Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing-extensions-24: (with DISCUSS and COMMENT)
"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Wed, 15 May 2019 20:22 UTC
Return-Path: <ginsberg@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A266120116; Wed, 15 May 2019 13:22:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=fpapj8es; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=gquv9miA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dbZUJ3LifhQ0; Wed, 15 May 2019 13:22:01 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC1D12002F; Wed, 15 May 2019 13:22:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4160; q=dns/txt; s=iport; t=1557951720; x=1559161320; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=wst03f13JEdgq+rjustwKqgTv3iY3NhK0qTg5HuKvBk=; b=fpapj8esoKPsfvYZ86SyrsDWeeEJTg7Y7Xpdlpr6HhGfTSddjwUw/h3F mYKW0N6VYmu6ijf7aAIoEUYOsDVZd8pcocRqp2BtFqyIUKGT2M47bnmt3 PJSurR4YPdeyK5TP8fpAj3GLr5NqUp/bm5N+uTBNsdJRXegHVozJQBnyQ g=;
IronPort-PHdr: 9a23:uhXTSRcuLoQsoBFBcIoPOWfjlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwGQD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFnpnwd4TgxRmBceEDUPhK/u/YC08B85PTlBN9HCgOk8TE8H7NBXf
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BuAAAXdNxc/4sNJK1kGwEBAQEDAQEBBwMBAQGBVAMBAQELAYE9JCwDaVUgBAsohBGDRwOOckqCDX6IQY1mgUKBEANUCQEBAQwBARgNCAIBAYRAAheCFCM3Bg4BAwEBBAEBAgEEbRwMhUoBAQEDAQEBEBERDAEBLAsBBAcEAgEGAg4DBAEBAwIfBwICAh8GCxUICAIEAQ0FCBqDAYFqAw4PAQIMkEGQXgKBNYhfcYEvgnkBAQWBRkGCew0Lgg8DBoELKAGLTheBQD+BEAFGghc1PoIaRwEBAQIBgSoBEgEhFQ+CZDKCJoslgg8sjGOMYTkJAoIJhiGIZ4NxghSGTIN0iRqMNIZYgU+MYwIEAgQFAg4BAQWBZSJmWBEIcBU7gmyCDw0WFIM4hRSFP3IBgSiNA4JDAQE
X-IronPort-AV: E=Sophos;i="5.60,474,1549929600"; d="scan'208";a="276246523"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 May 2019 20:21:59 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id x4FKLxPc025309 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 15 May 2019 20:21:59 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 15 May 2019 15:21:58 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 15 May 2019 15:21:58 -0500
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 15 May 2019 15:21:57 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wst03f13JEdgq+rjustwKqgTv3iY3NhK0qTg5HuKvBk=; b=gquv9miA0uUBChM0eAPYZDuPR6bBIXg8LTyByIpUXrzUvzTuCqcVeGjKzf7ntDXGEGHwDPxvTUDRNdxkwoDUJhoAYguXCneRQ6tCZdSSp+X6SVo4dq9mMyG+v4oYVwUszVt/JB88tj6wjumfdYvDR2s9UWK1JECKcjPkC4Xz9Bc=
Received: from BYAPR11MB3638.namprd11.prod.outlook.com (20.178.237.19) by BYAPR11MB3384.namprd11.prod.outlook.com (20.177.186.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1878.26; Wed, 15 May 2019 20:21:56 +0000
Received: from BYAPR11MB3638.namprd11.prod.outlook.com ([fe80::ace2:8693:202d:5a30]) by BYAPR11MB3638.namprd11.prod.outlook.com ([fe80::ace2:8693:202d:5a30%7]) with mapi id 15.20.1878.024; Wed, 15 May 2019 20:21:56 +0000
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-isis-segment-routing-extensions@ietf.org" <draft-ietf-isis-segment-routing-extensions@ietf.org>, Christian Hopps <chopps@chopps.org>, "uma.chunduri@huawei.com" <uma.chunduri@huawei.com>, "aretana.ietf@gmail.com" <aretana.ietf@gmail.com>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, "lsr@ietf.org" <lsr@ietf.org>
Thread-Topic: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing-extensions-24: (with DISCUSS and COMMENT)
Thread-Index: AQHVC1L63Zmeimwxb0uxsnY3w7tH8KZsnoyw
Date: Wed, 15 May 2019 20:21:56 +0000
Message-ID: <BYAPR11MB3638F34879DCBA41EAEC6125C1090@BYAPR11MB3638.namprd11.prod.outlook.com>
References: <155794787548.30479.12106710565768543060.idtracker@ietfa.amsl.com>
In-Reply-To: <155794787548.30479.12106710565768543060.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ginsberg@cisco.com;
x-originating-ip: [2001:420:c0c8:1003::34d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3593b9e4-d03c-4f68-f63a-08d6d972fa29
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR11MB3384;
x-ms-traffictypediagnostic: BYAPR11MB3384:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BYAPR11MB3384C08C8505FDB31A828C27C1090@BYAPR11MB3384.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0038DE95A2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(136003)(376002)(396003)(366004)(39860400002)(13464003)(199004)(189003)(6116002)(68736007)(99286004)(11346002)(446003)(81166006)(8676002)(229853002)(81156014)(8936002)(186003)(102836004)(966005)(305945005)(46003)(14454004)(478600001)(6506007)(53546011)(76176011)(7696005)(52536014)(7736002)(9686003)(476003)(73956011)(66556008)(6246003)(55016002)(53936002)(74316002)(110136005)(4326008)(256004)(54906003)(14444005)(25786009)(33656002)(6436002)(66446008)(64756008)(71200400001)(71190400001)(66476007)(66946007)(76116006)(2906002)(316002)(486006)(6306002)(5660300002)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3384; H:BYAPR11MB3638.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: dgHA8hsUSiLZSbmXKUK6V1+fSMOh+YLHdWbZyj8itZO7JPiJUovmGONK2S3Bzz0moBo5gD36UuufoNK1JsudjuTvfkSuAWpDSQm3uucC5TxDE5hLV4rONNTV22LNGXcn9NeK47XD6XkjIbc7Yh6L87o352V+HBqMLNwAugXU5p6mM1B3b+kqnjt4eckFhLpGyWLDC4mY5+J+LzI3vV/aofeRvVS1CBToHrRSQkCaXvTYUmEKXzJlgNNgkv1MGQ80Wwb9n7ctNPIbPKTb2Ch7nX8U8DIEckUcKMbfmseprjjRL1dlLZncyStOp8xPmd/d977d3ia3zNLl6fnzWzIkXyQ3vo6hSZlAYzqyofGKcNnpt8jcLUALj+yLWD0yhEZU5TiauikPCNU9wlJPlpBBIX4L66RrnEgDngDftDD6mOg=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 3593b9e4-d03c-4f68-f63a-08d6d972fa29
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2019 20:21:56.4767 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3384
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/Gm3Mt_umCIa62wa1YLHtfzn0jNM>
Subject: Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing-extensions-24: (with DISCUSS and COMMENT)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 20:22:04 -0000
Roman - Thanx for the review. Responses inline. > -----Original Message----- > From: Lsr <lsr-bounces@ietf.org> On Behalf Of Roman Danyliw via > Datatracker > Sent: Wednesday, May 15, 2019 12:18 PM > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-isis-segment-routing-extensions@ietf.org; Christian Hopps > <chopps@chopps.org>; uma.chunduri@huawei.com; > aretana.ietf@gmail.com; lsr-chairs@ietf.org; lsr@ietf.org > Subject: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-segment-routing- > extensions-24: (with DISCUSS and COMMENT) > > Roman Danyliw has entered the following ballot position for > draft-ietf-isis-segment-routing-extensions-24: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-isis-segment-routing-extensions/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > I need a bit of help understanding how to read the Security Considerations > text > – threats are identified but how they are mitigated seems implicit. The text, > “In general the same types of attacks … However, the latter will be more > difficult to detect …”, alludes to a similar threat without a reference and > seems to suggest it will be worse in the deployed environment of this > extension. > [Les:] The point being made here is that when MPLS is in use the destinations affected by inappropriate/malicious use of a label cannot be directly identified as in the case of IP/IPv6 forwarding entries - they require further investigation to determine. But the result is the same - traffic is misrouted. > The next paragraph, “Existing security extensions … [RFC5304] and [RFC5310] > apply …” states that [RFC5304] and [RFC5310] also apply. What does apply > mean > here – should they be used? Do they mitigate what’s described in the > previous > paragraph? [Les:] The two paragraphs are not directly related. RFC5304/RFC5310 define the use of MD5/Cryptographic authentication for IS-IS. Use of these extensions is prudent to protect all IS-IS advertisements. Referencing these RFCs is standard content for the Security section of almost any IS-IS extension. Les > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 2.3. Typo. s/advertsied/advertised/ > > > _______________________________________________ > Lsr mailing list > Lsr@ietf.org > https://www.ietf.org/mailman/listinfo/lsr
- [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-… Roman Danyliw via Datatracker
- Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-i… Les Ginsberg (ginsberg)
- Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-i… Roman Danyliw