Re: [OPSAWG] Alissa Cooper's No Objection on draft-ietf-opsawg-ipfix-bgp-community-11: (with COMMENT)
"Dongjie (Jimmy)" <jie.dong@huawei.com> Thu, 06 December 2018 09:39 UTC
Return-Path: <jie.dong@huawei.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D407131127; Thu, 6 Dec 2018 01:39:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bUeejQc-IQcf; Thu, 6 Dec 2018 01:39:17 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73E8E131123; Thu, 6 Dec 2018 01:39:17 -0800 (PST)
Received: from lhreml705-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 0A8C6ED61B4D7; Thu, 6 Dec 2018 09:39:14 +0000 (GMT)
Received: from NKGEML413-HUB.china.huawei.com (10.98.56.74) by lhreml705-cah.china.huawei.com (10.201.108.46) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 6 Dec 2018 09:39:15 +0000
Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by NKGEML413-HUB.china.huawei.com ([10.98.56.74]) with mapi id 14.03.0415.000; Thu, 6 Dec 2018 17:39:00 +0800
From: "Dongjie (Jimmy)" <jie.dong@huawei.com>
To: Alissa Cooper <alissa@cooperw.in>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsawg-ipfix-bgp-community@ietf.org" <draft-ietf-opsawg-ipfix-bgp-community@ietf.org>, Tianran Zhou <zhoutianran@huawei.com>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, Tianran Zhou <zhoutianran@huawei.com>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Alissa Cooper's No Objection on draft-ietf-opsawg-ipfix-bgp-community-11: (with COMMENT)
Thread-Index: AQHUjEFeF7+gv/o5k0mhl6XrYMbPL6VxWbKw
Date: Thu, 06 Dec 2018 09:38:59 +0000
Message-ID: <76CD132C3ADEF848BD84D028D243C927C2EC8588@NKGEML515-MBX.china.huawei.com>
References: <154397654074.5045.11078918410418546951.idtracker@ietfa.amsl.com>
In-Reply-To: <154397654074.5045.11078918410418546951.idtracker@ietfa.amsl.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.130.151.75]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/GIGtQSN0GrNl6nXZR0Op4dc89RQ>
Subject: Re: [OPSAWG] Alissa Cooper's No Objection on draft-ietf-opsawg-ipfix-bgp-community-11: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 09:39:22 -0000
Hi Alissa, Thanks for your review and comments. We will correct the improper normative language in section 7 in next version. As for the security considerations, we will discuss among coauthors and come back to you. Best regards, Jie > -----Original Message----- > From: Alissa Cooper [mailto:alissa@cooperw.in] > Sent: Wednesday, December 05, 2018 10:22 AM > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-opsawg-ipfix-bgp-community@ietf.org; Tianran Zhou > <zhoutianran@huawei.com>; opsawg-chairs@ietf.org; Tianran Zhou > <zhoutianran@huawei.com>; opsawg@ietf.org > Subject: Alissa Cooper's No Objection on > draft-ietf-opsawg-ipfix-bgp-community-11: (with COMMENT) > > Alissa Cooper has entered the following ballot position for > draft-ietf-opsawg-ipfix-bgp-community-11: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-opsawg-ipfix-bgp-community/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 7: > > "BGP speakers that support the extended message SHOULD be careful to > export the BGP communities in the IPFIX message properly, so that > they only convey as many communities as possible in the IPFIX > message. The Collector which receives an IPFIX message with maximum > length and BGP communities contained in its data set SHOULD be aware > that the BGP communities may be truncated due to limited message > space." > > This uses normative language improperly. "SHOULD be careful" and "SHOULD > be aware" are not actionable by implementations. It seems like in the first case > this is trying to convey something more like "SHOULD only convey as many > communities as possible without exceeding the 65536-byte limit of an IPFIX > message." The second one seems like it should not be a normative > recommendation. > > Section 8: > > "This document itself does not directly introduce any new security issues." > > I question whether this is true. The motivation for the document describes the > use of BGP communities in IPFIX as inputs to, e.g., traffic optimization > applications. Given that there are known problems associated with the > integrity and authenticity of BGP communities (e.g., [1]), couldn't the > propagation of false BGP communities to these other applications cause the > applications to misbehave in ways above and beyond whatever damage the > false communities do to the operation of BGP itself? > > [1] > https://datatracker.ietf.org/meeting/103/materials/slides-103-grow-bgp-com > munities-spread-their-wings-01 >
- [OPSAWG] Alissa Cooper's No Objection on draft-ie… Alissa Cooper
- Re: [OPSAWG] Alissa Cooper's No Objection on draf… Dongjie (Jimmy)