Re: [Lsr] Spencer Dawkins' No Objection on draft-ietf-ospf-ospfv3-segment-routing-extensions-20: (with COMMENT)

"Acee Lindem (acee)" <acee@cisco.com> Wed, 05 December 2018 18:07 UTC

Return-Path: <acee@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F23C130E11; Wed, 5 Dec 2018 10:07:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.96
X-Spam-Level:
X-Spam-Status: No, score=-15.96 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSfCaebETGJR; Wed, 5 Dec 2018 10:07:28 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F3F3128766; Wed, 5 Dec 2018 10:07:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=31684; q=dns/txt; s=iport; t=1544033247; x=1545242847; h=from:to:cc:subject:date:message-id:mime-version; bh=2B8Dc9JD12+wka1cA/f3morzPULyb5trSH7DPWluf4Y=; b=K2CZFSt+jM6rudrMSQHN4p63XeAzl6T6jyzWbC0cBFgJOlyZbkWGWIK5 8T8zx30JN56EEDoZANP7K0FYJuLtOYceZ4uCWJqinmg1V4VhBGNEU02/h mXxaNNmkcQH7xFHpk+b/GlgT4UZM4kf+dpx9OsrkEWj4gkyPRpDVT6zT8 U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AEAABwEwhc/5hdJa1kGgEBAQEBAgEBAQEHAgEBAQGBUQUBAQEBCwGBDUguZoECJwqDb4gZjA6BaIk3jjoUgWYLAQElhEcZgnoiNAkNAQMBAQIBAQJtHAyFPQYjVhIBCBImAwQDAgQfERQDEAQOBRSDDQGBHUwDFQ+mBoEvhEFAgwENghcFiVaCSBeBf4EQAScME4JMgldHAQEBAQEBgSoBCwcBB4McMYImAokzgW+De5ELLgkChwGDNINdgy4YgVuFFIMnhxmNcoENiVgCERSBJx84ZFgRCHAVOyoBgkGCJxcSiEyFP0ExAYkVDxeBCIEaBQEB
X-IronPort-AV: E=Sophos;i="5.56,319,1539648000"; d="scan'208,217";a="273830158"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Dec 2018 18:07:03 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id wB5I72dm009626 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 5 Dec 2018 18:07:02 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 5 Dec 2018 13:07:01 -0500
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1395.000; Wed, 5 Dec 2018 13:07:01 -0500
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
CC: IESG <iesg@ietf.org>, Alvaro Retana <aretana.ietf@gmail.com>, "draft-ietf-ospf-ospfv3-segment-routing-extensions@ietf.org" <draft-ietf-ospf-ospfv3-segment-routing-extensions@ietf.org>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, "lsr@ietf.org" <lsr@ietf.org>
Thread-Topic: Spencer Dawkins' No Objection on draft-ietf-ospf-ospfv3-segment-routing-extensions-20: (with COMMENT)
Thread-Index: AQHUjMVS+xJ2f5Tr5E6/tWFx5pLFaA==
Date: Wed, 05 Dec 2018 18:07:01 +0000
Message-ID: <D8C248E7-1E14-4BD1-9901-68B377E05EEE@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.152.196]
Content-Type: multipart/alternative; boundary="_000_D8C248E71E144BD1990168B377E05EEEciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.153, xch-rtp-013.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/-HGoH9-LQ0PxlVfgNBQVVBEDEMc>
Subject: Re: [Lsr] Spencer Dawkins' No Objection on draft-ietf-ospf-ospfv3-segment-routing-extensions-20: (with COMMENT)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 18:07:31 -0000

Hey Spencer,
Fixed RFC references in my reply.


On Dec 5, 2018, at 11:34 AM, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com<mailto:spencerdawkins.ietf@gmail.com>> wrote:

Hi, Acee,
On Tue, Dec 4, 2018 at 6:37 PM Acee Lindem (acee) <acee@cisco.com<mailto:acee@cisco.com>> wrote:
Hi Spencer,

I'm replying as document shepherd.

It's a pleasure to be talking when we're not both sleepwalking on a 777 :-)

Luckily the flight home was a breeze compared to my 25 hour 40 minute flight to Hong Kong.



Please note that all of these are comments, so covered under "do the right thing".

On 12/4/18, 1:40 PM, "Spencer Dawkins" <spencerdawkins.ietf@gmail.com<mailto:spencerdawkins.ietf@gmail.com>> wrote:

    Spencer Dawkins has entered the following ballot position for
    draft-ietf-ospf-ospfv3-segment-routing-extensions-20: No Objection

    When responding, please keep the subject line intact and reply to all
    email addresses included in the To and CC lines. (Feel free to cut this
    introductory paragraph, however.)


    Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    for more information about IESG DISCUSS and COMMENT positions.


    The document, along with other ballot positions, can be found here:
    https://datatracker.ietf.org/doc/draft-ietf-ospf-ospfv3-segment-routing-extensions/



    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------

    The Introduction would have been much clearer for me if these paragraphs were
    much closer to the top of the section - they're at the bottom of the section
    now.

      This draft describes the OSPFv3 extensions required for Segment
       Routing with MPLS data plane.

       Segment Routing architecture is described in [RFC8402].

       Segment Routing use cases are described in [RFC7855].

    With that change, I'm not sure how much of the discussion in the Introduction
    would still be required, but do the right thing, of course.

    I'd make the same suggestion for the Abstract,

      Segment Routing (SR) allows a flexible definition of end-to-end paths
       within IGP topologies by encoding paths as sequences of topological
       sub-paths, called "segments".  These segments are advertised by the
       link-state routing protocols (IS-IS and OSPF).

       This draft describes the OSPFv3 extensions required for Segment
       Routing with MPLS data plane.

    if it was more than two paragraphs long ...

You mean "were" since this is subjective. I'm not sure what you're asking for since your comment has something to do with ordering and, as you note, the abstract is two paragraphs long.

Sorry this wasn't clear.

What I meant was, the Introduction is long enough that moving the high-order bits to the top is helpful; the Abstract also has the high-order bits at the bottom, but it's a short distance to the bottom. If you flipped the Abstract, that might be helpful, and would match the Introduction, but if you don't, I think making the change in the Introduction would be sufficient.

I read this and we’ll consider but I don’t think we’ll move things around. All the SR RFCs/drafts have this abstract ordering and I can’t see just changing this one.




    I am thinking that the reference

      There are additional segment types, e.g., Binding SID defined in
       [RFC8402].

    would be more useful at the beginning of Section 3, because that's where you
    list the additional segment types, but the reference is back in the
    Introduction (with only one example of the segment types).

Actually, the Binding SID is no longer in the encodings so this could be removed.

An even better reason to remove this sentence :D ...

That would put the reference to RFC 8402 in Section 3, I assume.


We will remove the references to binding SID. I think we put the reference to RFC 8402 earlier in the Introduction.




    I'm thinking the SHOULD in this text

      Existing security extensions as described in [RFC5340] and [RFC8362]
       apply to these segment routing extensions.  While OSPFv3 is under a
       single administrative domain, there can be deployments where
       potential attackers have access to one or more networks in the OSPFv3
       routing domain.  In these deployments, stronger authentication
       mechanisms such as those specified in [RFC4552] or [RFC7166] SHOULD
       be used.

    is not an RFC 2119 SHOULD that describes interworking, so something like

       In these deployments, stronger authentication
       mechanisms such as those specified in [RFC4552] or [RFC7166] are
       needed.

I'll defer to our AD, Alvaro. We have normative text in other "Security Considerations" sections.

Oh, sure. That wasn't my heartburn at all. My point was

    would be better, but if this IS a SHOULD, I'm curious why you wouldn't use
    stronger authentication mechanisms if they're needed. You might want to add
    guidance about that, so it's not confused with MUST (BUT WE KNOW YOU WON'T) as
    defined in https://tools.ietf.org/html/rfc6919#section-1.

that I'm reading the text as saying "you're more vulnerable to attackers, so you SHOULD use stronger authentication mechanisms, but you might not, for reasons left to the implementer". Is there a reason that you might decide not to use stronger authentication mechanisms when you're more vulnerable to attackers? If so, you might provide it as an example, so the implementers can do the right thing.

(I spent enough time in the SIP community talking to product managers who wanted to pay for MUSTs, but didn't think they needed to pay for SHOULDs, that I'm perhaps overreacting to a problem you folks in RTG don't have. Do the right thing, of course!)

I see your point but “SHOULD” is already pretty strong language but we wouldn’t be opposed to changing it to “MUST” since an implementation advanced enough to support OSPFv3 SR should support RFC4552 and/or RFC7166. However the latter is simpler from an operational standpoint.

Thanks,
Acee




    Is there another document that says things like

      Implementations MUST assure that malformed TLV and Sub-TLV defined in
       this document are detected and do not provide a vulnerability for
       attackers to crash the OSPFv3 router or routing process.  Reception
       of a malformed TLV or Sub-TLV SHOULD be counted and/or logged for
       further analysis.  Logging of malformed TLVs and Sub-TLVs SHOULD be
       rate-limited to prevent a Denial of Service (DoS) attack (distributed
       or otherwise) from overloading the OSPFv3 control plane.

    ? This doesn't seem very SR-specific, although I'm guessing. If there's a
    broader document, I don't object to including this guidance here, but adding a
    reference to a broader document might be useful.

We do have similar text in section 5 of RFC8362. However, it is not in the "Security Considerations" and the statement about rate-limiting is not there. It doesn’t hurt to repeat it and it provides confidence that "security" has been appropriately "considered".

Agree, and thanks for considering all my comments.

Spencer


Thanks,
Acee