlgv8ALTRAwGTUGIy1yJBM2CVnWNqHi1pAQnsgbe4g==
Content-Type: multipart/alternative; boundary="_000_3ECFC23D93754CFA81179EABE64CBC65ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4692.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 92c701e1-5a54-46a5-9c7d-08d8fb212108
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2021 06:31:37.8953 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OIX8E+tXHTWXx5goS9GZQROzLKt7Be0QJdvl25TgGn03DPXlAeB+0JKyU/1w5yq3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3146
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.18, xbe-aln-003.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/RA4iwdKuDsgzFTwiTkRNM2evBAU>
Subject: Re: [Last-Call] secdir review of draft-ietf-6man-spring-srv6-oam
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Apr 2021 06:31:50 -0000

Hi Dan,

Many thanks for your comments. Greatly appreciated!

As part of additional comments on received during the LC, we were is the process of updating the draft, including the security section.

We just posted rev 10, https://datatracker.ietf.org/doc/html/draft-ietf-6man-spring-srv6-oam-10
The security section has been updated.

Can you please review the updated security section and advise of your comments?

Thanks

Regards … Zafar

From: Dan Harkins <dharkins@lounge.org>
Date: Thursday, April 8, 2021 at 5:53 PM
To: "last-call@ietf.org" <last-call@ietf.org>
Cc: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-6man-spring-srv6-oam.all@ietf.org" <draft-ietf-6man-spring-srv6-oam.all@ietf.org>
Subject: secdir review of draft-ietf-6man-spring-srv6-oam
Resent-From: <alias-bounces@ietf.org>
Resent-To: <zali@cisco.com>, <cfilsfil@cisco.com>, <satoru.matsushima@g.softbank.co.jp>, <daniel.voyer@bell.ca>, <mach.chen@huawei.com>, <otroan@employees.org>, <bob.hinden@gmail.com>, <ek.ietf@gmail.com>, <evyncke@cisco.com>, "ot@cisco.com" <ot@cisco.com>, "ot@cisco.com" <ot@cisco.com>
Resent-Date: Thursday, April 8, 2021 at 5:53 PM


  Hello,

  First of all, my apologies for the tardiness of this review....

  I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is (almost) Ready With Issues.

  This draft defines a flag in the Segment Routing Header that when
set will result a copy of the packet being made and forwarded for
"telemetry data collection and export." That has tremendous security
and privacy implications that are not mentioned at all in the Security
Considerations. The Security Considerations just say that there's
nothing here beyond those described in <list of other RFCs>. I don't
think that's the case.

  Maybe I'm completely missing something but this sounds to me like
it enables what we used to call "service spy mode" on a router-- take
a flow and fork a copy off to someone else. I think there needs to be
a lot more discussion of the implications of this.

  Again, sorry for the tardiness of this review.

  regards,

  Dan.

--
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius

v2.23.0 | Report a Bug | By Email