Re: [Lsr] [Tsv-art] Tsvart last call review of draft-ietf-lsr-isis-rfc7810bis-03
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 06 December 2018 06:38 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4533113107E; Wed, 5 Dec 2018 22:38:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2reCuXHNqJH6; Wed, 5 Dec 2018 22:38:27 -0800 (PST)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B190C13106E; Wed, 5 Dec 2018 22:38:26 -0800 (PST)
Received: by mail-lf1-x136.google.com with SMTP id e26so16633994lfc.2; Wed, 05 Dec 2018 22:38:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WtYH1gpy5LmWNgUPASngrNzwMofHSCpYoCd1XFLnNuo=; b=BtUhIR862N1k1YT6TjhU3XMtgo+Q0yHf5pz3Auz3QB87xNjMS5WYbeGGMuepoogzbU rthiEaoEbUw7BUxJDtSbjboRb9lvzjPLtn2xhoZUdzk3qsXlDqNgSb2QhMNEhVotWXlV AU+0Opqn8uSaWFftz6kK7I4IhljneB2KuyJhW+R1SVuny8wQm/hgO+G7139qitp370et JQqeioUB0ofbN5N14Fe7aZkOT+P6N1bYmkoolC9T0u9pPLuQwJ877T2WCaHA4AuCwrFS wEq6ZhKPTQdLqC+LVwKGcg2DQCUrPyPpOAPUCwGmmHIkblk2bdKLwo7/iE/ESuztmvvk xDbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WtYH1gpy5LmWNgUPASngrNzwMofHSCpYoCd1XFLnNuo=; b=KDIyQSAAvkuR50nwJAnU6y2RO0rqBaWd/taSQLZxOEv6syZgxy/9fsQPu+sDboj19o 1N7s4wy1fptHBtOl9RsXOmuKvyOaaEU1Xwp6LdyK14VA1bBlZV1j+N3Fo/jbuk7bFDYt GjsxErOzi8OXLo2g/Xse4aIxYVzFo/yGp5SyYZUEaDsXdPwhwR9cy3+/TVYt6EE2DIZy LECWoQfWsaPId+TIg+SjZZeV5AkUyXAdjYtlnZAkMhzBKQk6NT7K0KSjA5L0PNjILJ7Y orndQEp0CHZXKqubsaDrXeG6PEIZvtJpiGs7cBkoY3dwGCMNH1rEEOgSJrOCWKAnmZ3b tcbA==
X-Gm-Message-State: AA+aEWauRI3A/e5cQLiJvN88oc9cuD7qtXCwb1I07qCEwKUavTnNrwgk gFqmyIkaQUaMcARxoQP3SbzcBbHSMT43LtGk2B2jS7Wf
X-Google-Smtp-Source: AFSGD/UsLWW30u6odwO+HDfI2VF8AHiIyrXEodsqpnrvlB0mgQrCEPeKwVCpJc4fR72kjyehsOAN16U2bglq41NeuUc=
X-Received: by 2002:a19:d145:: with SMTP id i66mr16962841lfg.97.1544078304685; Wed, 05 Dec 2018 22:38:24 -0800 (PST)
MIME-Version: 1.0
References: <154403709395.31955.8914260506541556177@ietfa.amsl.com> <347556ed4ea34fa7844085e5a6639f13@XCH-ALN-001.cisco.com> <CAKKJt-eCZWF=BSxuW85wwzMQBLk=eULw_asHOv7HLetK8oiBzg@mail.gmail.com> <779408ffacd34d75ad438590cb0e0c33@XCH-ALN-001.cisco.com>
In-Reply-To: <779408ffacd34d75ad438590cb0e0c33@XCH-ALN-001.cisco.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Thu, 06 Dec 2018 00:38:11 -0600
Message-ID: <CAKKJt-cniOG8jx+=9uwrWzHi221TRd+zy7oxEXR-HkR32zPBQw@mail.gmail.com>
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
Cc: nishida@wide.ad.jp, tsv-art@ietf.org, lsr@ietf.org, IETF list <ietf@ietf.org>, draft-ietf-lsr-isis-rfc7810bis.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000db3580057c54be84"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/zBDsvDZoSuiuxbNXNP4-0Mvc7UM>
Subject: Re: [Lsr] [Tsv-art] Tsvart last call review of draft-ietf-lsr-isis-rfc7810bis-03
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 06:38:32 -0000
Hi, Les, On Wed, Dec 5, 2018 at 11:08 PM Les Ginsberg (ginsberg) <ginsberg@cisco.com> wrote: > Spencer – > > > > The choice of whether to use cryptographic authentication or not is a > deployment decision. It is not the place of this RFC (or any other IGP RFC) > to require that a customer use authentication of any kind. However, in > Security sections we do mention that the use of cryptographic > authentication may well be prudent to avoid risks associated with the > advertisements which the document is defining. > > > > Make sense? > Sure, and I'm not asking for an https://tools.ietf.org/html/rfc6919#section-1 "MUST (BUT WE KNOW YOU WON'T)" - and this is the second draft on this telechat where I've used that link in my balloting discussion, so You Are Not Alone! Thanks for helping me understand. Spencer I agree there is an editorial issue. > > > > “mitigation the risk” should be “mitigation of the risk” > > > > I will address that. > > > > Les > > > > > > *From:* Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> > *Sent:* Wednesday, December 05, 2018 6:41 PM > *To:* Les Ginsberg (ginsberg) <ginsberg@cisco.com> > *Cc:* nishida@wide.ad.jp; tsv-art@ietf.org; lsr@ietf.org; IETF list < > ietf@ietf.org>; draft-ietf-lsr-isis-rfc7810bis.all@ietf.org > *Subject:* Re: [Tsv-art] Tsvart last call review of > draft-ietf-lsr-isis-rfc7810bis-03 > > > > Hi, Les, > > > > On Wed, Dec 5, 2018 at 6:52 PM Les Ginsberg (ginsberg) <ginsberg@cisco.com> > wrote: > > Yoshi - > > Thanx for taking the time to review. > > I can appreciate that this may the first time you have looked at RFC7810 - > let alone the bis draft. As a result you have commented on content which is > common to the bis draft and the RFC it is modifying (RFC 7810). > > While your questions in isolation may be interesting, I believe they are > out of scope for the review of the bis draft. What the bis draft is doing > is addressing two modest errata - details of which can be found in > https://tools.ietf.org/html/draft-ietf-lsr-isis-rfc7810bis-03#appendix-A > Comments on content not related to those changes is out of scope. > > If you have an interest in this topic and want to comment on the substance > of RFC 7810 and its companion document for OSPF RFC 7471, I encourage you > to do so. Note that all of your comments (save the one on Security) are > also applicable to RFC 7471 - so any agreed upon modification would need to > be made to both documents. But I do not want to even start discussing such > changes in the context of reviewing the bis draft changes. I hope you can > understand why. > > As regards your Security comment, I am not sure I understand what you are > suggesting. As IGP info is flooded hop-by-hop, man-in-the-middle attacks > have to be able to insert themselves on an IGP enabled link. Use of > cryptographic authentication prevents untrusted sources from being accepted > - which is the point being made. > > > > I'm just making sure I understand this last point. > > > > The text Yoshi flagged, > > > > "The use of Link State PDU cryptographic authentication allows > mitigation > > the risk of man-in- > > the-middle attack." > > > > is saying "smart people would use Link State PDU cryptographic > authentication unless they have a reason to be OK with man-in-the-middle > attacks", but there's no normative requirement to use this mitigation > technique. > > > > I think that's what Yoshi was asking about. > > > > Is that the intent? > > > > Thanks, > > > > Spencer > > > > p.s. Is there a missing word after "mitigation"? >
- [Lsr] Tsvart last call review of draft-ietf-lsr-i… Yoshifumi Nishida
- Re: [Lsr] Tsvart last call review of draft-ietf-l… Les Ginsberg (ginsberg)
- Re: [Lsr] [Tsv-art] Tsvart last call review of dr… Spencer Dawkins at IETF
- Re: [Lsr] [Tsv-art] Tsvart last call review of dr… Les Ginsberg (ginsberg)
- Re: [Lsr] [Tsv-art] Tsvart last call review of dr… Spencer Dawkins at IETF
- Re: [Lsr] Tsvart last call review of draft-ietf-l… Alvaro Retana
- Re: [Lsr] Tsvart last call review of draft-ietf-l… Yoshifumi Nishida
- Re: [Lsr] Tsvart last call review of draft-ietf-l… Les Ginsberg (ginsberg)
- Re: [Lsr] Tsvart last call review of draft-ietf-l… stefano previdi
- Re: [Lsr] Tsvart last call review of draft-ietf-l… Les Ginsberg (ginsberg)
- Re: [Lsr] Tsvart last call review of draft-ietf-l… John E Drake