IETF Logo Mail Archive

Re: [Lsr] [Tsv-art] Tsvart last call review of draft-ietf-lsr-isis-rfc7810bis-03

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 06 December 2018 06:38 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4533113107E; Wed, 5 Dec 2018 22:38:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2reCuXHNqJH6; Wed, 5 Dec 2018 22:38:27 -0800 (PST)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B190C13106E; Wed, 5 Dec 2018 22:38:26 -0800 (PST)
Received: by mail-lf1-x136.google.com with SMTP id e26so16633994lfc.2; Wed, 05 Dec 2018 22:38:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WtYH1gpy5LmWNgUPASngrNzwMofHSCpYoCd1XFLnNuo=; b=BtUhIR862N1k1YT6TjhU3XMtgo+Q0yHf5pz3Auz3QB87xNjMS5WYbeGGMuepoogzbU rthiEaoEbUw7BUxJDtSbjboRb9lvzjPLtn2xhoZUdzk3qsXlDqNgSb2QhMNEhVotWXlV AU+0Opqn8uSaWFftz6kK7I4IhljneB2KuyJhW+R1SVuny8wQm/hgO+G7139qitp370et JQqeioUB0ofbN5N14Fe7aZkOT+P6N1bYmkoolC9T0u9pPLuQwJ877T2WCaHA4AuCwrFS wEq6ZhKPTQdLqC+LVwKGcg2DQCUrPyPpOAPUCwGmmHIkblk2bdKLwo7/iE/ESuztmvvk xDbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WtYH1gpy5LmWNgUPASngrNzwMofHSCpYoCd1XFLnNuo=; b=KDIyQSAAvkuR50nwJAnU6y2RO0rqBaWd/taSQLZxOEv6syZgxy/9fsQPu+sDboj19o 1N7s4wy1fptHBtOl9RsXOmuKvyOaaEU1Xwp6LdyK14VA1bBlZV1j+N3Fo/jbuk7bFDYt GjsxErOzi8OXLo2g/Xse4aIxYVzFo/yGp5SyYZUEaDsXdPwhwR9cy3+/TVYt6EE2DIZy LECWoQfWsaPId+TIg+SjZZeV5AkUyXAdjYtlnZAkMhzBKQk6NT7K0KSjA5L0PNjILJ7Y orndQEp0CHZXKqubsaDrXeG6PEIZvtJpiGs7cBkoY3dwGCMNH1rEEOgSJrOCWKAnmZ3b tcbA==
X-Gm-Message-State: AA+aEWauRI3A/e5cQLiJvN88oc9cuD7qtXCwb1I07qCEwKUavTnNrwgk gFqmyIkaQUaMcARxoQP3SbzcBbHSMT43LtGk2B2jS7Wf
X-Google-Smtp-Source: AFSGD/UsLWW30u6odwO+HDfI2VF8AHiIyrXEodsqpnrvlB0mgQrCEPeKwVCpJc4fR72kjyehsOAN16U2bglq41NeuUc=
X-Received: by 2002:a19:d145:: with SMTP id i66mr16962841lfg.97.1544078304685; Wed, 05 Dec 2018 22:38:24 -0800 (PST)
MIME-Version: 1.0
References: <154403709395.31955.8914260506541556177@ietfa.amsl.com> <347556ed4ea34fa7844085e5a6639f13@XCH-ALN-001.cisco.com> <CAKKJt-eCZWF=BSxuW85wwzMQBLk=eULw_asHOv7HLetK8oiBzg@mail.gmail.com> <779408ffacd34d75ad438590cb0e0c33@XCH-ALN-001.cisco.com>
In-Reply-To: <779408ffacd34d75ad438590cb0e0c33@XCH-ALN-001.cisco.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Thu, 06 Dec 2018 00:38:11 -0600
Message-ID: <CAKKJt-cniOG8jx+=9uwrWzHi221TRd+zy7oxEXR-HkR32zPBQw@mail.gmail.com>
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
Cc: nishida@wide.ad.jp, tsv-art@ietf.org, lsr@ietf.org, IETF list <ietf@ietf.org>, draft-ietf-lsr-isis-rfc7810bis.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000db3580057c54be84"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/zBDsvDZoSuiuxbNXNP4-0Mvc7UM>
Subject: Re: [Lsr] [Tsv-art] Tsvart last call review of draft-ietf-lsr-isis-rfc7810bis-03
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 06:38:32 -0000

Hi, Les,

On Wed, Dec 5, 2018 at 11:08 PM Les Ginsberg (ginsberg) <ginsberg@cisco.com>
wrote:

> Spencer –
>
>
>
> The choice of whether to use cryptographic authentication or not is a
> deployment decision. It is not the place of this RFC (or any other IGP RFC)
> to require that a customer use authentication of any kind. However, in
> Security sections we do mention that the use of cryptographic
> authentication may well be prudent to avoid risks associated with the
> advertisements which the document is defining.
>
>
>
> Make sense?
>

Sure, and I'm not asking for an
https://tools.ietf.org/html/rfc6919#section-1 "MUST (BUT WE KNOW YOU
WON'T)" - and this is the second draft on this telechat where I've used
that link in my balloting discussion, so You Are Not Alone!

Thanks for helping me understand.

Spencer

I agree there is an editorial issue.
>
>
>
> “mitigation the risk” should be “mitigation of the risk”
>
>
>
> I will address that.
>
>
>
>    Les
>
>
>
>
>
> *From:* Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
> *Sent:* Wednesday, December 05, 2018 6:41 PM
> *To:* Les Ginsberg (ginsberg) <ginsberg@cisco.com>
> *Cc:* nishida@wide.ad.jp; tsv-art@ietf.org; lsr@ietf.org; IETF list <
> ietf@ietf.org>; draft-ietf-lsr-isis-rfc7810bis.all@ietf.org
> *Subject:* Re: [Tsv-art] Tsvart last call review of
> draft-ietf-lsr-isis-rfc7810bis-03
>
>
>
> Hi, Les,
>
>
>
> On Wed, Dec 5, 2018 at 6:52 PM Les Ginsberg (ginsberg) <ginsberg@cisco.com>
> wrote:
>
> Yoshi -
>
> Thanx for taking the time to review.
>
> I can appreciate that this may the first time you have looked at RFC7810 -
> let alone the bis draft. As a result you have commented on content which is
> common to the bis draft and the RFC it is modifying (RFC 7810).
>
> While your questions in isolation may be interesting, I believe they are
> out of scope for the review of the bis draft. What the bis draft is doing
> is addressing two modest errata - details of which can be found in
> https://tools.ietf.org/html/draft-ietf-lsr-isis-rfc7810bis-03#appendix-A
> Comments on content not related to those changes is out of scope.
>
> If you have an interest in this topic and want to comment on the substance
> of RFC 7810 and its companion document for OSPF RFC 7471, I encourage you
> to do so. Note that all of your comments (save the one on Security) are
> also applicable to RFC 7471 - so any agreed upon modification would need to
> be made to both documents. But I do not want to even start discussing such
> changes in the context of reviewing the bis draft changes. I hope you can
> understand why.
>
> As regards your Security comment, I am not sure I understand what you are
> suggesting. As IGP info is flooded hop-by-hop, man-in-the-middle attacks
> have to be able to insert themselves on an IGP enabled link. Use of
> cryptographic authentication prevents untrusted sources from being accepted
> - which is the point being made.
>
>
>
> I'm just making sure I understand this last point.
>
>
>
> The text Yoshi flagged,
>
>
>
>     "The use of Link State PDU cryptographic authentication allows
> mitigation
>
>     the risk of man-in-
>
>      the-middle attack."
>
>
>
> is saying "smart people would use Link State PDU cryptographic
> authentication unless they have a reason to be OK with man-in-the-middle
> attacks", but there's no normative requirement to use this mitigation
> technique.
>
>
>
> I think that's what Yoshi was asking about.
>
>
>
> Is that the intent?
>
>
>
> Thanks,
>
>
>
> Spencer
>
>
>
> p.s. Is there a missing word after "mitigation"?
>

v2.23.0 | Report a Bug | By Email