Re: [OSPF] Stephen Farrell's No Objection on draft-ietf-ospf-node-admin-tag-07: (with COMMENT)
Shraddha Hegde <shraddha@juniper.net> Fri, 16 October 2015 06:20 UTC
Return-Path: <shraddha@juniper.net>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E551A1B2F51; Thu, 15 Oct 2015 23:20:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sG2d5PMQO5OM; Thu, 15 Oct 2015 23:20:43 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0125.outbound.protection.outlook.com [65.55.169.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 957B01B2F53; Thu, 15 Oct 2015 23:20:42 -0700 (PDT)
Received: from BY1PR0501MB1381.namprd05.prod.outlook.com (10.160.107.139) by BY1PR0501MB1383.namprd05.prod.outlook.com (10.160.107.141) with Microsoft SMTP Server (TLS) id 15.1.293.16; Fri, 16 Oct 2015 06:20:40 +0000
Received: from BY1PR0501MB1381.namprd05.prod.outlook.com ([10.160.107.139]) by BY1PR0501MB1381.namprd05.prod.outlook.com ([10.160.107.139]) with mapi id 15.01.0293.007; Fri, 16 Oct 2015 06:20:40 +0000
From: Shraddha Hegde <shraddha@juniper.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's No Objection on draft-ietf-ospf-node-admin-tag-07: (with COMMENT)
Thread-Index: AQHRB0aKzC16i7cTjEGkWR6TE3nQQ55tTiww
Date: Fri, 16 Oct 2015 06:20:40 +0000
Message-ID: <BY1PR0501MB13815DE4F756410C787A0458D53D0@BY1PR0501MB1381.namprd05.prod.outlook.com>
References: <20151015123926.4163.92607.idtracker@ietfa.amsl.com>
In-Reply-To: <20151015123926.4163.92607.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=shraddha@juniper.net;
x-originating-ip: [116.197.184.12]
x-microsoft-exchange-diagnostics: 1; BY1PR0501MB1383; 5:8xOtOC/d0ZB8GpGNU7KolcrR+vVod/UpRLX23r8Sdk66M6Wshd/tngsOKS3u1mFxfRUF/N1LVwinLHGt8rM1M0T2FSXsUV0qoeC9OonqXQbUPRNzVx85BQcdfGDAo7DE/kkEZSrwZd5IdlqSZSUkGA==; 24:QRmtrslMKug8bd21LlJMyHlkuZKhG8VtRf5gOUrJN2bnRUFDUwgjjJEOFYI7A0zU+otNiimiLpkTZTIX3gqDpyEWim14C/57M+jzOEZTHjw=; 20:Ew9EMBr+fIFWogpN4NRNv+ponc817zD+fF/2DXx715VCvdMXT1kRXdj+U5c6Z20mz+t3VawO05fcHhV29+Ar5w==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1383;
x-microsoft-antispam-prvs: <BY1PR0501MB1383C49EE6675E4468AF25A8D53D0@BY1PR0501MB1383.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(32856632585715)(95692535739014)(223578670769496);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001); SRVR:BY1PR0501MB1383; BCL:0; PCL:0; RULEID:; SRVR:BY1PR0501MB1383;
x-forefront-prvs: 0731AA2DE6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(52044002)(189002)(377454003)(13464003)(199003)(81156007)(5003600100002)(5007970100001)(50986999)(11100500001)(5002640100001)(5001960100002)(64706001)(77096005)(92566002)(86362001)(5004730100002)(76576001)(2900100001)(19580405001)(46102003)(66066001)(40100003)(76176999)(106356001)(15975445007)(5001770100001)(106116001)(102836002)(10400500002)(2950100001)(99286002)(19580395003)(74316001)(5001920100001)(122556002)(54356999)(97736004)(101416001)(189998001)(33656002)(105586002)(230783001)(5008740100001)(87936001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0501MB1383; H:BY1PR0501MB1381.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Oct 2015 06:20:40.3563 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB1383
Archived-At: <http://mailarchive.ietf.org/arch/msg/ospf/PAymg4KztG5H5zV8F4K1h7coe_Q>
Cc: "draft-ietf-ospf-node-admin-tag@ietf.org" <draft-ietf-ospf-node-admin-tag@ietf.org>, "ospf-chairs@ietf.org" <ospf-chairs@ietf.org>, "ospf@ietf.org" <ospf@ietf.org>
Subject: Re: [OSPF] Stephen Farrell's No Objection on draft-ietf-ospf-node-admin-tag-07: (with COMMENT)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 06:20:45 -0000
Hi Stephen, Pls see inline.. -----Original Message----- From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] Sent: Thursday, October 15, 2015 6:09 PM To: The IESG <iesg@ietf.org> Cc: draft-ietf-ospf-node-admin-tag@ietf.org; ospf-chairs@ietf.org; acee@cisco.com; ospf@ietf.org Subject: Stephen Farrell's No Objection on draft-ietf-ospf-node-admin-tag-07: (with COMMENT) Stephen Farrell has entered the following ballot position for draft-ietf-ospf-node-admin-tag-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ospf-node-admin-tag/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - I think Alavaro and Brian make some good points. I'll be interested in how that discussion turns out. - Good to see that you recognise that even opaque tag values can expose sensitive information (the attacker isn't limited in how they are allowed interpret what they see). However, given that we recognise that confidentiality ought be provided sometimes, isn't there an onus on us to actually provide some usable way to get that service? If so, then who is looking at that problem? If not, then why is that acceptable? (This isn't a discuss as I don't think there is any PII or similar information being transferred, and the confidentiality requirement here really relates to network topology etc. But please do correct me if one of these tags could be PII-like and I'll make this a discuss if that's better.) <Shraddha> OSPF in itself does not have ways to provide confidentiality but in cases where it is needed OSPF can run on top of IPSEC tunnels which can encrypt the OSPF control packets. IPSEC mechanisms can also be applied to OSPF packets using RFC 4552 for OSPFv3. Adding below text to the draft. Node administrative tags may be used by operators to indicate geographical location or other sensitive information. As indicated in <xref target="RFC2328"/> and <xref target="RFC5340"/> OSPF authentication mechanisms do not provide confidentiality and the information carried in node administrative tags could be leaked to an IGP snooper. Confidentiality for the OSPF control packets can be achieved by either running OSPF on top of IP Security (IPSEC) tunnels or by applying IPSEC based security mechanisms as described in <xref target="RFC4552"/>
- [OSPF] Stephen Farrell's No Objection on draft-ie… Stephen Farrell
- Re: [OSPF] Stephen Farrell's No Objection on draf… Shraddha Hegde
- Re: [OSPF] Stephen Farrell's No Objection on draf… Stephen Farrell