IETF Logo Mail Archive

Re: [lisp] Roman Danyliw's Discuss on draft-ietf-lisp-pubsub-13: (with DISCUSS and COMMENT)

"Alberto Rodriguez-Natal (natal)" <natal@cisco.com> Thu, 16 February 2023 15:12 UTC

Return-Path: <natal@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 627EFC19E112; Thu, 16 Feb 2023 07:12:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.596
X-Spam-Level:
X-Spam-Status: No, score=-9.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="PrQx2DW3"; dkim=pass (1024-bit key) header.d=cisco.com header.b="VriHmmIu"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tZIwQR0aPpwi; Thu, 16 Feb 2023 07:12:47 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21E4FC17EE11; Thu, 16 Feb 2023 07:12:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20581; q=dns/txt; s=iport; t=1676560367; x=1677769967; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=rqSOw63nM7fQtgyPHBEtbdQJmr0bCV/rm2fbaGahehE=; b=PrQx2DW3NbEYqw/cCX7SytVxYgvqmWAGURsV2T8MY8JM7fMSGS/4rSP6 9+4VAZQlIlzy3baafuuIvSQAZSnyYhRduNk3ESC2MXOXsxyKkyh8Dlo3g 2426o/JpuBJpugZbhgA2sJzlBi86ysAv439I4ed++cJDu6xpO7XhQO+Is E=;
X-IPAS-Result: A0ADAAAUR+5jmJBdJa1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIE7BQEBAQELAYEpMSoogQcCWTpGiB4DhFBfiCIDkQuGJIE3gzGBLBSBEQNWDwEBAQ0BATsJBAEBghqCcwKFKgIlNAkOAQIEAQEBAQMCAwEBAQEBAQMBAQUBAQECAQcEFAEBAQEBAQEBHhkFDhAnhWgNhlUBAQEBAxIuAQE3AQ8CAQgOAwMBAg0iMh0IAgQBDQUIEweCBFgBghaBDAMBD0ScAAGBPwKKH3iBNIEBgggBAQYEBIE4ARVBnRADBoFAAYkSg2iBfYIzJxyCDYEVQ4JnPoJiAQEDgSgBCwEGAQcCGh4Ng2SCLo5gh0IKgTR2gSQOgUKBCQIJAhFxgRYIbIFyBzYDRB1AAws7Oj81CwskBQQ8AQUCDx82BgMJAwIhS4EcJAUDCxUqRwQINgUGGjQRAggPEg8GJkQOQjc0EwZcASkLDhEDUIFIBC9EgSECBAEoJpdjghBqBA0VDQwYFDswBAI+CAwUAQwKAQEPFAUHCJJdEAEJjhiOJJJYCYEtCoN3i2KPD4YfFoN5jGKGaZEOYpdVIIIuiwSUWTMLDYR4AgQCBAUCDgEBBoFiOmtwcBWCbgEBATFSGQ9djUMZHoM7hRSPQ3U7AgcLAQEDCYgXASeCMQEB
IronPort-PHdr: A9a23:a45LaRXgZ0MV3fHQNa1Gz8d6RYDV8K36AWYlg6HPw5pCcaWmqpLlO kGXpfBgl0TAUoiT7fVYw/HXvKbtVS1lg96BvXkOfYYKW0oDjsMbzAAlCdSOXEv8KvOiZicmH cNEAVli+XzzMUVcFMvkIVPIpXjn5j8JERK5Pg1wdYzI
IronPort-Data: A9a23:WuFyMa4oCSr0zQUZUjvACgxRtAbHchMFZxGqfqrLsTDasY5as4F+v jEfXD3UOanZY2Lzc4hwOtzl8BsOvcSDy4RhHQplpCBmZn8b8sCt6fZ1gavT04J+CuWZESqLO u1HMoGowPgcFyOa/lH3WlTYhSEUOZugHtIQM8aZfHEuLeNYYH1500k7wbdn2tcAbeWRWmthh /uj+6UzB3f9s9JEGjp8B3Wr8U4HUFza4Vv0j3RmDRx5lAa2e0o9UPrzEZqMw07QGeG4KAIVq 9Hrl9lV9kuBl/sk50jMfrzTKiXmSZaKVeSCZ+Y/t6WK2nB/SiIOPqkTMPY5Yhl4rxWzrfdN0 op8qoK+aA5xF/iZ8Agde0Ew/yBWJ6ZK/vrMJmKy9JzVxEzdeHyqyPJrZK00FdRHoaAsXicfr rpBdGxlghOr34paxJq9Q/VlguwoLdLgO8UUvXQIITTxU697HsySHfWiCdlw3SxvhPtXRdLnV uE0Z2NzNg/aOzBNAwJCYH45tL742iagG9FCk3qaqrof7GnczRw31rXxWPLRe8eSbcRYgkjeo XjJl0z9AwoCcdefwDuf6Vqti/PB2yThV+o6GKex+OIvgVCPyCkXCQYOEEOmq+KkgGa/Vs5Rb UsO9UIGrKUp+2SqQ8XzGRqirxaspBIQc9FdCfF87xuCopc4+C6DDWQCCzVGctFj5Ik9RCch0 RmCmNaB6SFTXKO9TX64/em7iROICw8pNzAzejEKbAJdyoy2yG0stS7nQtFmGa+zq9T6HzDs3 jyHxBTSYZ1O0abnMI3moTj6byKQSovhFVFqu12GNo6xxkYoO97/Pt3ABU3ztK4YdO6kok+9U G/ocvVyAcgUBp2L0SeKWuhITPei5u2ON3vXhlsH83gdG9aFpy7LkWN4uWEWyKJV3iAsImaBj Kj74ls52XOrFCH2BZKbmqroYyjQ8YDuFM7+StffZcdUb556eWevpX8xOxLAgjC2wBJ1wcnT3 Kt3l+7xUx727ow6klKLqxs1itfHOwhnnzqIHMCnp/hZ+erGPhZ5tovpwHPXPrxms8toUS3e8 s1UMIOR2g5DXejlChQ7AqZNRW3m2UMTXMisw+QOL7brClM/RAkJVaSLqZt/INMNokigvrqSl p1LchUGmAOXaLyuAVjiV02Pn5u1Bswi8ytlZnJ3VbtqslB6CbuSAG4kX8NfVdEaGCZLlJaYk 9Ftlx28P8ly
IronPort-HdrOrdr: A9a23:bcJq/KkxQUXGDLlRILt+LyWXvTfpDfOSimdD5ihNYBxZY6Wkfp +V8sjzhCWatN9OYh0dcIi7SdW9qXO1z+8Q3WBjB8bcYOCGghrkEGgG1+rfKlLbalXDH4JmpM Vdmu1FeaDN5DtB/IrHCWuDYq0dKbC8mcjC74q/vhRQpENRGttdBmxCe2Gm+zhNNXB77O0CZf yhD6R81l+dUEVSSv7+KmgOXuDFqdGOvonhewQ6Cxku7xTLpS+06ZbheiLokSs2Yndq+/MP4G LFmwv26uGIqPeg0CLR0GfV8tB/hMbh8N1eH8aB4/JlZAkEyzzYJbiJaYfy/wzdk9vfqmrCV+ O85ivICv4Dq085uFvF5ScFlTOQlwrGoEWSt2NwyUGT0PARAghKTfaoQeliA0PkA41KhqAk7E sD5RPoi7NHSRzHhyjz/N7OSlVjkVe1u2MrlaoJg2VYSpZ2Us4YkWUzxjIiLH47JlOy1Kk3VO 11SM3M7vdfdl2XK3jfo2l02dSpGnA+BA2PTEQOstGcl2E+pgEy82IIgMgE2nsQ/pM0TJdJo+ zCL6RzjblLCssbd7h0CusNSda+TmbNXRXPOmSPJkmPLtBNB1vd75rspLkl7uCjf5IFiJM0hZ TaSVtd8XU/fkr/YPf+q6GjMiq9NFlVcQ6dv/22vaIJyYEUbICbQxG+dA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.97,302,1669075200"; d="scan'208,217"; a="61574968"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Feb 2023 15:12:46 +0000
Received: from mail.cisco.com (xfe-rtp-004.cisco.com [64.101.210.234]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 31GFCjvM018999 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 16 Feb 2023 15:12:45 GMT
Received: from xfe-rcd-004.cisco.com (173.37.227.252) by xfe-rtp-004.cisco.com (64.101.210.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Thu, 16 Feb 2023 10:12:44 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Thu, 16 Feb 2023 09:12:44 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oCoFZQVpO1h/vNdnbYk/j1vU3N9UujttWmtFoEGiJXWbM+Gu7nQAbt4TACyTQAxrmuJeuF7TsEk0MCxW/7xSwj6JY1o4BoBL+3NMEp0JDP2MgQrfCDycMujX9KuC1tcRR2AvhlEj1epggbiBiHXPa8neDQdQvcj6tBs7QXyoxcGZU0WLl36U+ACzrrO+XvGjn/bpL+CGK/O6Ap6YzT7ufXdQr2B+91m+Fl3LgtBEzbmIYmBv4a2IEf5/KchGKbHmPQmIbyZPydYv/CGaIzNk7ZUcjYsKMcx2yd3dJkr3DA5lh92wGIHTM063nvTjeYDph/wVVYERpb2DikIqGmk1Fw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+tthkD0GxUSbMDFf7FscVZTRiOuR5IYXllHhbr/xXqY=; b=hTx2pS0pRUyXC6Xym5vkMlLklV2N4e0otW3VEGWEx6UxpzflF12wtiDlC4i5+iLpVxdyeEoEBgpyBcCqAfVgPuZ8e8KwKiAaA0OKMFwhASh0yPPt8uVLjXUe1MPY92CCsNkiFOoUmrPP/ktZbpZ8cDM0szg7MAEhXNFeD8JhgEC0isittko5cGk5BFfpFbwxP/sL6qDiv2NNHfZwwbX49SznzG+fb1AXBBfwYNBel56sVTcLzMQsT3OgvkvTVwvqTSkdQ9JPCSdt8fjuz92wZLr4SjZ8WMCtfD5NTyHiclQLEfm8QYJEUUFk95TJQLg7q5LYtKRmHUmVQsE9NIN31Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+tthkD0GxUSbMDFf7FscVZTRiOuR5IYXllHhbr/xXqY=; b=VriHmmIuPT+OxF7CGKVaWkMTy7npOta+44IP+FH9HV40F9H9NR9hf37IwckMTZDv6y/oef5v1vfaw6eDenKokF1WO05wcOncYlhRIZtcWu72+pF3677bhmXeXKhSC0wAmoW8liAyGwSH16HTfzFYEic/Goe1tF82tN0vJsH+0gA=
Received: from BYAPR11MB3591.namprd11.prod.outlook.com (2603:10b6:a03:b4::30) by PH8PR11MB7000.namprd11.prod.outlook.com (2603:10b6:510:220::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.24; Thu, 16 Feb 2023 15:12:43 +0000
Received: from BYAPR11MB3591.namprd11.prod.outlook.com ([fe80::ad7a:87df:414e:3f65]) by BYAPR11MB3591.namprd11.prod.outlook.com ([fe80::ad7a:87df:414e:3f65%5]) with mapi id 15.20.6086.026; Thu, 16 Feb 2023 15:12:42 +0000
From: "Alberto Rodriguez-Natal (natal)" <natal@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-lisp-pubsub@ietf.org" <draft-ietf-lisp-pubsub@ietf.org>, "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>, "ggx@gigix.net" <ggx@gigix.net>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-lisp-pubsub-13: (with DISCUSS and COMMENT)
Thread-Index: AQHZQaBZDk23TFjSkEOPyF4nPJ31Gq7RljEv
Date: Thu, 16 Feb 2023 15:12:36 +0000
Message-ID: <BYAPR11MB3591E1A414382A828BD1DF01B6A09@BYAPR11MB3591.namprd11.prod.outlook.com>
References: <167650848906.56280.5745687851664238675@ietfa.amsl.com>
In-Reply-To: <167650848906.56280.5745687851664238675@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR11MB3591:EE_|PH8PR11MB7000:EE_
x-ms-office365-filtering-correlation-id: 1cbea397-a5da-496b-9cab-08db10304044
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 81CdvGKPGb4fOOnLWPHsZQx2dyFq/RtH4LJh7MH4iiJK/H5IxWMFwLnZ2mxP+9LEtP8SnsmpKXZ0+x04KjW8qK+5MxVU517EiBinh5DOXZQoH/zngO+Llm/BkDLgObrTFGUp8apt0579tLkDoGsJk97vVSxlRkMZkisiI0K4oEOAPZHYc4HlJ7Tx8iJH0ZSLf9pY7oC/YmDDz2x+nOZAgjEQxXfZ1QLwi3fwtRu8IQ6jgb3AmRC/pIHflVrIzXrDyNKXkUIGDGgyqfdLq94quA9akEtO8ieAO1Pt5cq4UNeu1AaFIhiCFo8rpg5Lj42bM9olSEDUpb9xVE/8QbOVsMhMuLxIVyjJrx2A+zw2FrHOvrn7/vq8o5qwZ3FEkgNLcTOx2wf5XWxuPN9GZFN8/FOtKwteWTyrdwcOzFhSe9i7CYz5+LCf2UuBVdtko9qWYEE6Q5w/0dlHjUr36PvaZsYh08nPxaQ4qVDUYPId1lAxoNVJLlADsEAsIgvhx0prpkM+gnmcDZNHYFGKwjZuZQXF6ZZwUWGASb1Z0l/VcotZ5LWz9aQYDcKyOa/TzP7mXn4hHYGKufaEpZk53xq4Q0bsLsF1TIPAQb67u2IHwi3lquCOizjv3vNeE76CPWlakJBvlJJH9VAroRxogCX0zRPU/m6d3Zjz+yv7ZmZFpl5b3jcqIt/Az84NMS/R1cBr0cqFUChImWdGkokJ580hGX8QN/SVAKGs6Oe7zguuleo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3591.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(396003)(39860400002)(136003)(376002)(346002)(366004)(451199018)(26005)(4326008)(8676002)(6666004)(186003)(53546011)(478600001)(6506007)(9686003)(66946007)(2906002)(91956017)(7696005)(76116006)(83380400001)(71200400001)(66574015)(64756008)(316002)(33656002)(55016003)(38070700005)(38100700002)(166002)(122000001)(52536014)(86362001)(66556008)(66446008)(66476007)(966005)(8936002)(54906003)(41300700001)(5660300002)(110136005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 10gTe+ZzhS6s+dRG55MpXzofLLPG+G8JIOSXWNFKFP9osmURxJDWg8IA15cHR3F5NAZr3zWIPmu5528eqAt9c+dq2WP3Jl16KtyTE9CtBDyfIR1tswLsAPqMrNrdSAC+HtP/dtUOUVLxWA+ZAjCcFL7h/pon9ffm4q2hmzozs52KrnIQileG2lWfCrd22kI1RD0TBAORt0Ygtdi8yc5QwzrXeL6UwuI1zBLLhgDUYLq5QHyRrgjlV9BW6mapDgA1HiyMmwXZvJ4Ynd381tAiPsAJMe0OpBVCWjKZLWKDzIWqf8BmfLtwD9EekYowq/B3KscLEBsFlYCMjfTktalyJYSnBQqJT7X9bibIoSELi7+0WZQKrVHoS4eeI7LdT9ayJ7Xh9We3YWzQptUMTgP35Dy8SfoNenaHisTmxrUU6tgdk3JIDMQMCgWxyby1P3bEEv52AZhaF9F8Mpu9QEGF7MKQk4tdQg2JK0tSdAL8OhZ3zBK0wwxWXBbFawyRkCQkXPObr7Mnj1C60CuEY+xAaq/5ebHi3STOJiNLE8z8zXKKRt26I+9v6KW44xBuMBW2yuFLznd3ryD8Ps2WmBLURn2Pb4kJDTKWYr/8QFXXCOvRDHUGaywhllJ0hgN05eLCBu4BTES7W33JJN88H3hJ4ENzKn3w1t3qGQZ7YEZqlROmuJbkSVIo6j35i0ai1R0StR75FG5nYaaNBVlHZzaqkKTmoZnGgqv9Gb5M6JCdNu7DrdroP1TtOpfWXHMpvmVVBkfc75eiommvGNxJqE32ru4LbbBjoJ8ew9u2ZlXbjJjH53VHE4urQQ74ls6Zl1vTSVrYDApAPqDLTfmOvvSkaqDq+A8T6HVCgAmWVZJXWI6xup5gA9Bfjw0NiCtiZ+UrmZUvB6qvG7DCL+WxxFQrTkwFq6+rkwnLFmU9LVabbO0miokIdtf8zIHe9Ww2IZn9X4vMHFJyOWiQBKja/mbwSJcbAE3uPojydbwc/NdWFR2vEsZ5HL+TicXFdI9BG9HFYZMrq2k4LapG3afr9vDnf1tRTuFgMWd+dKqIkwoVxLhvJxoFn/HG73mKMeArXgDgXrwoDO+M9Tfg0YL3z+DljLJPXbkSnAgVDybleCrae1Guo1MYX6yPL+RFa797EGyraUMTMEkz2E1WYbOSvhdKfcf3xFwA0GEKf4343RAPSI9E+eE/DKVHFqpS6QoMN80rXQzb1UpK6ufnEmRxpIYqSTTZDWao3PaFz3lALA9zDncen5GPkoKr64Kiz32xx1Pr3tyLbZPKKfKn6OzuZPNs/M785p/36GXXML/UemzvCbTjudtM3v5nvbGN2AgTzjDLFnbl2QO5zVuhyGXpq9+gMlihEZCQdizhDvYe9i/CBm6FSgqkdCWRXejIX7sOxyhv7fF9yY7CdE2RHXMu5fmwiD9Za6EjxPTg4ZwpLnNROQpAxPkzBlvU6YFzccVDndtOJVWPFd/FIEtuiStHSPzIbZJDZLZlDAdPlGiq9HJp2zPeRZq77AJXACzX0iwUmoVsj7pbe0GLVamuHc8XzmNem7dAdD/he3GD6f8VH80KjY1b0naNZLcqJEqNBCagUSce
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB3591E1A414382A828BD1DF01B6A09BYAPR11MB3591namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3591.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1cbea397-a5da-496b-9cab-08db10304044
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Feb 2023 15:12:42.5145 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IVgl5AUE7EgzUthIUE95Hp4g9hTmZffJ440NeE0O/aSU9ED8chQB6Qrmsl+1bChJ
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB7000
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.234, xfe-rtp-004.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/bqgkHYrnBD4hLdMTO1dCqLfZLOg>
Subject: Re: [lisp] Roman Danyliw's Discuss on draft-ietf-lisp-pubsub-13: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2023 15:12:51 -0000

Hi Roman,

Thanks a lot for your review! Please see inline.

Thanks!
Alberto

From: Roman Danyliw via Datatracker <noreply@ietf.org>
Date: Thursday, February 16, 2023 at 1:48 AM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lisp-pubsub@ietf.org <draft-ietf-lisp-pubsub@ietf.org>, lisp-chairs@ietf.org <lisp-chairs@ietf.org>, lisp@ietf.org <lisp@ietf.org>, ggx@gigix.net <ggx@gigix.net>, ggx@gigix.net <ggx@gigix.net>
Subject: Roman Danyliw's Discuss on draft-ietf-lisp-pubsub-13: (with DISCUSS and COMMENT)
Roman Danyliw has entered the following ballot position for
draft-ietf-lisp-pubsub-13: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-pubsub/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

** In following the robust discussion in the TSVART thread
(https://mailarchive.ietf.org/arch/msg/tsv-art/vcJRc6oXRRiCl5-bouLTyRVbTc8/),
it appears that design assumption of this document is to build on RFC9301 and
RFC9303.  Section 3 helpfully outlines unique deployment assumptions for PubSub
relative to RFC301.  Missing is an explicit summary of what Alberto stated in
https://mailarchive.ietf.org/arch/msg/tsv-art/80yDl25rP3Ev4H_x_rOstue_J7M/.
There appears to be a stronger requirements to use LISP-SEC or associated
pre-shared secret to secure this new mechanism which is not the same as the
baseline RFC9301 (per Section 1.1).
[AR] Yes, a PubSubKey is required for PubSub operation, this can be a PSK or can be generated via LISP-SEC, both options are described in Section 7.1. In early versions of the draft (-05 and prior), there used to be a bullet point in the deployment assumptions that mentioned that a security association was required for PubSub, but the bullet point was removed when section 7.1 was introduced in -06. We can add again a bullet point to the deployment assumptions to mention that a PubSubKey is needed (via PSK or LISP-SEC) and that details are in Section 7.1.



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** Thank you to Chris M. Lonvick for the SECDIR review.

** Thank you to Magnus Westerlund for the TSVART review which had a number of
security items of feedback.

** The shepherd report noted that this document was moved from experimental to
PS status based on existing deployment experiment.  As this was the basis of
the document status, is it possible read more about these “production networks”
that were running “early implementations” as described in Appendix A.  Who were
they?  Were all these implementations limited domain?  Any over the Internet?

[AR] The most predominant example (afaik) of PubSub running in production is in the Software-Defined Access (SD-Access) solution from Cisco. SD-Access is a solution that enterprises deploy for their campus networks where the overlay is established over an underlay of campus switches. Both the underlay and overlay are under the control of the enterprise.

** Section 1.  Editorial.  Is the “encap” in the phrase “map-and-encap
approach” a shortening of “encapsulate”?  Spell it out.

[AR] Ack

** Section 1.1.  Thanks for added this section based on TSVART review.
Consider if it possible to qualify which of these verification and
configurations are handled with practices outside the scope of this document
and what can be forward referenced into this document.

[AR] We’ll clarify the text.

** Section 5.
   Otherwise, the Map-Server silently
   drops the Map-Request message and logs the event to record that a
   replay attack could have occurred.

Why is the guidance to log when observing an attack weaker than the guidance in
Section 4 when handling malformed Map-Requests (“In this case, the receiver
SHOULD log a malformed Map-Request and MUST drop the message.”)
[AR] We’ll update the text so the same guidance is provided for both cases.


** Section 5.
   For example, the Map-Server may be instructed to limit the resources
   that are dedicated to unsolicited Map-Notify messages to a small
   fraction (e.g., less than 10%) of its overall processing and
   forwarding capacity.

What is an unsolicited “Map-Notify” message in the PubSub context?  Is that the
PubSub message itself?

[AR] The publication message yes.

** Section 5

   If the Map-Server
   does not keep last nonces seen, then in deployments concerned with
   replay attacks the Map-Server MUST require the xTRs to subscribe
   using the procedure described in Section 7.1 to create a new security
   association with the Map-Server.

What is a “deployment concerned with replay attacks”?  Shouldn’t that be all
deployments?  Section 7.1 has similar text.
[AR] We’ll update this text.


** Section 7.
   To prevent xTR-ID hijacking, it is RECOMMENDED to follow guidance
   from Section 9 of [RFC9301] to ensure integrity protection of Map-
   Request messages.

Can this text be more specific on what text in RFC9301 is being referenced.
[AR] The text is referring to Section 9 of RFC9301 (Security Considerations), particularly the last paragraph. We’ll update this to make it more specific.


** Section 7.1
   First, when the ITR is sending a Map-Request with the N-bit set
   following Section 5, the ITR also performs the steps described in
   Section 5.4 of [RFC9303].

RFC9303 doesn’t have a Section 5.4.  Is it Section 6.4?
[AR] That’s correct, thanks for catching this up!


** Section 7.1
   The ITR can then generate a PubSubKey by
   deriving a key from the One-Time Key (OTK) as follows: PubSubKey =
   KDF( OTK ), where KDF is the Key Derivation Function indicated by the
   OTK Wrapping ID.

Should the Map-Request nonce be used as part of the KDF input?  See Section 3.1
of RFC5869.
[AR] That’s a reasonable suggestion, we’ll update the text to reflect it.

v2.23.0 | Report a Bug | By Email