Re: [OPSEC] Éric Vyncke's No Objection on draft-ietf-opsec-urpf-improvements-03: (with COMMENT)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Sat, 31 August 2019 19:57 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE239120105; Sat, 31 Aug 2019 12:57:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SgjLMgS3KaWm; Sat, 31 Aug 2019 12:57:48 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2107.outbound.protection.outlook.com [40.107.91.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B92D12008F; Sat, 31 Aug 2019 12:57:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ns2JMb9vj23XtnQTI6mmAcZrwgDp6hCojNJ88t+zsEfs44VeSphbKSEn4/7dmNLMq3uWS2mokCD6o5zPSCsPieU8Ts/OOWwu3Vc1Dd09Xj/tL22XUM1WZ8WopVFcFm53VKGjye6ZbWwDIlH5JLONb5xu4CB2GtD8HRiveCEurDLMwSjrIlY82z88MCGO8oXhKi2XJn+nX7Z6aVr3XcVI+SYfx+PDrVLx1AOakhg3DoDjnhAklpffeVg37uGq9Gx4jtcZUXpYx7AU3333xDrmAqQrb7ANh6hdZeMuEczMjt9wEnIurS+zRUDXnfi9VZE5wCmBDP7D0iR5ODFQTSH8BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f4B4HqlFpgbJFclnN1NfdJ4KzIjddg7/ewjpupTy6Us=; b=c8za++W1/OiedzrMtZUCdK8XHm6xNsNiLrI2FiGfO+YvcgMSuTQK7e/l/UGZpKQRFItsiSA/u3lDKm0Zo2sJWot69Wfqe8Xv6k/QxEXUew2Ldn48R+YDiFvuoMw4cUWz8PQGcXvZfxfQaetGc5k70C24ZUtGeF/eLXDX2ple+zE4cXm2F3Yl2N772ifSE6ACTdx8n9L9lwoIJm7dfZZYhhPJhprmhcygcmkqwPoC9mi226bR0qM8u9AFfj4/AqiCTkyHN05jzQN/wbUy+m+PlegLOMMz039c1GsUrA35piFK3DTGeALlLrIkOI+4TGhFuW7UB573UjtP9k7CU8XKKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f4B4HqlFpgbJFclnN1NfdJ4KzIjddg7/ewjpupTy6Us=; b=iClF1j/oQIQ2X0+UTPvtlsLpxuDM0jybVJrrsPkzt7mKUK8M+hc0dgDEqlNe23Fpd8jRoZ+li9QLP2cmR35MVZ0xO3E+riRihXv8OTcMNlxrrMTDywqNTIgTMDE6JPoPt2O7E11S+OZgv+Rbl+jV78/ZAZ2bm4HfktGalH7NPpI=
Received: from BL0PR0901MB4563.namprd09.prod.outlook.com (52.135.47.206) by BL0PR0901MB3154.namprd09.prod.outlook.com (20.177.242.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2199.21; Sat, 31 Aug 2019 19:43:22 +0000
Received: from BL0PR0901MB4563.namprd09.prod.outlook.com ([fe80::b532:35b9:abd0:ee7e]) by BL0PR0901MB4563.namprd09.prod.outlook.com ([fe80::b532:35b9:abd0:ee7e%4]) with mapi id 15.20.2220.013; Sat, 31 Aug 2019 19:43:22 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsec-urpf-improvements@ietf.org" <draft-ietf-opsec-urpf-improvements@ietf.org>, Sandra Murphy <sandy@tislabs.com>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, Warren Kumari <warren@kumari.net>
Thread-Topic: =?utf-8?B?w4lyaWMgVnluY2tlJ3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtb3Bz?= =?utf-8?Q?ec-urpf-improvements-03:_(with_COMMENT)?=
Thread-Index: AQHVWCw3l+JDCHp1g06ot+mqkOpTCacUtlWAgABIcACAALQ10Q==
Date: Sat, 31 Aug 2019 19:43:22 +0000
Message-ID: <BL0PR0901MB4563681990845C9C8871A31184BC0@BL0PR0901MB4563.namprd09.prod.outlook.com>
References: <156639747640.25777.13888707111707970209.idtracker@ietfa.amsl.com> <BL0PR0901MB45633C640D1CFE014305500584BC0@BL0PR0901MB4563.namprd09.prod.outlook.com>, <26A374AE-5476-415C-B736-D1A08EA40B05@cisco.com>
In-Reply-To: <26A374AE-5476-415C-B736-D1A08EA40B05@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.220.76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8266ed40-6d5d-4d93-e933-08d72e4b7b46
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BL0PR0901MB3154;
x-ms-traffictypediagnostic: BL0PR0901MB3154:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BL0PR0901MB31547323157C9716812F9DDB84BC0@BL0PR0901MB3154.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 014617085B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(376002)(346002)(39850400004)(366004)(396003)(189003)(199004)(14454004)(45080400002)(4326008)(53546011)(86362001)(55016002)(6506007)(6306002)(224303003)(102836004)(26005)(186003)(81156014)(5660300002)(316002)(52536014)(7736002)(76176011)(81166006)(9686003)(7696005)(25786009)(71200400001)(71190400001)(229853002)(76116006)(53936002)(66946007)(476003)(66476007)(74316002)(966005)(478600001)(66446008)(54906003)(8936002)(99286004)(64756008)(486006)(66556008)(2906002)(3846002)(6116002)(6246003)(256004)(446003)(6436002)(66066001)(110136005)(305945005)(33656002)(11346002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR0901MB3154; H:BL0PR0901MB4563.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: aAft6uGd1AscBu8Z/7WwPfJ3DwHjglpgLKhtuKb/ooUgxPZVqDrkiTNWRUU2QyL7KHgCdBy0YxrJtVpOt5zqFpFJNw4XcFsPi7eIj16KWjTKKgSc6QDnvaOpx9usFMlVyQrJkHOY+qbFqwU28spCGtY9aOSl+oNL5KnjxIeC6rk29TT2pLDpprinSM/0NyhfnZ7w7wQoK2DRUiKhKY/F654xK0Cxdbghbd9tFiYVTyZgeDWMbFWRd6rjH0fmbi0AmEFlFvpkMFrmhFygBQt4h4W42vAMf/jHJGPuo7sXGv5SfNLj8ljO5ZGZXqpbnHvC9l3hm2/JSAJaMN3jV23K1ylPg8wLYm2W1QTuip2Px8tBE/nWbD1xiwP79K4hxYVksQTFstuRLWaJ2lPzd2z2HfMDpXyZ7/ARy3xJr99DCt4=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 8266ed40-6d5d-4d93-e933-08d72e4b7b46
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2019 19:43:22.1013 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: F9ymmk4ptnDCJ61MiJelchCsAJlQbPbdJWbCcDkJ0ghWFoja5FxtMvPxRw4yTcbE7g+w60tjw/AV1rz+54RTdg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR0901MB3154
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/yCd8nX5Umxg0CosxoVgWAj86Va4>
Subject: Re: [OPSEC] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-iet?= =?utf-8?q?f-opsec-urpf-improvements-03=3A_=28with_COMMENT=29?=
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Aug 2019 19:57:51 -0000

>Just a minor nit: in the terminology section, P2C and C2P are in uppercase but p2p is in lower case. This can be fixed later at the AUTH48 stage 

The p in p2p (peer-to-peer) is lower case on purpose.
We have upper case P for Provider.
So we use lower case p in p2p where neither is provider (in the mutual relationship), 
instead the two ASes are lateral peers to each other. 

Sriram 
________________________________________
From: Eric Vyncke (evyncke) <evyncke@cisco.com>
Sent: Saturday, August 31, 2019 2:39 AM
To: Sriram, Kotikalapudi (Fed); The IESG
Cc: draft-ietf-opsec-urpf-improvements@ietf.org; Sandra Murphy; opsec-chairs@ietf.org; opsec@ietf.org; Warren Kumari
Subject: Re: Éric Vyncke's No Objection on draft-ietf-opsec-urpf-improvements-03: (with COMMENT)

Thank you Sriram for the updated document.

Just a minor nit: in the terminology section, P2C and C2P are in uppercase but p2p is in lower case. This can be fixed later at the AUTH48 stage

-éric

On 31/08/2019, 06:46, "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> wrote:

    Eric,

    Thank you for your comments. Sorry about the delay in replying.
    We have uploaded a new version and have included changes
    reflecting your comments. Please see:
    https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-opsec-urpf-improvements-04.txt&amp;data=02%7C01%7Ckotikalapudi.sriram%40nist.gov%7C1f83276d8d6349219f8508d72dddf2cc%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637028303598920995&amp;sdata=srvqXLDHEnlIwoIZApGGHcVAQJDfUxQb1n60djHlikU%3D&amp;reserved=0
    Please also see responses to your comments inline below.

    -- Abstract --
    >The abstract reads like 'promises' but not as a summary of the document. Is
    >there any chance to add 2 lines summarizing the 'how' ?
    >

    Added some more wording in the abstract to address your comment.
    We have summarized the 'how' in the intro with a whole paragraph.
    Probably better not to make the abstract overly long.

    >-- Section 1.1 --
    >I am sure that by now you know that you have to use RFC 8174 boilerplate ;-)
    >

    Yes. Done.

    >-- Section 2.2 --
    >For completeness and symmetry with section 2.3, please explain which packets
    >will be dropped.
    >

    Good catch. Done.

    >-- Section 2.3 --
    >Suggestion: define "RPF list" before first use (even if mostly obvious).
    >
    >Please define "lateral peer" and why it is different to any other "peer".
    >

    Added Section 1.1. "Terminology" per your suggestion.
    We've provided definitions of these terms and more there.


    >-- Section 3.1 --
    >Please define the "cone" used in this section. First time that I ever read this
    >term and the RIPE paper does not explain it either (of course I am not a
    >routing expert).
    >

    Definition of customer cone is also included in the Terminology section 1.1.


    >== NITS ==
    >
    >-- Section 1 --
    >Beside the intro, this section also introduces some terminology wording. May I
    >suggest to have a (sub)section about "terminology" ?
    >

    Good suggestion. Done.

    >-- Section 2.1 --
    >CMTS was introduced as an acronym but not DSLAM.
    >
    >
    Mention of DSLAM was not essential. So it is removed in the updated version.
    Mention of CMTS, PDN-GW is sufficient in that context
    and they are introduced.

    Sriram