Re: [mpls] Kathleen Moriarty's No Objection on draft-ietf-mpls-rfc3107bis-02: (with COMMENT)

Eric C Rosen <erosen@juniper.net> Thu, 03 August 2017 14:12 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3A181323C9; Thu, 3 Aug 2017 07:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xiiUbPr2xI8E; Thu, 3 Aug 2017 07:12:43 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0092.outbound.protection.outlook.com [104.47.41.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B402B1323C8; Thu, 3 Aug 2017 07:12:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XKfQDZY3/Vmvqi+r7ommxi50sj84bI7+drPHyLknsJY=; b=gjvxde9IXszvVvgaohpPxEj/mKPMrzTLnQwluwwbRZlgWKtxniLzqZqPnH9m+F9fZN4w3jq9bSxmxinjxnO7PHXCRcUXAEZaQRGJ6vU83OvoM08L8LjMgPNVJj7fZDo19IYK2WUhqknxuekevO52wrHwphW3Qm7NtDwdRKpOjWY=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=erosen@juniper.net;
Received: from [172.29.36.32] (66.129.241.14) by BY2PR05MB2181.namprd05.prod.outlook.com (10.166.112.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1320.10; Thu, 3 Aug 2017 14:12:39 +0000
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-mpls-rfc3107bis@ietf.org, Loa Andersson <loa@pi.nu>, mpls-chairs@ietf.org, mpls@ietf.org
References: <150169913913.5791.5598424201108583393.idtracker@ietfa.amsl.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <80f840d5-8821-a6bb-41f5-8d4ffac3bda4@juniper.net>
Date: Thu, 03 Aug 2017 10:12:35 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <150169913913.5791.5598424201108583393.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Originating-IP: [66.129.241.14]
X-ClientProxiedBy: MWHPR09CA0028.namprd09.prod.outlook.com (10.173.46.142) To BY2PR05MB2181.namprd05.prod.outlook.com (10.166.112.9)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 59c2af5d-5660-4cd1-6653-08d4da79b3f7
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BY2PR05MB2181;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 3:gQSN+bpIyq+1VfU1doGcwnV+zLNTmbRqj2rgExWgDTQv/aQ7zGuV9VjCp9+4VWKyFV2SLLkHhG7FRNJagwst7o0Q5M1FODgh39zjoUi8PDcf0dKf6CgXRdeV9YKMgNVKGKaHNXdcrsmQNmDItKcVL3MHywIhPxfMdwAXVQue1KfX1Y3N7KriOIX4JQJqsaed7iLqGWMm/pMjSThAV8PNfKpzRcu2hgRn+Pt3rwLTU71oXc8YIGySHMuLbi3VNLDU; 25:arWQvVB0ARk5dUAPPTZ+oHaoRhsNMb2YZSzBLZJwt4xIoQ4PtgTUwy1pOI7lRlA3PlYeVWeMiwOBEqPMsZ7qrwCLQ3F0bF7fHnEbpYmEoeiYWUyxBOIe/d9DB3wzKBElhfMf/XjrPsm96uxKatbUHDmxl/9AHwow1p/34WQo7WBvVtQVPzOvg3HcHJ8ZW2cS8cRkHHUIMHX3KPWT4nTz5XhpZnQHlHAea4oq6L4AJrVzLYD3kdJix96xuvX2LvWhDx9nL+c8Mp+uclgX14InNh2Vzr0GFDFbn5QI0+JSYhdkgIneihNPW1Aap96t9gcIMKE1tkzeCriR2Oj6N2aecg==; 31:EuiYIlSYWZ189akwmwCpq/JuSDoLMMR9URQivOzZeNXnAz9Y+AIzQJbgStHd1OJwnI2b9uSa4wzgXr4r8FQ2EDu+rRu3RwmS1tfvxi/kXVABFQG6BHO8/ebUcMVMwEZ1AWRRUFF7DT5U03zYyi4Z51V3jTsM1NjGZdX9Kuem1BNEQBQ/foeXMv2r1wUd967aGkajGtY1TuG5JBdi50/flqIjRNRqnRaRn7ZeXK3Ct6A=
X-MS-TrafficTypeDiagnostic: BY2PR05MB2181:
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 20:znH7r8/XU72EFZU4/8gt77YKurhilMwGicx3VTOO4Gn2yqDiUckQk1IpudsYoyVFKqYh0WhZYRJ9aI67WW0rnGKErsQHKNd6GNVYa4XKk9vu0VoQIB1v65T9Tm7LZl+CWk+ypNOrcbSrPY8Uf/X0wkVDIyA/RqLSAMZNWNKCnN7Ib3K8kWE7SivIwTXz+RITn9XqFl0jZwwwLTaOhDF1UEFNS5TGLY+DZ0sXueGrJqiBgwtwk3hN8h55uLQ8t5R+obDmg+1+O5jxshmFKfyCYHYyivX0Srfxdpks1aO/D1qsI8WDXlBlQpQ8K8OB9lgF1zISU8xBcaLj9+rhgh0YUxyVuNhS/V4aIzcChUR5PlInwP4l45Uvz802mUW8MRgm70GaMK6sSAjm/OjNj3z+A+gMyoITfQ/bDVCqzg9A2HpF891ZA1cnRHQ2MHvYhaGlpW54VQXdgcpBTYnl0AUnUVGP7DHGTk7kPD0nhwU80352L0BhDmnE5coSVJPWSeUhp6p3I6LJaPVm4JPc1Ss2fB29jMoxBpUQDb2c0GDg3NpQZS0YmKPEIjNuAwrBgeIdy5p60t5SHxRlPvNvG6SanGdLjKUxnTjprdy8Mh5RklU=
X-Exchange-Antispam-Report-Test: UriScan:(120809045254105)(192374486261705);
X-Microsoft-Antispam-PRVS: <BY2PR05MB218139F5598D9F264F61023BD4B10@BY2PR05MB2181.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BY2PR05MB2181; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY2PR05MB2181;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 4:f7jvecUFBayIgFp3gllR7okBBXGh6aNL1hBUbKlMdLmg0CTzHuDZ+o8dRoxPUpVnOQXxF0xYMMk4sxgblBfRAEpmF8Pj1PqzrByItG0xb9yrtl/cMOBwRNoWrbkM17U1zuyiU9Ms27GfFAbz7S8rEVj0RS8de0I+j+Lyjb+eWNMfCy9mujRcgrgnXWPxfJKe8pfdQQrsFRwPeXct6jI45lnwdzLT+/R7aB/zXi9avLB6YAECXzkhxx/SvPNmfC188meibPBzVUE5FEkkto2CaibGpYnmoAcrUfIKTw0bStjs9e2UgXORv+mR2s4UMi9+V5T/KV8A1kuoou6NtNTOdA==
X-Forefront-PRVS: 03883BD916
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(7370300001)(4630300001)(6049001)(6009001)(39840400002)(39450400003)(39400400002)(39860400002)(39850400002)(39410400002)(24454002)(377454003)(199003)(189002)(42186005)(23676002)(7350300001)(33646002)(66066001)(76176999)(65806001)(47776003)(65956001)(230783001)(50986999)(54356999)(106356001)(3260700006)(5660300001)(81166006)(65826007)(81156014)(2906002)(6116002)(3846002)(101416001)(966005)(8676002)(25786009)(105586002)(53546010)(4001350100001)(7736002)(68736007)(90366009)(6486002)(4326008)(305945005)(77096006)(478600001)(229853002)(6666003)(53936002)(6306002)(2950100002)(31686004)(50466002)(230700001)(97736004)(83506001)(64126003)(38730400002)(189998001)(6246003)(31696002)(36756003)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR05MB2181; H:[172.29.36.32]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;BY2PR05MB2181;23:DUj4DeUsMNp2Xf81ad5wKf4GB73dAKCqk0mbVhEXTYl/dAHl2YEMEEOCjqinWznysx5c88hUIghZZU4p+DTZbBC80S2BpXLucuPw3YmdP0tbMu0iWH/IVg2GZhOU+2pxdvFtiiUw/uAmvmOhRkWf+JgAzt/pZaIGnlyNJa+Fluo3KLe8rlikAy78LFAwMy7TWjmKECCwyWIuH7wodXLJ/HwjG8tf3KW/8TQpAOtLoyhymobcgzSuWXhajw/aAz/kQa10hkgCsKir85cSsmzWQhJi2G74/QYrF3Q8BPgQX9PeEtk4UD7AzEDsyJnY2F7yWMwvt+EMl4RExtJsObmg4ppABsYGu5vAXzI+AqSQxZg+9NG13vYoiHG8bhHeXx7AAxXqJQw9wb5bqOJWRZUP8UBHRvwMutv9iwJ0a6JqhPslLkc/qfIdDc3mtKbf6l4+/ZvDGsiVSZyVZWvRXgmwQbqpZdLoVTpKxJfKzrHvVGpRy93IaW0BBYOxP2VfcsGY/jGOHHyC0F2IYGNCz0A8VuVk9+Lj08l+KYmXIBbyWoO9F5tOyAlatv+CPOLNuuPixdMM1vD5oVXJ8zg1YmZz1MNh+IRLZgABnV8EjGt7LtNf1PmZdIoYLLFEcRSL1lbYk9xyccuF+XcVBLZPzIYD3BCB6iGUxTx/juDr25ucYpSd3iTA6jQZoPDSwv6otVnjexXYr/4mKe6KwmFHjO+AWiQHYGzleeSnIVbkzjZy6CKKs19O5BdCL8ID4T0Zl5+KRX7CQvamP4tr0YE/mrjMKSd1DkP6mO5p28oZSyx7i12ISFQju2/Hm6hHz4sq/tpoNlUwYLmSb9aEJyPzuBM0ZV4Iq6PRXbMyRmTtFKpbdkEDOAMXVGwTkuG4g8VyGEodU8XeeEx4DJZ7lAbRmcaYya9dz8LpVmSgVBOwn4HKL7Zad5CrG0dZeyY2DCvlIcI6VYV3cywZxjkOfex0UCWtFHd81bGrMpIPxBH7eIoug7s0/Tu/CDxTjyO4BTsb7rLMCEFy8v84wS5D4hXpm5Y2ttWynoAA4laa1fJsNFCtC009oYmrg9Imm81MF8LgaijiYF/FOCpLcw7BS2BLlkP8J4hxRIqlL1mKO77XmCiCnKxBODLJwQyMDTY+YQ7dv+VwnDJrsFpB/wq2cGjadx2qbnbj+yPnvXWALwERHZI4ruuhJPnk2FRiNqdMKTY4Jem8mAXiQ4xc1V02zb7Y8yMKZSJqY5ZE+rYLR0w8he8wMoSLH99+zyMuV2VQevOBlMkkPJEBR92ycIsYzAQg0nPJRy5McNqLfDXSKPSf6Id9JcLsUjhiPj5hWqYoefhykxWL1cZJy3To6XC324P1BDm5TRHOl0b1/Ff+FND3suvD415igm/HpCmiMo+/3w4j/n3iEAjSaI54NIudZBJI6VbHWXnUPBW/n5lK/SHTvQnC6p8kTzWfXy4x7DX23AKys/O72i2vuDARDH4Xjjlit/nILR+Y4mk+3tP5brLy818sAZUbqi6THhyAEPvxlrRlbSgisBQ2YI6DsTBFSOzop7p6bfV83UpCB8huxilXjwNEyNBOdyibsASBafakcimILLT1HWlcQPopDbJMY9wbQH7zqg==
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 6:Dcprt9cCQgVCMDoUrLqNtxodQNyF+TBHUThND422lCzYq3LKNuzP95vSgLLjM7gQiKjSIb4I5TidzEuzKYyTXaM/peQ5mQjm73QSg6vKe4veIesyUWF2M82oPncDqgCZvcgjLqhbPtlrinFVTDFKrDUhoH1b5NLLLz8Y30EyyYzCBek+E1VqRoPBBBQDomkGtO2Cg8UO70TUWgTxO9+FcnsQj68Zb13Mms0Gda/03iWmw0tFtPIIRuzEPfOOPG0LC8R2mqVQBIBR2I2VYuCHoZMKYBQNSGwENbFD3j1bh2toC3r5+818+Z7O3BFxzvi0kUEiuWoZyfMXFnAV0hJb4g==; 5:g4zjKOPhXfrN5EyQUjcNvjsElZM6ofXqbhEPL7BX7l1boJQF15KKEv9odkgIE3+O3XeUd3TtmQ07qq++dtzgn0dyAC8uP/iBd+0DCrxljTdzAgVqymg6LXpo9V7ZKvAfh5IAoyDnf/lMZk+PwZBvXg==; 24:y3g6O2OQBkK+eiUerj/UVeWDxj/h/3Fj3vYYYMCc/85Aq5nooUsEaFynE6OhDU36CALUfe+vW2Db4vTnGwDA4ezqdJh3weN7X6djEedPi68=; 7:aFXPhMONspdi59gCZ94TCR/I0KBkSRhVl1uWoVzNs01clhZgxkZsIZxZYhe8gamn9173x3mKs8l2+Mx447thQ9fq2jSwPzwIWqArt0q4hYKyxtC/x+G8kdM5sp0piXe4jqZtUudDIZKMLWmwvh7SKS3jSHf+GCJlchb7XgAbyo0j5S8i5TwHnoNtAc5roB+7ZK9RB19BKqYBLdxsxATiuAh+BHnG7dzHieruJQbjfcc=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Aug 2017 14:12:39.7096 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR05MB2181
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/PfUuJ5WcFIc7zVyfpONHiiYopHE>
Subject: Re: [mpls] Kathleen Moriarty's No Objection on draft-ietf-mpls-rfc3107bis-02: (with COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 14:12:45 -0000

I've modified the Security Considerations section (in the next rev, -03) 
to contain the following paragraph:

-----------

    If a particular tunnel encapsulation does not provide integrity and
    authentication, it is possible that a data packet's label stack can
    be modified, through error or malfeasance, while the packet is in
    flight.  This can result in misdelivery of the packet.  It should be
    noted that the tunnel encapsulation (MPLS) most commonly used in
    deployments of this specification does not provide integrity or
    authentication; neither do the other tunnel encapsulations mentioned
    in Section 4.
--------------

I think this addresses your comment.


On 8/2/2017 2:38 PM, Kathleen Moriarty wrote:
> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-mpls-rfc3107bis-02: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-mpls-rfc3107bis/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> The security considerations section should at least mention that none of the
> tunnel methods provide encryption or authentication of those mentioned earlier
> in the document (Section 4: LSP, IP, GRE, & UDP).  Although this isn't listed
> as a discuss, I'd appreciate the comment being addressed with an update to the
> text (1-2 sentences at most).  Thank you.
>
>