Re: [MBONED] Secdir last call review of draft-ietf-mboned-driad-amt-discovery-11

"Holland, Jake" <jholland@akamai.com> Thu, 19 December 2019 06:03 UTC

Return-Path: <jholland@akamai.com>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2A83120018; Wed, 18 Dec 2019 22:03:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XEPapllhltxn; Wed, 18 Dec 2019 22:03:11 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7C4112008B; Wed, 18 Dec 2019 22:03:11 -0800 (PST)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBJ62bod019653; Thu, 19 Dec 2019 06:03:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=aGr7eltAmzq0no/98Vs6nZJ/CZtFc6JE4aGsGVQAvu4=; b=LwAXGK1c8cOhRhE9RCSzev567L687ZVp5f37dmZJP2WjoG7ZTH2nvUOuIRZiLwNA8sD5 /NTnNWaG031cPpMLQ4K0jkeEXC6zF0EQy3fgKpRvr9TSMyF/Sw98ZTknd/e3fCqeSV3p MIl/JMpjxfhpOgWtZd/EBFMLYRgdU6pLtfLvKDjtsLULHF9m7XL4QZ+HQaRjwffpaYLC q1gt8bThgyQpACyyGYi1Yf8CjiVssGXpXslrQO17LG8//ziwPrMexQw1iPEn+SRyp7jB 9ZrqhQ6O7Pk13iZNUF0grDmVm8TXSRiyGXu2uXnBsXz/7Fj44c1uqRa9WsTzM/9M+wTd 2Q==
Received: from prod-mail-ppoint8 (prod-mail-ppoint8.akamai.com [96.6.114.122] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2wyyksrqcd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Dec 2019 06:03:11 +0000
Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.16.0.27/8.16.0.27) with SMTP id xBJ62Xr2016888; Thu, 19 Dec 2019 01:03:10 -0500
Received: from email.msg.corp.akamai.com ([172.27.165.115]) by prod-mail-ppoint8.akamai.com with ESMTP id 2wvuy2h2g7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 19 Dec 2019 01:03:10 -0500
Received: from ustx2ex-dag1mb6.msg.corp.akamai.com (172.27.165.124) by USTX2EX-DAG3MB2.msg.corp.akamai.com (172.27.165.126) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Dec 2019 22:03:09 -0800
Received: from ustx2ex-dag1mb6.msg.corp.akamai.com ([172.27.165.124]) by ustx2ex-dag1mb6.msg.corp.akamai.com ([172.27.165.124]) with mapi id 15.00.1473.005; Wed, 18 Dec 2019 22:03:09 -0800
From: "Holland, Jake" <jholland@akamai.com>
To: "Franke, Daniel" <dafranke@akamai.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-mboned-driad-amt-discovery.all@ietf.org" <draft-ietf-mboned-driad-amt-discovery.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "mboned@ietf.org" <mboned@ietf.org>
Thread-Topic: [MBONED] Secdir last call review of draft-ietf-mboned-driad-amt-discovery-11
Thread-Index: AQHVtg6oHMwqpAy6pka1MO991KYBb6fA99qA
Date: Thu, 19 Dec 2019 06:03:09 +0000
Message-ID: <76126E23-3913-4EDA-AE5E-B5EC62C69ED2@akamai.com>
References: <157672018216.4869.15864357654393087401@ietfa.amsl.com>
In-Reply-To: <157672018216.4869.15864357654393087401@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.20.0.191208
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.80.63]
Content-Type: text/plain; charset="utf-8"
Content-ID: <EBCF186AC2714C4BAFD2F5B2F5769A20@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-12-18_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-1912190049
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-18_08:2019-12-17,2019-12-18 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 mlxscore=0 lowpriorityscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 impostorscore=0 spamscore=0 suspectscore=0 clxscore=1011 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912190049
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/3r-ENSj--9ADlmPUI38ZTGG5Dfw>
Subject: Re: [MBONED] Secdir last call review of draft-ietf-mboned-driad-amt-discovery-11
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 06:03:14 -0000

Hi Daniel,

Thanks for the review.

I hear and understand the anxiety.  In case it helps any, I'm trying to
address at least some of those concerns in other documents (e.g.
draft-jholland-mboned-cbacc).

I agree it will take some thoughtful configuration and cautious controls
to avoid troubles, but I think there are some networks that can blaze a
useful trail here.

Best,
Jake

On 2019-12-18, 17:50, "Daniel Franke via Datatracker" <noreply@ietf.org> wrote:

Reviewer: Daniel Franke
Review result: Ready

I have reviewed this document as part of the security directorate's  ongoing
effort to review all IETF documents being processed by the  IESG.  These
comments were written primarily for the benefit of the  security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

Sorry about the last minute review. This document is Ready. Its very intent
gives me a little bit of anxiety: given the inherent DDoS amplification
potential of any kind of UDP multicast, I tend to consider attempts to expand
its usability beyond the most tightly-controlled and thoughtfully-configured
environments to be ill-advised, but that is something the availability of
auto-configuration protocols like this one will tend to encourage. However,
this is something that clearly still has good uses and its security
considerations section is thorough, which is all I can really ask.

_______________________________________________
MBONED mailing list
MBONED@ietf.org
https://www.ietf.org/mailman/listinfo/mboned