Re: [OPSEC] Martin Vigoureux's No Objection on draft-ietf-opsec-urpf-improvements-03: (with COMMENT)
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 21 August 2019 23:40 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1813120043; Wed, 21 Aug 2019 16:40:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4sIRdUUd5bBb; Wed, 21 Aug 2019 16:40:36 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2107.outbound.protection.outlook.com [40.107.91.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA7EC120024; Wed, 21 Aug 2019 16:40:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WqFWVphFHSCyf6gSSTUpMuoI1AoeapymhsKXhBLVSkWreTRufeKQgokvy0yw/sOBOC+Hi3EOHoWlfZ8PULhDNzDUEY2fr0rzDmtY0e1JpGChvk4tbOTU5SgJmN23FHFVbfqqMqC8ZowIl/tqohmst31jShLHttG8loX9D30sp0n7bBESOjjbzz0MraYJVtIDjAN7j31HhXM0JIraaWZHPToq+z0kujfJuWaeELf5Vxr+HGaUC2fV6vU2bYxrWRWDvujkbk0MIpxDtdn1vq7/X8vmb3bR2pBuCYe89iXEKaxxrL5kylR2vKiINqvAqwJ+Ze7652T22NGSfyDtIzy3MA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nl2LwX/vi4Qj01lLlMEad8GGNxdZxAaSfcyjRDwO8rc=; b=iINjh8ksWA+l42ZDi1nGSjPIR5aULEfoCqyP/grpOH8GFCX7DvuRhEi5ocbLrmmyJDVBcmRgw1ZKfIgksFB5iDMEVP+HKtTac30cSj6BsjdqrohUgr982/GDTVDGJ+UvhJTn0n5VT42hbf8mhjbFlkPeOj/68a1dHhPXul3wYtuSdtIaz0ozrJx9TEDTqQQX48cxdQU6uKLMwQ7YCdtUxyCLxmjgjzQflflD9ozb5Fpe4+MwokCqVCfxzzWFOY6m07j/Bx8Ck8LU74PERKiECW7h8aRc1C1wFcP6IawvtgRhy9BmzW1ZxsvKYbL1nJfFQcQjGbBggmSFKtnPa+AFtg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nl2LwX/vi4Qj01lLlMEad8GGNxdZxAaSfcyjRDwO8rc=; b=e5fatTFPMW1R4BMKZBIExX4WXN0VRkpx4M4Bp2bu6anpKcKwluqL791dgckLSMsOMreIcJjIQYcpvnq2kLI6Ds2eCwha7c0nbuvFd9AmS6Z0oFhwHeiwforK5MJaSrwodTYhmwW9nVesX1Y9FR9JdwWhmexEjMU6YP7GUmofWlk=
Received: from DM6PR09MB3019.namprd09.prod.outlook.com (20.178.2.203) by DM6PR09MB3033.namprd09.prod.outlook.com (20.178.2.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16; Wed, 21 Aug 2019 23:40:34 +0000
Received: from DM6PR09MB3019.namprd09.prod.outlook.com ([fe80::fc5a:9648:8e8f:7968]) by DM6PR09MB3019.namprd09.prod.outlook.com ([fe80::fc5a:9648:8e8f:7968%6]) with mapi id 15.20.2178.018; Wed, 21 Aug 2019 23:40:34 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: The IESG <iesg@ietf.org>, Martin Vigoureux <martin.vigoureux@nokia.com>
CC: "draft-ietf-opsec-urpf-improvements@ietf.org" <draft-ietf-opsec-urpf-improvements@ietf.org>, Sandra Murphy <sandy@tislabs.com>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, Sandra Murphy <sandy@tislabs.com>, "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: Martin Vigoureux's No Objection on draft-ietf-opsec-urpf-improvements-03: (with COMMENT)
Thread-Index: AQHVWAkIpkNS4V1DFUyPU5OC8U8QIacGPxOX
Date: Wed, 21 Aug 2019 23:40:33 +0000
Message-ID: <DM6PR09MB30190309521CB5A4EB99920A84AA0@DM6PR09MB3019.namprd09.prod.outlook.com>
References: <156638238422.25801.5282209588346224957.idtracker@ietfa.amsl.com>
In-Reply-To: <156638238422.25801.5282209588346224957.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.220.124]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: feef63a4-f4ec-4ca5-80ec-08d72690f60a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR09MB3033;
x-ms-traffictypediagnostic: DM6PR09MB3033:
x-microsoft-antispam-prvs: <DM6PR09MB3033D0982C7511BB07D76DBC84AA0@DM6PR09MB3033.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0136C1DDA4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(376002)(346002)(396003)(136003)(39850400004)(189003)(199004)(446003)(81166006)(76176011)(66066001)(99286004)(7696005)(316002)(110136005)(54906003)(14454004)(6506007)(3846002)(6116002)(2906002)(478600001)(102836004)(305945005)(55016002)(9686003)(74316002)(6436002)(53936002)(71190400001)(91956017)(52536014)(76116006)(66476007)(66556008)(64756008)(66446008)(66946007)(14444005)(86362001)(33656002)(256004)(8936002)(7736002)(5660300002)(71200400001)(6246003)(476003)(8676002)(81156014)(4326008)(486006)(229853002)(26005)(66574012)(186003)(25786009)(11346002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR09MB3033; H:DM6PR09MB3019.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: uR8EyDyPNahJ9bK1GJwL8/eA9gF94JPhWcvIJVvO5cP8BBcoEhL7XYbE31+UaGrxEofNsSDd2cM9ftG+474hW74r+kukogiBhzxTI0rkjeQ143mE6iWy628p5uZfNSJoSQgJ5CdFnCA27Gyje1EEpXTBKqplr7AWSO6ipDOm6t1xnAL7aYSk+cc/lpsRz067yhiCuizeWjU3He4FmzgrbYwSCD93JU9U32EduWxGrING6g2IXi96HagajWQnN2HaXWu2ATFrF2qMqoNPpd+XeA2GfQGhuLSpd3pIjdQ+XWd4PvfWiQqUWUZyuQnFmsmgYHq3ct4LBIHz/hTy31ypeYqCBRTOcIYTN+47qLtX2nRKY7aLCxpekxtaa0Oms20ZKeu4MW2+YRwrOqTJmyXgwYL3Twho3hpiv5qHA3Ln5qc=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: feef63a4-f4ec-4ca5-80ec-08d72690f60a
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2019 23:40:34.0054 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LAroPf9iVgsGNRwyPv+imygwaltKy+cBCGZgOdwDovdFb+WfAp/lZz0dzsSGvRYHom7hH28ACQnwAwynJ/Ro5A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR09MB3033
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/0mXItldcLxRcmC738pvOBen2uZk>
Subject: Re: [OPSEC] Martin Vigoureux's No Objection on draft-ietf-opsec-urpf-improvements-03: (with COMMENT)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2019 23:40:38 -0000
Martin, Thank you for your comments. My responses marked with "[KS:]" below. ________________________________________ From: Martin Vigoureux via Datatracker <noreply@ietf.org> Sent: Wednesday, August 21, 2019 6:13 AM ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Ingress/egress Access Control Lists (ACLs) are maintained which list acceptable (or alternatively, unacceptable) prefixes for the source addresses in the incoming/outgoing Internet Protocol (IP) packets. the beginning of that sentence is a bit hard to parse, but maybe it's just for me. [KS:] The sentence now reads: Ingress/egress Access Control Lists (ACLs) are maintained to list acceptable (or alternatively, unacceptable) prefixes for the source addresses in the incoming/outgoing Internet Protocol (IP) packets. This was based on Roman's suggestion (s/which/to/). Any packet with a source address that does not match the filter is dropped. well, that really depend on the match criteria. If the list is of unacceptable addresses and you don't match on these, then you should forward the packet. [KS:] The sentence now reads: Any packet with a source address that fails the filtering criterion is dropped. Adj-RIB-Ins did you mean Adj-RIBs-In? [KS:] Yes, corrected. Figures 1 and 2 claim that EFP-uRPF works best but it has still not been described at that stage so it is a bit difficult to understand that claim. [KS:] We do refer back to those figures later again after EFP-uRPF is described. It seemed that was better than repeat the figures twice just to later add 'EFP-uRPF works best' in the second incarnation! We hope the reader will understand. Sriram
- [OPSEC] Martin Vigoureux's No Objection on draft-… Martin Vigoureux via Datatracker
- Re: [OPSEC] Martin Vigoureux's No Objection on dr… Sriram, Kotikalapudi (Fed)