Re: [OSPF] Stephen Farrell's No Objection on draft-ietf-ospf-node-admin-tag-07: (with COMMENT)

Shraddha Hegde <> Fri, 16 October 2015 06:20 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E551A1B2F51; Thu, 15 Oct 2015 23:20:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sG2d5PMQO5OM; Thu, 15 Oct 2015 23:20:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 957B01B2F53; Thu, 15 Oct 2015 23:20:42 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Fri, 16 Oct 2015 06:20:40 +0000
Received: from ([]) by ([]) with mapi id 15.01.0293.007; Fri, 16 Oct 2015 06:20:40 +0000
From: Shraddha Hegde <>
To: Stephen Farrell <>, The IESG <>
Thread-Topic: Stephen Farrell's No Objection on draft-ietf-ospf-node-admin-tag-07: (with COMMENT)
Thread-Index: AQHRB0aKzC16i7cTjEGkWR6TE3nQQ55tTiww
Date: Fri, 16 Oct 2015 06:20:40 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-microsoft-exchange-diagnostics: 1; BY1PR0501MB1383; 5:8xOtOC/d0ZB8GpGNU7KolcrR+vVod/UpRLX23r8Sdk66M6Wshd/tngsOKS3u1mFxfRUF/N1LVwinLHGt8rM1M0T2FSXsUV0qoeC9OonqXQbUPRNzVx85BQcdfGDAo7DE/kkEZSrwZd5IdlqSZSUkGA==; 24:QRmtrslMKug8bd21LlJMyHlkuZKhG8VtRf5gOUrJN2bnRUFDUwgjjJEOFYI7A0zU+otNiimiLpkTZTIX3gqDpyEWim14C/57M+jzOEZTHjw=; 20:Ew9EMBr+fIFWogpN4NRNv+ponc817zD+fF/2DXx715VCvdMXT1kRXdj+U5c6Z20mz+t3VawO05fcHhV29+Ar5w==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1383;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(32856632585715)(95692535739014)(223578670769496);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001); SRVR:BY1PR0501MB1383; BCL:0; PCL:0; RULEID:; SRVR:BY1PR0501MB1383;
x-forefront-prvs: 0731AA2DE6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(52044002)(189002)(377454003)(13464003)(199003)(81156007)(5003600100002)(5007970100001)(50986999)(11100500001)(5002640100001)(5001960100002)(64706001)(77096005)(92566002)(86362001)(5004730100002)(76576001)(2900100001)(19580405001)(46102003)(66066001)(40100003)(76176999)(106356001)(15975445007)(5001770100001)(106116001)(102836002)(10400500002)(2950100001)(99286002)(19580395003)(74316001)(5001920100001)(122556002)(54356999)(97736004)(101416001)(189998001)(33656002)(105586002)(230783001)(5008740100001)(87936001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0501MB1383;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Oct 2015 06:20:40.3563 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB1383
Archived-At: <>
Cc: "" <>, "" <>, "" <>
Subject: Re: [OSPF] Stephen Farrell's No Objection on draft-ietf-ospf-node-admin-tag-07: (with COMMENT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 16 Oct 2015 06:20:45 -0000

Hi Stephen,

Pls see inline..

-----Original Message-----
From: Stephen Farrell [] 
Sent: Thursday, October 15, 2015 6:09 PM
To: The IESG <>
Subject: Stephen Farrell's No Objection on draft-ietf-ospf-node-admin-tag-07: (with COMMENT)

Stephen Farrell has entered the following ballot position for
draft-ietf-ospf-node-admin-tag-07: No Objection

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)

Please refer to
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


- I think Alavaro and Brian make some good points. I'll be interested in how that discussion turns out.

- Good to see that you recognise that even opaque tag values can expose sensitive information (the attacker isn't limited in how they are allowed interpret what they see). However, given that we recognise that confidentiality ought be provided sometimes, isn't there an onus on us to actually provide some usable way to get that service? If so, then who is looking at that problem? If not, then why is that acceptable? (This isn't a discuss as I don't think there is any PII or similar information being transferred, and the confidentiality requirement here really relates to network topology etc. But please do correct me if one of these tags could be PII-like and I'll make this a discuss if that's better.)

<Shraddha> OSPF in itself does not have  ways to provide confidentiality but in cases where it is needed OSPF can run on top of IPSEC tunnels which can encrypt the OSPF control packets. IPSEC mechanisms can also be applied to OSPF packets using RFC 4552 for OSPFv3. Adding below text to the draft.

Node administrative tags may be used by operators to indicate geographical location or other sensitive information.
 As indicated in <xref target="RFC2328"/> and <xref target="RFC5340"/> OSPF authentication mechanisms do not provide 
 confidentiality and the information carried in node administrative tags could be leaked to an IGP snooper.
Confidentiality for the OSPF control packets can be achieved by either running OSPF on top of IP Security (IPSEC) tunnels or 
by applying IPSEC based security mechanisms as described in <xref target="RFC4552"/>