Re: [OPSAWG] WG LC for draft-ietf-opsawg-sdi-02

tom petch <ietfc@btconnect.com> Thu, 13 February 2020 09:50 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B8CD1200C7; Thu, 13 Feb 2020 01:50:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1l0yahe9JOLq; Thu, 13 Feb 2020 01:50:47 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50101.outbound.protection.outlook.com [40.107.5.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED3311200CE; Thu, 13 Feb 2020 01:50:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mVc2wFst+cL7/rR2dUJuz7k01AaUvi311/KEcttyJ1VV7T7WcPNIPHRNRYN7bgJTDkV+0bDH2C7K/yN7qrR+cV/wuqWr4bS1KXFAVPnb6UP/N5gvI0NLRKNrd+qGhJzHAzk9bbI+TDBmv7xPWZk5Rb5orFfQsQHTsrzbiDTh6QQJlpea14p6jtdX+KPFJCGmFqxbVX7h31v4/3xe1qV/qFsXhLDhmcv0MbrsPlmLgmFttX8K8S9ViJB3dMWVaM956YFIOl/Q3BnpucRgczjyJ+PJjF89rdiIAHF2UP+ScDt7aPleyHvoTTo2phf+Am2kG9RQ8kbyZDz+T7BbJ6P7XA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/YaFwUhXWt9+L5tG78QRF4qY0aZzefeplote6Qn+tqU=; b=IPSLf2QrpyFPfTts3Ipzm99uIW9BpK3cVvudIeYAxLWJnx3khaeLRYEhd1hRVBDg4tQzUICLOT+ANENmHAWzjjIJB87XvtZciEuhy3ZxLMahqKqrlDAztusdT1OcxBNUHaBZY9j6qsjv/Mcp3HSXT/JcORDUHj16pFnMbvBMgFdSVFa0gJYsGf098R6pFHcI53lO+OyBe+W5pl6u6Qz2Et3oayfs4vnq/qym2h/CG4xBC913/X/1xPTSM9BBE0dePNp5V8y6rOi8xCt6qJ69QtU2AZXLM71rqWq/S8Ne5pl7uWCfre/iBDmA4CgXXZb5v3CmHUZkB8P/wYqrp1uGOQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/YaFwUhXWt9+L5tG78QRF4qY0aZzefeplote6Qn+tqU=; b=hFxCkucorre/gbYg9ioKvGnl596Wbl8tTyti1duoDjK4iQjep3ZI/Z6jlm5HMOa5EnAalgGSP2/NBWvhR0qPvw4UL2l6TG8WyZceFgmiQlL9+PYKt78+OmUoFghsFk+MsW9l8j8N+ToW0sGViuAQ3TEgcUmg6HNhTqYb0bQxZb8=
Received: from DB7PR07MB5657.eurprd07.prod.outlook.com (20.178.85.222) by DB7PR07MB4919.eurprd07.prod.outlook.com (20.177.192.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.16; Thu, 13 Feb 2020 09:50:44 +0000
Received: from DB7PR07MB5657.eurprd07.prod.outlook.com ([fe80::450e:a4e2:e88e:dbcb]) by DB7PR07MB5657.eurprd07.prod.outlook.com ([fe80::450e:a4e2:e88e:dbcb%6]) with mapi id 15.20.2729.025; Thu, 13 Feb 2020 09:50:44 +0000
From: tom petch <ietfc@btconnect.com>
To: Warren Kumari <warren@kumari.net>, "Joe Clarke (jclarke)" <jclarke@cisco.com>
CC: opsawg <opsawg@ietf.org>, "draft-ietf-opsawg-sdi@ietf.org" <draft-ietf-opsawg-sdi@ietf.org>
Thread-Topic: [OPSAWG] WG LC for draft-ietf-opsawg-sdi-02
Thread-Index: AQHV24JM4Jy0pZAKrUSwMtKjfIu5p6gTbncAgAV/yPk=
Date: Thu, 13 Feb 2020 09:50:43 +0000
Message-ID: <DB7PR07MB5657833D90EC16975F74C90BA01A0@DB7PR07MB5657.eurprd07.prod.outlook.com>
References: <BE7A5042-266D-4E49-B528-34896063D7D1@cisco.com>, <CAHw9_iLV5-pRvLCQBw+Ro+vF9Ec=Bt76sR3-J37EtZV5RtVWAA@mail.gmail.com>
In-Reply-To: <CAHw9_iLV5-pRvLCQBw+Ro+vF9Ec=Bt76sR3-J37EtZV5RtVWAA@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
x-originating-ip: [130.88.52.56]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 045e53de-9706-42ca-b4d5-08d7b06a319c
x-ms-traffictypediagnostic: DB7PR07MB4919:
x-microsoft-antispam-prvs: <DB7PR07MB491981D8C8E5282D3A517507A01A0@DB7PR07MB4919.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 031257FE13
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(396003)(366004)(136003)(199004)(189003)(478600001)(9686003)(33656002)(8936002)(66556008)(71200400001)(2906002)(81156014)(66946007)(81166006)(966005)(8676002)(66476007)(76116006)(66446008)(64756008)(186003)(4326008)(26005)(5660300002)(52536014)(86362001)(55016002)(53546011)(6506007)(54906003)(316002)(7696005)(110136005); DIR:OUT; SFP:1102; SCL:1; SRVR:DB7PR07MB4919; H:DB7PR07MB5657.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: GmvgXMiIFq5+QkcnWX53auJd3jWzXPY2+VkcDoxX3/ouIDJMy85SkVDGouGKlUDt791gQa4hT/8j0tnvYNUnn9o+edKds9d7hMwN2v0k7Miqh/5DQUfAj6rEW8Bm+mVRSKdsvw05TDsRqgruszZr2ZAWo15WgG/YVbSkW5JhKxWE99QKr2Jc4Peo8Ex4oM9MoHnal3nBrtlQIxWWbs+0mS1O6rki9Z/w9jajTXrdw3/LeQi2+NwL0dgw48PzQtbsv+BQQcxIUfgrxzX5lyIdNAFwi/CTpAkGBc+sgeNeVHdsiNpw/z23R4WRz5MQ4qj4E95vmMmpUsfIMqdz1wcPePI7YvHgI3Dzj5kQMt5oEUstxDKqeWmtc1Jh4MAQupW0a4G6xcmeKjzoqsGvZK4GxpwBFyn5I0fRl89iHRfQLIZp1K4gHktI/JxQeUMBqUB7p3kyP5KFz/8ufM71Bp3mD5y5czvJcCTHyKc+oJT561i3eCkf8TeHHUF7QdnOcBWJX3NgfX00S6/2sxd4LRNpbw==
x-ms-exchange-antispam-messagedata: aGnVXfPE4Keybt1tm2VVdpOrNwJGjNVGvwYFjbke921XTkMehUAL+gUlN24LHTPF0sAs9D/ht88DQk1HgDZgVFEbIp8EXvqJU9jRlZOlJ4kHfKf2jIqU20DG8FPbjY7NOEZrR0cEpZYG27GCgndbnA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 045e53de-9706-42ca-b4d5-08d7b06a319c
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2020 09:50:43.9950 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vdQ41PmTCYxULhg3+EuEUD5UW7kkBdQzIdnCTWdRMXcwfHcF7+8O6GQYwrlJZKUJ9wJMptSErzx5T3pdgMqv7Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB4919
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/VwJJ9kCp7SmnT_mhTeVmx0NeXN0>
Subject: Re: [OPSAWG] WG LC for draft-ietf-opsawg-sdi-02
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 09:50:50 -0000

a second separate concern I have about this I-D is the Security Considerations which seem to me to be weak.  I would expect more about the hazards of key pairs, keeping the private private, who is the TA for the chain, who generated the key pair and how.

I see a lot of private certificates and key pairs these days driven by the requirements of PC to connect to networks and suspect that there is a disaster there waiting to happen because the risks are not understood and believe that what is being recommended here may fall in the same category.

Tom Petch

________________________________________
From: OPSAWG <opsawg-bounces@ietf.org> on behalf of Warren Kumari <warren@kumari.net>
Sent: 09 February 2020 21:49
To: Joe Clarke (jclarke)
Cc: opsawg; draft-ietf-opsawg-sdi@ietf.org
Subject: Re: [OPSAWG] WG LC for draft-ietf-opsawg-sdi-02

Dear OpsAWG,

As there has been no feedback, I have to assume that you think that
this document is **absolutely** perfect, and contains nothing unclear,
inaccurate or confusing. Franky, this surprises me - I'd thought that
the bit about the penguins was somewhat vague...

W
(Yes, this is just a thinly veiled attempt to try and get more review
and feedback :-))



On Tue, Feb 4, 2020 at 12:41 PM Joe Clarke (jclarke) <jclarke@cisco.com> wrote:
>
> With the publication of -02 of this draft, it seems to have reached stability.  There has been interest in both usage an implementation of this draft expressed in the past, but discussion has been quiet lately.
>
> This email serves as a two-week start of a WG LC for this document.  Please [re-]read this draft and comment on its content as well as whether or not you feel it’s ready.  WG LC will conclude on February 18, 2020.
>
> Authors and contributors, please reply on-list as to whether or not you are aware of any intellectual property attributed to this work.  Reply that either you are not aware of any such IP, or reply with the details of known IP while also making sure you complete any IPR disclosures in data tracker.
>
> Joe and Tianran



--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg