Re: [OSPF] Genart last call review of draft-ietf-ospf-segment-routing-extensions-19
Dan Romascanu <dromasca@gmail.com> Mon, 09 October 2017 17:58 UTC
Return-Path: <dromasca@gmail.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 48B91134751;
Mon, 9 Oct 2017 10:58:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 9K-S1jJxCLjt; Mon, 9 Oct 2017 10:58:42 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com
[IPv6:2607:f8b0:400d:c09::230])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id B602513474A;
Mon, 9 Oct 2017 10:58:42 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id b15so22247304qkg.9;
Mon, 09 Oct 2017 10:58:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=jTCFLMuvqx82OmctsCfsIZjs2vao98XM1bT0o4k8HNc=;
b=c2tfAB2L+D+6b5UM7zbPSyTVNNxIl/KzA3w8wHKOshS+Mr+R8JbzSuOkBksG7GWld7
zlyQvdPdKg0NUpTD7a8IPHaqs+owYaR31NKNqB6/hDoAmhsvq8OljJEeyFvAzNJHtsli
n0c1bFrs0bSgXkZaVGtTsknGVjpfyhPD+YC70RCyVlAiWO7HiGyxOji705VNTcSO+3Fk
kSHFSfqHhBE2CjpuxdTLNhEPbGmd6w88frRXtkXYU57eZ50YADOWzPyysmCeMKhL8PgV
C2yamYs3RRMNafcbFiPNHP53NWWG4zIVMGvyUUwaGrk4kXm0FrV4UtWMOEnMhrnbbDR4
/5rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=jTCFLMuvqx82OmctsCfsIZjs2vao98XM1bT0o4k8HNc=;
b=seclihAtqArOZb9074UWdznKhubysg4YTTwkDZ/8yOkmHBR6xaJ4syhZ1zkTj7Qu+H
18/Jcqy65PMJgh4hdiC1so8lM+BCrhLoox6TdmUrsL3/GjmpjmIOIWotRC8UurwG1G1x
Tr+NCbHHUCpXRmfspx3XeVKHkzb+0YPdNdz52ZrWXG84v0MSgcTjisH6nkvoA9Of0T+i
EwkScBt2947KMmHGlPWeG4SEyOM9KUDtL+kruyRj5rJK2tKdgKPzd3irN8BXBUa9PfNN
RgYHip4+LEF/0gea09UnkLVe2cUrTqqZKPLQHui8jiqbUh5HMBesgB6kUCyTBxqwvsMs
2XSA==
X-Gm-Message-State: AMCzsaVAdjtFO1e6nAGtcFUUJuOOE2tEs65pLTYFLZnMnivhcLGtaJK2
stkdH/fnTGaPSk6TLGKRaGWAVMyLn3QPrxo3eYg=
X-Google-Smtp-Source: AOwi7QDoIsdwvnfYDlROP+NnyvCrPClOmhdEpM8DDh/uZndPnjzvne7ZF9pbvxJO3PuP8mDq7Mg20tXECMOq969evQM=
X-Received: by 10.55.53.202 with SMTP id c193mr10997140qka.110.1507571921793;
Mon, 09 Oct 2017 10:58:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.40.164 with HTTP; Mon, 9 Oct 2017 10:58:41 -0700 (PDT)
In-Reply-To: <D5FFD4B8.CDAF3%acee@cisco.com>
References: <150720153207.1342.7778064227193146950@ietfa.amsl.com>
<D5FD52DB.CD7FE%acee@cisco.com>
<CAFgnS4WXVUbcrYa4EEfnbECB1a-q4wi38ORwh4M6vXV9g4zSEA@mail.gmail.com>
<D5FFD4B8.CDAF3%acee@cisco.com>
From: Dan Romascanu <dromasca@gmail.com>
Date: Mon, 9 Oct 2017 20:58:41 +0300
Message-ID: <CAFgnS4WT8EU231WEhZzJcwA4Yk+_X-RvEVV6YeC2E743n2L_tw@mail.gmail.com>
To: "Acee Lindem (acee)" <acee@cisco.com>
Cc: "gen-art@ietf.org" <gen-art@ietf.org>,
"draft-ietf-ospf-segment-routing-extensions.all@ietf.org"
<draft-ietf-ospf-segment-routing-extensions.all@ietf.org>,
"ietf@ietf.org" <ietf@ietf.org>, "ospf@ietf.org" <ospf@ietf.org>
Content-Type: multipart/alternative; boundary="001a1146f28edf37e0055b20f0cd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ospf/p9spRaUa6F1rwpTpkYT2P39S4bs>
Subject: Re: [OSPF] Genart last call review of
draft-ietf-ospf-segment-routing-extensions-19
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>,
<mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>,
<mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2017 17:58:45 -0000
Hi Acee, Indeed, that was the intention of my comment. Thanks and Regards, Dan On Sun, Oct 8, 2017 at 8:15 PM, Acee Lindem (acee) <acee@cisco.com> wrote: > Hi Dan, > > Can you elaborate on how the OSPFv2 segment routing extensions in the > draft make the protocol more susceptible to a DDoS attack? Is this with > respect to logging the occurrence of malformed TLVs or Sub-TLVs? If so, > that can be added. > > Thanks, > Acee > > From: Dan Romascanu <dromasca@gmail.com> > Date: Saturday, October 7, 2017 at 1:57 AM > To: Acee Lindem <acee@cisco.com> > Cc: "gen-art@ietf.org" <gen-art@ietf.org>rg>, "draft-ietf-ospf-segment- > routing-extensions.all@ietf.org" <draft-ietf-ospf-segment- > routing-extensions.all@ietf.org>gt;, "ietf@ietf.org" <ietf@ietf.org>rg>, OSPF > WG List <ospf@ietf.org> > Subject: Re: [OSPF] Genart last call review of draft-ietf-ospf-segment- > routing-extensions-19 > > Hi Acee, > > Thank you for your response and for addressing my comments. I do not > disagree that a generic IGP protocol security considerations document may > be useful, but I do not believe that this document should be dependent upon > it. My observation was related to the last paragraph of the Security > Considerations document. It seems to me that non-mandatory counting or > logging of malformed TLVs or Sub-TLVs may not be sufficient to protect > against a large scale DoS attack. > > Regards, > > Dan > > > On Sat, Oct 7, 2017 at 1:54 AM, Acee Lindem (acee) <acee@cisco.com> wrote: > >> >> >> On 10/5/17, 7:05 AM, "OSPF on behalf of Dan Romascanu" >> <ospf-bounces@ietf.org on behalf of dromasca@gmail.com> wrote: >> >> >Reviewer: Dan Romascanu >> >Review result: Ready with Issues >> > >> >I am the assigned Gen-ART reviewer for this draft. The General Area >> >Review Team (Gen-ART) reviews all IETF documents being processed >> >by the IESG for the IETF Chair. Please treat these comments just >> >like any other last call comments. >> > >> >For more information, please see the FAQ at >> > >> ><https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. >> > >> >Document: draft-ietf-ospf-segment-routing-extensions-19 >> >Reviewer: Dan Romascanu >> >Review Date: 2017-10-05 >> >IETF LC End Date: 2017-10-13 >> >IESG Telechat date: Not scheduled for a telechat >> > >> >Summary: >> > >> >A useful and well-written document. It requires previous reading and >> >understanding of OSPF, SPRING and other routing work. It is Ready for >> >publication. I found some unclear minor issues. I recommend to address >> >them >> >before approval and publication. >> > >> >Major issues: >> > >> >Minor issues: >> > >> >1. I am wondering why, at this stage of progress of the document, the >> type >> >values are still 'TBD, suggested value x'. Is there any other document >> >defining >> >this? >> > >> >2. Section 3.1 - are there other algorithms planned to be added in the >> >future? >> >If yes, do we need a registry? If no, what is this field an octet? >> > >> >3. It would be useful to mention that the Length fields are expressed in >> >Octets. Also please clarify if padding is applied or not. >> > >> >4. Section 3.3: >> > >> >'The originating router MUST NOT advertise overlapping ranges.' >> > >> >How are conflicts resolved at receiver? >> > >> >5. I like Section 9 - Implementation Status - which I found rather >> >useful. Is >> >there any chance to keep a trimmed down version of it, with synthetic >> >information on the lines of 'at the time the document was discussed a >> >survey >> >was run, it showed that there were x implementation, y were implementing >> >the >> >full specification, z were included in released production software ....' >> > >> >6. Section 10 - beyond recommending the counting and logging of the >> >mal-formed >> >TLVs and sub-TLVs, should not supplementary security recommendations be >> >made? >> >for example - throttling mechanisms to preempt DoS attacks. >> >> The generic OSPFv2 security considerations are referenced as well. Can you >> be specific as to why you think there additional considerations specific >> to these extensions? Perhaps, we should start work on a generic IGP >> protocol security considerations document that is more comprehensive than >> what we have done before. >> >> Thanks, >> Acee >> >> >> > >> >Nits/editorial comments: >> > >> > >> >_______________________________________________ >> >OSPF mailing list >> >OSPF@ietf.org >> >https://www.ietf.org/mailman/listinfo/ospf >> >> >
- [OSPF] Genart last call review of draft-ietf-ospf… Dan Romascanu
- Re: [OSPF] Genart last call review of draft-ietf-… Acee Lindem (acee)
- Re: [OSPF] Genart last call review of draft-ietf-… Dan Romascanu
- Re: [OSPF] Genart last call review of draft-ietf-… Acee Lindem (acee)
- Re: [OSPF] Genart last call review of draft-ietf-… Dan Romascanu
- Re: [OSPF] Genart last call review of draft-ietf-… Acee Lindem (acee)
- Re: [OSPF] Genart last call review of draft-ietf-… Peter Psenak
- Re: [OSPF] Genart last call review of draft-ietf-… Les Ginsberg (ginsberg)