Re: [MBONED] Benjamin Kaduk's Discuss on draft-ietf-mboned-ieee802-mcast-problems-11: (with DISCUSS and COMMENT)

Michael McBride <michael.mcbride@futurewei.com> Mon, 26 October 2020 21:17 UTC

Return-Path: <michael.mcbride@futurewei.com>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 455FE3A1016; Mon, 26 Oct 2020 14:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id teP3FoVAf1Kr; Mon, 26 Oct 2020 14:17:52 -0700 (PDT)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2118.outbound.protection.outlook.com [40.107.220.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE7F03A100F; Mon, 26 Oct 2020 14:17:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HLiXo0Cb4O59+kEA0cB/kM6S+OpiE/FUObraSLGRuZ0JV1Cct9h2prAV7hmkm3xIlXN98LFGufhBi2nBNpyz57lBs4KD7PdNnjSexpYKnWAddbr0+AhL/nCZRqDxWwN3aLN/6tjgqH8DZ6Tk1EI8KXSJ51QBVHnW1vJ4V5y7FR3HRlha76d2YC6ohFBEbs6VWZTM6+udFv+68QVsyO1V0bTiIB4qw6OIdW3J/t81J5BhNmAEWdJsBD40XyDCDwPwX9x6laGEKiw9y2knD5PfF1VwmIoTXl7qG2UoyF4SQcg9N3IAFe75PNWZu2ra49YuZXJU9UiUL5PKv/2luReDOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ooYybz0ss30/7G5Ved+T0N47BIStcOJUpxZKuuOgeIg=; b=lF9xXoCBTy/3T32k0MYZop2wo+8jUDd+JzxUxvqrBXJEijcZ/XKuKB6nY/n98K2mxKxkmnbPpGaZqlEnXJZs9n5zF+5OLEiQ4k+CcOWmR5Ej4fJti3aaYjj6wbM50aXB6zjArjr6JHnKolIASmfGoPPFeSIMxtfy2G+1zxTcaNYkGq8Pp1dF/7RGouJI5pxbrbYE7Gnup329ug3kHTd/CQUmkWk6LmDK4YrpljZZnEgeKeYaQzxP2h9meljrJacIeGROZAw1LH5sGWKakdmxc+e7QymnugEIrlPrBJoWZOt1ENTGRq2zXg+lEsdPjybQ6Lv4wmmOrkk4p5k06gnYUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ooYybz0ss30/7G5Ved+T0N47BIStcOJUpxZKuuOgeIg=; b=tgDa6muTJMMhvsVJVZklmlxU7Aiahumen20llBU+Iuo3t+QZW606FXFXPBcWwKUaXUJH+zxOPduFXtNcMyMLIfFbQ/yz3LmeEBjSi03y9OrKG2j+ev3XhY3BBuHeOdocmAegSjsbUXQXf/RT9A1OfZcl86tGyhImrv6II1kD5n0=
Received: from BYAPR13MB2582.namprd13.prod.outlook.com (2603:10b6:a03:b2::19) by BY5PR13MB3063.namprd13.prod.outlook.com (2603:10b6:a03:189::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.7; Mon, 26 Oct 2020 21:17:50 +0000
Received: from BYAPR13MB2582.namprd13.prod.outlook.com ([fe80::ddd8:6df6:7905:55b6]) by BYAPR13MB2582.namprd13.prod.outlook.com ([fe80::ddd8:6df6:7905:55b6%4]) with mapi id 15.20.3499.018; Mon, 26 Oct 2020 21:17:50 +0000
From: Michael McBride <michael.mcbride@futurewei.com>
To: Benjamin Kaduk <kaduk@mit.edu>, "draft-ietf-mboned-ieee802-mcast-problems@ietf.org" <draft-ietf-mboned-ieee802-mcast-problems@ietf.org>, "evyncke@cisco.com" <evyncke@cisco.com>
CC: "mboned@ietf.org" <mboned@ietf.org>, "mboned-chairs@ietf.org" <mboned-chairs@ietf.org>, The IESG <iesg@ietf.org>, Alvaro Retana <aretana.ietf@gmail.com>
Thread-Topic: [MBONED] Benjamin Kaduk's Discuss on draft-ietf-mboned-ieee802-mcast-problems-11: (with DISCUSS and COMMENT)
Thread-Index: AQHVxnHB67KbqyBBG0OxsLriJLLoIafiWtKAgAAxjQCByZb6gIAACTLQ
Date: Mon, 26 Oct 2020 21:17:50 +0000
Message-ID: <BYAPR13MB2582770D80DFC5B05CA1928EF4190@BYAPR13MB2582.namprd13.prod.outlook.com>
References: <157852198268.22611.624000399578080107.idtracker@ietfa.amsl.com> <CAMMESsw0=kzd9zV9Z54Rqg7kvPxu=nTAqqkmM+B8jiXu=8k9sw@mail.gmail.com> <20200109164834.GE57294@kduck.mit.edu> <20201026203937.GU39170@kduck.mit.edu>
In-Reply-To: <20201026203937.GU39170@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [108.197.145.62]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0dfb2698-2cc1-4a95-6d7e-08d879f49837
x-ms-traffictypediagnostic: BY5PR13MB3063:
x-microsoft-antispam-prvs: <BY5PR13MB30630073C07E1B5C385737B1F4190@BY5PR13MB3063.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XJ6vJjLQYikKEXAjCPsLy0QzvgFcyDl5NAImkhiL4WkPYfKZj4f/eBYpNwc+vFfJ+0ZNt02Gsro5esHTh+iwyq/B24TkriiOrWzPJKKg3dPmvKMnifBj+1s3LTu/fqmCIGUgdw/ij1eoTbI5JIeO3Wr3QZV0o790tthKFvecDs287+pVD2HAdFrp7SiH1n/kggzK1DGXQLvzXWU/TcWIVzk7V8bvMVVNWXTeQozra5bQUCZLV5htpMpiYPfPyuHxurq35pcUFpL80zLwzpeweCnjHns0hJqA1eEhrhm7qk1V4voth0IosX1TkavOw4onIDVxK4szHZ0Cw6jQ2m4Pnw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR13MB2582.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(136003)(396003)(39840400004)(366004)(83380400001)(66556008)(5660300002)(4326008)(26005)(8676002)(9686003)(66446008)(66946007)(71200400001)(76116006)(66476007)(64756008)(8936002)(110136005)(478600001)(52536014)(54906003)(6506007)(33656002)(7696005)(86362001)(55016002)(53546011)(2906002)(186003)(316002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: hDxIONzKvtYjMeOjYWZdUupI0kJWw+qXT6B/rNZ7EcmOYwox081d+V3LLGRG2x5x3MmMDninZ+eDKYNWpZa2rvMhp93Cqy8bTmux+hevJ1exAfYDnLT5NJ+ffQ8430dFR/6E+pZnAArIezKXrD1UdCjEtiAyP0O0bcEpmL/CYeofb7YM+a3dYMJVPzwHTsJiVSaxUZzGul6j7IXtPUZGjONm8MiZ/WsJ/3GLREEPNBej4opxRHXbkztDRljhGFGnZEZxsp0nfO/CnYaJ3+dM2WQCerLTw1YNBAc+S6G7HvqoFGcHjSl+0heyER9cqogC7WGAFGQ0OcvMu6Cr3mO0GReuDmfJ2ZZ0QjZMkloQQ3ul2kyltpIlK+xQoNrGB491L/aUg4HnLFDpzA67/um+Z5J1ZUzjnGeH/C/gGmXkHVCtijYgmSCd3dQVdAlCjf9dfnyI/vRzH7aDuNJnNOVZ4+jFP3aMBw3rjRGVuk9dhwJcgf3yDB3HKWL2h6VHKA59KpKACD7KU+JbC8YEbkx7j38+9aLdjgefNqgLFCjrGzGgZ1bUtpn2Fsug28cNnBeMSgxhhZu3EGG0MlJnXHaDImQLQeiXQmG/TMun/JxJG4VnVEsuPX0Ta9xKUsqmhljgJCmkCYkubYUD5G1PrRAqcw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR13MB2582.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0dfb2698-2cc1-4a95-6d7e-08d879f49837
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2020 21:17:50.4726 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: D/DLEmhDztivWFyS9HwpYI6WO3D9hRXJE46RvPVViPrF9rb3GQUBoCDXmGsvDhv1aklu7JcMGS6iDNs9rvcEFA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3063
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/-oxhpfcfE8v0pzkh8Pc9GJwQTzU>
Subject: Re: [MBONED] Benjamin Kaduk's Discuss on draft-ietf-mboned-ieee802-mcast-problems-11: (with DISCUSS and COMMENT)
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2020 21:18:01 -0000

Hi Ben,

This -12 addresses Alissa's discuss comments. Once she clears her discuss we will get to the rest of the discuss items include yours and Romans in the next rev. I'll email you directly before posting new rev to make sure you are good.

Thanks,
mike

-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu> 
Sent: Monday, October 26, 2020 1:40 PM
To: draft-ietf-mboned-ieee802-mcast-problems@ietf.org; evyncke@cisco.com
Cc: mboned@ietf.org; mboned-chairs@ietf.org; The IESG <iesg@ietf.org>rg>; Alvaro Retana <aretana.ietf@gmail.com>
Subject: Re: [MBONED] Benjamin Kaduk's Discuss on draft-ietf-mboned-ieee802-mcast-problems-11: (with DISCUSS and COMMENT)

I see that the -12 was posted, but it still refers to the obsolete RFC 4601 (so I can't clear my Discuss yet).

-Ben

On Thu, Jan 09, 2020 at 08:48:34AM -0800, Benjamin Kaduk wrote:
> On Thu, Jan 09, 2020 at 05:51:13AM -0800, Alvaro Retana wrote:
> > On January 8, 2020 at 5:20:00 PM, Benjamin Kaduk via Datatracker wrote:
> > 
> > Hi!
> > 
> > > ------------------------------------------------------------------
> > > ----
> > > DISCUSS:
> > > ------------------------------------------------------------------
> > > ----
> > >
> > > Section 9 says that "[RFC4601], for instance, mandates the use of 
> > > IPsec to ensure authentication of the link-local messages in the 
> > > Protocol Independent Multicast - Sparse Mode (PIM-SM) routing 
> > > protocol" but I could not find where such use of IPsec was 
> > > mandated. (I do recognize that a similar statement appears almost 
> > > verbatim in RFC 5796, but RFC
> > > 5796 seems focused on extending PIM-SM to support ESP in additon 
> > > to the AH usage that was the main focus of the RFC 4601 
> > > descriptions, and does not help clarify the RFC 4601 requirements 
> > > for me.) The closest I found was in Section 6.3.1 of RFC 4601: 
> > > "The network administrator defines an SA and SPI that are to be 
> > > used to authenticate all link-local PIM protocol messages (Hello, 
> > > Join/Prune, and Assert) on each link in a PIM domain" but I do not 
> > > think that applies to all usage of PIM-SM. Am I missing something obvious?
> > 
> > It looks like everyone (including me) missed the nit that rfc4601 
> > has been Obsoleted by rfc7761.  One of the changes between the two 
> > is that
> > rfc7761 removed the requirement for authentication using IPSec "due 
> > to lack of sufficient implementation and deployment experience".
> 
> I think Roman did pick up on the obsoletion, but it was buried in the 
> nits at the end of his ballot position.
> 
> As you rightly note, this does supersede my specific objection to this 
> document (though I still would like to know which part of RFC 4601 
> made this requirement, if only to know whether or not to file an 
> erratum on 5796).
> 
> > This is what rfc7761 says about authentication:
> > 
> >    6.3.  Authentication
> > 
> >       This document refers to RFC 5796 [8], which specifies 
> > mechanisms to
> >       authenticate PIM-SM link-local messages using the IPsec 
> > Encapsulating
> >       Security Payload (ESP) or (optionally) the Authentication 
> > Header
> >       (AH).  It also points out that non-link-local PIM-SM messages 
> > (i.e.,
> >       Register and Register-Stop messages) can be secured by a 
> > normal
> >       unicast IPsec Security Association (SA) between two communicants.
> 
> And that seems like a good treatment of the situation.
> 
> Thanks,
> 
> Ben
>