Re: [OSPF] Alvaro Retana's Yes on draft-ietf-ospf-prefix-link-attr-10: (with COMMENT)
"Alvaro Retana (aretana)" <aretana@cisco.com> Mon, 17 August 2015 14:31 UTC
Return-Path: <aretana@cisco.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BD121A1B0D; Mon, 17 Aug 2015 07:31:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAg_AeMelidh; Mon, 17 Aug 2015 07:31:00 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 126F11A1B07; Mon, 17 Aug 2015 07:31:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2052; q=dns/txt; s=iport; t=1439821860; x=1441031460; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=YTyg7tcZgBTG77zfiYBs4a/4P89hP8R2vfPX59bMAVM=; b=JJndn9LCceQJfUrJNDbQ0d1hissy6fCo/mRkVB/D7se3ngLMK6bnFU3w GiIH4DOuUp0woi7GZhrzMXaes7xGSRs1QYDKCy6K/NbhkBsIQ0bSGjEaO IffSEYzO3mefyh2/mewLRe3SYtRABpuzUkklSXZJHSJ9a+counUCyJUTj s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C2AgC679FV/40NJK1dgxuBPQa9ZgEJhDiDNgKBLjgUAQEBAQEBAYEKhCQBAQR5EAIBCEYyJQIEAQ0FiC7RFgEBAQEBAQEBAQEBAQEBAQEBAQEZi1KEVjMHhCwBBJIRgwwBhyuFQJonJoN9cYFIgQQBAQE
X-IronPort-AV: E=Sophos;i="5.15,695,1432598400"; d="scan'208";a="19267105"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-7.cisco.com with ESMTP; 17 Aug 2015 14:30:45 +0000
Received: from XCH-ALN-007.cisco.com (xch-aln-007.cisco.com [173.36.7.17]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id t7HEUj00012981 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 17 Aug 2015 14:30:45 GMT
Received: from xch-aln-007.cisco.com (173.36.7.17) by XCH-ALN-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 17 Aug 2015 09:30:44 -0500
Received: from xhc-rcd-x06.cisco.com (173.37.183.80) by xch-aln-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Mon, 17 Aug 2015 09:30:44 -0500
Received: from xmb-aln-x15.cisco.com ([169.254.9.148]) by xhc-rcd-x06.cisco.com ([173.37.183.80]) with mapi id 14.03.0248.002; Mon, 17 Aug 2015 09:30:44 -0500
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: "Acee Lindem (acee)" <acee@cisco.com>, The IESG <iesg@ietf.org>
Thread-Topic: Alvaro Retana's Yes on draft-ietf-ospf-prefix-link-attr-10: (with COMMENT)
Thread-Index: AQHQ1fmXYwG8fMqjhEys4ddRMwDFRZ4QjMwA///KmQA=
Date: Mon, 17 Aug 2015 14:30:43 +0000
Message-ID: <D1F763C0.C6062%aretana@cisco.com>
References: <20150813185510.2178.47613.idtracker@ietfa.amsl.com> <D1F6A062.2BA5E%acee@cisco.com>
In-Reply-To: <D1F6A062.2BA5E%acee@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [173.36.7.17]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <565662CB00412C43AECED21BF380448E@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/ospf/Hijgk5d24mc78bkxjkgOPbQBjZA>
Cc: "ospf@ietf.org" <ospf@ietf.org>, "draft-ietf-ospf-prefix-link-attr@ietf.org" <draft-ietf-ospf-prefix-link-attr@ietf.org>, "draft-ietf-ospf-prefix-link-attr.shepherd@ietf.org" <draft-ietf-ospf-prefix-link-attr.shepherd@ietf.org>, "draft-ietf-ospf-prefix-link-attr.ad@ietf.org" <draft-ietf-ospf-prefix-link-attr.ad@ietf.org>, "ospf-chairs@ietf.org" <ospf-chairs@ietf.org>
Subject: Re: [OSPF] Alvaro Retana's Yes on draft-ietf-ospf-prefix-link-attr-10: (with COMMENT)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2015 14:31:01 -0000
On 8/17/15, 9:41 AM, "Acee Lindem (acee)" <acee@cisco.com> wrote: Acee: Hi! Thanks for looking into my comments! Just one more thing below. Alvaro. . . . >>2. Section 2.1. (OSPFv2 Extended Prefix TLV) >> >>a. For the Route Type, are those the only allowed values? What happens >>if something else is used? > >Yes - these are the only route types allowed. If an invalid type is >specified, the attributes will not be correlated with a route. I¹m glad you brought this up ‹ the correlation. I should¹ve commented on this before.. I don¹t think the draft talks about how to correlate the additional information back to the ³normal² LSAs. Given that it is important for the route type and the prefix to match (anything else?), it would be good if it was called out somewhere. I¹m assuming that the fact that the correlation is not made will just result in lost information ‹ but some application may really want this information, so loosing it could be importante for them. Explaining the potential impact would be very good. Same comment for the other TLV.. . . . >>4. Section 6. (Security Considerations) >> >>a. I think you should also point the readers at the considerations in >>rfc5250. >> >>b. ³Šimplementations must assure that malformed TLV and Sub-TLV >>permutations do not result in errors that cause hard OSPF failures.² >>What does that mean? That the software should be resilient? Or are you >>pointing at just ignoring the information if there is a malformed >>TLV/sub-TLV (that is somehow salvageable)? It would be vey nice is this >>draft set the example by specifying what to do in some cases (maybe not >>malformed, but incorrect/unknown as mentioned above). > > >This stems from prior attacks on routing protocols involved carefully >crafted malformed TLVs which could result in software crashes. Ahh..ok. Still, explaining what to do with malformed information would be good. This obviously goes back to the loss of information.
- [OSPF] Alvaro Retana's Yes on draft-ietf-ospf-pre… Alvaro Retana
- Re: [OSPF] Alvaro Retana's Yes on draft-ietf-ospf… Acee Lindem (acee)
- Re: [OSPF] Alvaro Retana's Yes on draft-ietf-ospf… Alvaro Retana (aretana)
- Re: [OSPF] Alvaro Retana's Yes on draft-ietf-ospf… Acee Lindem (acee)