Re: [OPSEC] Adam Roach's No Objection on draft-ietf-opsec-urpf-improvements-03: (with COMMENT)
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 21 August 2019 22:45 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A948120129; Wed, 21 Aug 2019 15:45:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xmyZ_ImA5Vqg; Wed, 21 Aug 2019 15:45:41 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02on2102.outbound.protection.outlook.com [40.107.89.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E227120131; Wed, 21 Aug 2019 15:45:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kz/XF/rc3/3iIBJHfFELfcRKb1Itn6rnyrY8wsIP7WqO9jTGPaHe55gQkOCLRtaN8Z3LaLVcnZJ2oOzRBaEh0XlPLnWx7dCJo7zSnT54foTgG1M1grfkdCax1bnXqAJkEwc37jYofEEfmkUxdqhSUF5yhNuyxbAqshJhyz4N9D1J5RGCUwOUSVEsJsNg4AnDcBDtmc+REFnjWp0Wu5LDiMXqiAmu3A7Kt6GRIz/Anl+aEU0pnikNqgUhXLjAbszT3RUd3fRftysdodDRUQroTx/y5cTakRW1TC008+0iQWr6jGGyoz+vM7hTXXEeHuxm2FZR+Zyf5U+aialEB3yqzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=21pQhcfaudFvAR1XE0d0zH9UyENMts/4yc2jjJFKrK0=; b=OqiNaq5t0D9RJTkPcgoIVd3I1Sc2Gfa2Eo/E4CQ2+3MXzUknS02LGzumqpBD0DJJGoH77PAf54kPBh6mmZ1L8L5MJAacNAhM5X71rz3/vGDVzBHyVlOj3jSfTny/zwrB5c5pgabXkl+xopQKFmlTWpk+zYYwwRMp1sn9O0LWc4VWvWi6IU2DA5ne4WAhdDRc/Wl+/BGXHDBKZt4z6sXVhFyp5alNEaMS7S0hO9TJQjVXHW6AkQHArdUHbbXLA315WKuvWT3qXUnHn+6jzsbRP1LFos6kYvx35848aMAXbzZip0smX3qD6AHxxuGtw+IWqKMAxzGGZXOozSA9h3kaYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=21pQhcfaudFvAR1XE0d0zH9UyENMts/4yc2jjJFKrK0=; b=zOqdxtgG9me9NUzxyTS3r5CNCgQLpBV4/j4v3KUR63HqKk8nzoGeC7Yr4ZdTGPNc1MyD+QuIile6mAR6NEgPWd7T6KlGoayh4asJMyWPhRTrM4V+M8B5g/Vye/pkwRbbLqqrJwBmEaI5NiiR+cIydjVVWbjz9wKBdGDOh1gGELI=
Received: from DM6PR09MB3019.namprd09.prod.outlook.com (20.178.2.203) by DM6PR09MB2874.namprd09.prod.outlook.com (20.176.95.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Wed, 21 Aug 2019 22:45:39 +0000
Received: from DM6PR09MB3019.namprd09.prod.outlook.com ([fe80::fc5a:9648:8e8f:7968]) by DM6PR09MB3019.namprd09.prod.outlook.com ([fe80::fc5a:9648:8e8f:7968%6]) with mapi id 15.20.2178.018; Wed, 21 Aug 2019 22:45:39 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: The IESG <iesg@ietf.org>, Adam Roach <adam@nostrum.com>
CC: "draft-ietf-opsec-urpf-improvements@ietf.org" <draft-ietf-opsec-urpf-improvements@ietf.org>, Sandra Murphy <sandy@tislabs.com>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, Sandra Murphy <sandy@tislabs.com>, "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: Adam Roach's No Objection on draft-ietf-opsec-urpf-improvements-03: (with COMMENT)
Thread-Index: AQHVV9Cbx0ns/H85m0mFsQRubg2h5qcGKWpd
Date: Wed, 21 Aug 2019 22:45:39 +0000
Message-ID: <DM6PR09MB3019272774C48910DEAE076C84AA0@DM6PR09MB3019.namprd09.prod.outlook.com>
References: <156635814815.378.5146142936311387167.idtracker@ietfa.amsl.com>
In-Reply-To: <156635814815.378.5146142936311387167.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.220.124]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 35c6bd8e-8d87-4060-2fc0-08d726894a3b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DM6PR09MB2874;
x-ms-traffictypediagnostic: DM6PR09MB2874:
x-microsoft-antispam-prvs: <DM6PR09MB28747AA80AF45BA75851F25184AA0@DM6PR09MB2874.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0136C1DDA4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(396003)(346002)(136003)(39860400002)(51914003)(189003)(199004)(86362001)(11346002)(66066001)(8936002)(102836004)(446003)(486006)(305945005)(316002)(6506007)(99286004)(76176011)(33656002)(71200400001)(71190400001)(256004)(14444005)(476003)(26005)(81166006)(81156014)(186003)(7736002)(8676002)(52536014)(110136005)(5660300002)(54906003)(9686003)(55016002)(3846002)(6246003)(66946007)(25786009)(66476007)(66556008)(64756008)(66446008)(6116002)(561944003)(14454004)(2906002)(478600001)(6436002)(76116006)(74316002)(53936002)(91956017)(7696005)(229853002)(4326008); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR09MB2874; H:DM6PR09MB3019.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: uCwnVhhSMNTEG/vAUsFooajv42VujaTp8UOfp8dNRpEbuDRXlnIapn1934uLqujfq89MACDSOPi7B+pDNYlW5AXWcWfmNeR7uXvD1oyie932UgAkGl09k8BqotohzWMNizS9hY1Eo0omHE9z4JOSRzThqF9fPC6AGPqONQsHx+0Va/ZxS53uWAVwnAOMbE+bJTjzCgJAwWA2pPFrLJNmVayycF0bk3UyHAU6qUGr/YLXFVQP4R0HlHEHfseErRWGw3WmyYiAloYok8XWofF7Q/DYS31xZJrnmWeAhqUK8ZYx0JiuuzZfAnXI1akIDa3yzTF+YwBNprlYeW/RTSWb86oK8XajLmxYWGR2vh9hkunwRYUG+XKHvaVMyrwFpf66jVG4dsYZyOX0PLr2qcW3zZyspW2kyP/iBiEySyYGYwY=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 35c6bd8e-8d87-4060-2fc0-08d726894a3b
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2019 22:45:39.2203 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hul40AU+rbZevIlLZ1bQySRi6BOWayphOD6Zdkno7HUvVRA/uMgd8SN59pqTWWK0Q2cb0k1qogurWW/Zl/vn8w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR09MB2874
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/sjbqpuIgnHPHWnQRcsgrKSodW4E>
Subject: Re: [OPSEC] Adam Roach's No Objection on draft-ietf-opsec-urpf-improvements-03: (with COMMENT)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2019 22:45:48 -0000
Hi Adam, Thank you for the comments. >Thanks for a clearly written document. ..... Thank you. Nice of you. >The one term I had to go searching for was "stub AS". .... I have defined stub AS in my author's draft for the next version. Done. >.... Please use the boilerplate from RFC 8174. Yes, done. > §3.3: >I believe I understand how the described Algorithm B, is applied by AS4, ..... I think Jeff has addressed this quite well. Please let us know if you've further questions. > .... Nit: "the draft" won't age gracefully. I suggest changing to "this document" or somesuch. Yes. Now the sentence has "this document". >§3.6.1: > +---------------------------------+---------------------------------+ > | Very Large Global ISP | 32392 | > | ------------------------------- | ------------------------------- | > | Very Large Global ISP | 29528 | > | ------------------------------- | ------------------------------- | >.... > ... I did find that adding the numbers in the first column on slide 6 >yielded 32393, which is tantalizingly close to the first number, but that >might just be a coincidence. ... You guessed it right where 32392 came from. And your math is better than ours :) 32393 is the correct number. Like Jeff has observed already, each line in the table corresponds to a unique ISP; so those first two lines in the table now read: > +---------------------------------+---------------------------------+ > | Very Large Global ISP X | 32393 | > | ------------------------------- | ------------------------------- | > | Very Large Global ISP Y | 29528 | > | ------------------------------- | ------------------------------- | Thanks for the catch. I've updated the draft accordingly. (I have not made any comments inline below.) Sriram ---------------------------- ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for a clearly written document. My understanding of routing is pretty simplistic, and I still found the technique well-explained and easy to follow. This is no small feat. The one term I had to go searching for was "stub AS". If this is a generally known term, that's fine -- but if not, it may warrant a short definition or citation. --------------------------------------------------------------------------- §1.1: > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this > document are to be interpreted as described in RFC 2119 [RFC2119]. Please use the boilerplate from RFC 8174. --------------------------------------------------------------------------- §3.3: I believe I understand how the described Algorithm B, is applied by AS4, will result in acceptance of AS1's packets from AS2. I'm a bit lost, however, about the means by which AS2 will accept them such that they could be delivered to AS4. Is there an assumption that AS2 is employing an ACL-based approach? If so, this should probably be stated explicitly. (This might be implied by text elsewhere, in which case I apologize for my confusion; although it may still be worth explicitly explaining.) --------------------------------------------------------------------------- §3.5: > It is worth emphasizing that an indirect part of the proposal in the > draft is that RPF filters may be augmented from secondary sources. Nit: "the draft" won't age gracefully. I suggest changing to "this document" or somesuch. --------------------------------------------------------------------------- §3.6.1: > +---------------------------------+---------------------------------+ > | Very Large Global ISP | 32392 | > | ------------------------------- | ------------------------------- | > | Very Large Global ISP | 29528 | > | ------------------------------- | ------------------------------- | I suspect there was a transcription error copying these lines from the source material, as the appearance of two rows with identical labels seems unlikely to be intended. I skimmed the cited source material to see if I could figure out what happened here, but found neither of these numbers (nor any mention of "Mid-size Global ISP"), so I'm afraid I can't make a concrete suggestion for a fix. I did find that adding the numbers in the first column on slide 6 yielded 32393, which is tantalizingly close to the first number, but that might just be a coincidence.
- [OPSEC] Adam Roach's No Objection on draft-ietf-o… Adam Roach via Datatracker
- Re: [OPSEC] Adam Roach's No Objection on draft-ie… Jeff Haas
- Re: [OPSEC] Adam Roach's No Objection on draft-ie… Sriram, Kotikalapudi (Fed)