Re: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)
Reshad Rahman <reshad@yahoo.com> Wed, 19 April 2023 02:04 UTC
Return-Path: <reshad@yahoo.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A7DCC1522AB for <rtg-bfd@ietfa.amsl.com>; Tue, 18 Apr 2023 19:04:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYKOAqB7Zckv for <rtg-bfd@ietfa.amsl.com>; Tue, 18 Apr 2023 19:04:16 -0700 (PDT)
Received: from sonic319-27.consmr.mail.bf2.yahoo.com (sonic319-27.consmr.mail.bf2.yahoo.com [74.6.131.82]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2CC5C151B14 for <rtg-bfd@ietf.org>; Tue, 18 Apr 2023 19:04:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1681869854; bh=I0m5shklT/Own4yWm3kzKaqDgxtoRwiWEFupWQGsCPU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=mTO4RTakEjUhrT6FhIzeaqTSgX0CuMfuAyINPtrgNcTLX6+GpLd5d3oENwFURiIED6YthExpXgrt2TNx5yTUb/J1sEihjasBv2003FujyoqGS67RhIu+0Y0BQmzCFTN4MiHN68Bwu1hr8LpfFxtQK5Gyc2dMr0XnOp3y0s6ZEqkxtCrms16wMRCZz8Nq6TCUSS4yOIoiXRA7JVNxmmz5MEXKZKTJPoGR144ZIQRdGuFcqzzRnmD1mJGdae9ivbGlF7LamAjCjEqWrbiBUDKBKasjdYLKhUGLqNrZBYfes6gsCcQmpl/x+tWCckRlX6YwEe1aQNJuYvQ6JAAHz5p8tQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1681869854; bh=oMhB2OmTo0j3dZND7xrizjxS9IPgYpcOP54QUl7SSq6=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=VTyG3B6GIW4S7+SZiBGR47Kjes+9OTprnrMKcIlcuR0w3GkOQFZzavTJp/DGyj3HPN+leOGaWcMCbdG6+708saADgKgCdNHIAWIgpDkj/Cm8OVlAfb3xERToZFV79vh1YI8KgbyGGGk9hrz9pLjLBfrjJNe4hztafAAdGC/tU2ONQL87CPM3YgurKjzMubptiTW2qyMl2CEcfTMQTHZDGuwoFTJn6TF0MnmOqPGNwfOHt0s/drer9NIt4glbzkwv9iLArIlI/CB2OR3cK4Crm0yXuFeugQrtvhytVfWBhG/Ws3mYbSeaSqTEybuzmMG40pRV8MwFW/fPUVXuOXrPLA==
X-YMail-OSG: XFR0KWcVM1n8Q2nUXZM8NxryVJTvlXTwio3CDicKBvtwP63t6o3Yy4FOWxNTXaJ uceFiKmxNAloSeGyTH8.ok_I6Y3JrsIsstAgZgpSSjJFl5ubs55NAb095cld3HNrfK1Pvwh3UBg0 _PjNUDJzJm5sdDxnVw4yo3125JB30rD0SkGUqpXeJlXOVBmBsmrfdQTbt2uN2HXUTHbt7uBSFTjd uhpFRSf8dWBsyZc6xrdF6C1falIoOwswgKgabgoAyN6tKQ1bWcxguArgVCU2gm3TdZniKI71zSpV e0QrJf.6Pos3O7HYlJQmquEYk5RZ1ZK.yjQFWZdr2r6KZXcV2sBM7CwcEgLFfEtSbWxxTk2NS3yt oDttvEnc7eVVJQ6.A746y_CyPPOi_ytkIm9KnjLME_7fKaxkijKILIMEpcL2EcGXpVWUBfkkF4kD 3ugbRVgTm5qMCLuDBmXbaJ_hdZJ.ah9wWoap2fd_.TI0h8Y.4Yjj1qE1TZFyIsNLy0ML_HNS_e2s 8DfS1dxq8oyeiQxAdHoUmOROa6DKB5rIA9EyPcttQfaeW8Uq8zeVN2FBatgYGYmu8WcnYceIVxOH qHU0o4s5JHI9wSR4KoQxTyVLVWZzgngatlYIpGaabl3wpyS9nBz5Rh0OnoReRRaZPsHZN_jO50pY oXgm1Pi4WYOY7hcALbiRtO4m0DjmzflDSpZiHH69PjS1dEpuRZ2vH9Z4NCKf4GQCBs6hSoSg8cgy kVWSh66Ud5QrWbdhMtoTRRGs5jy5TwwVE89le.6ITAtj2dICXsSO1yJbi9_bfTKlstRgLoX.AHW3 czWIH86ocQcuDdTh.MTZFd97oRzCqOimBzg95IemJL7hlyH6o.joqWbNvT8hHZ_ek4eXhBowbbzD p_fbPXi08IzsMuBmXvHFhSHXTylb8LJdgB8WYsFRnRqFueo3JybXKuqtat9JOk4W6IhuQveUE4Tn SgUd82MPu7oh2YDYHzibr_rtT90MyrlZo4i5ZFsCq03O8QtEBHNYs0Es82Q_HX8qvnBWEi28FgFW PIFRsIdGqYXtJ6TjseORGs841nt4FgT8eFnDkvzcNZwnfACWQN1I36NB6EV3k5K_RqO4tGpwtePI m2UTtqdW9HKDXwiqB_HVHjsjMxOquHpP8QzpPHNdqCy.2kmwZ.8qRwhzntnPJjQkVcAEP2fwleDr Vo0VQuYyHkLII3iAFCZ50fh50.V0.295bF3gismfUcCbOOq038L281zEJhHPvCUFggiwspS0Vqpa tWm6ldNWR.9aXhkrzn3tnmxMl4KrAJTeGG7InxCZ.Cy4so0BeGtz5Cn0F__.I5cra8A0jZT2_buN 71Doy2WuXu2Fr2Zvd1weo1AZs5ATXcEUhmfmiqD2.OGBT2OsJJijDKyhX2mfl2GyIAp5D_2G3aCL 9s.a989qXKV1pHDFL0qu.GQC71nA1OnzRe9bx44_qLpfmraO958ZpP.i6Fst4eypmPl2TQnPry8i mlz48btYEpNp6BY4QIA7VZWo38WFhMr.q0rEAgXUn.FsHNqQHYD7_0hFUZsXrImh0jtArvVfwuJH 3r3EOBexMA3z7j49AQtbc4Ae2mbBUHmhIh58Z6HP6NbImInweF34Xx05oWA._3xOmddtdMsFePkE 6nk2GuuMwB9nCz85fSFpGjc301whPZSR7NmlL5jswZCLSlSmgb5UwGfcecehUGvkVrNsRECDe5jK 7WSSWcsJv5S8_cexnMtz983GE4TNe8Bx17Yxn9CKbBOjdfrv9GvXGAs86tLWjVQMWeD.SXNO6vRw sKrWeUPnmQmvw9mW1ACbxcVgazq8LedLO8LoORX1sycRHMWz8JPiM5PR89xrHk.GC4HGlQumo8mg lMmC4F4ps9DpIsvQEjj3KXnOmEZ75Z7jZ3Ez5hlCEVyHYG3jd8YsZNMZMz_bocI0DZC4ljCE5vpX I6dA6gsyR6i5m2SmRrZHOJ.Tj3dN.POARwyfngBs1ra4h0gUfz.JM7gdclfYPvK7Mzlwn19JKrAv R9kJ8hRAV5XY4kviXdmmvPq2dDtn4s6ZscEnOKZ548yNCAXTlPvYRjG_cJbCr32fQFWwKYDLKKng xNBckJdXz8ct09QqiYIldB8X.WlpXAhkcxQEcgDha44c.omGqjD25c5l7QSQ9ShLO3oeuvY4qXng hQmKOtclXXKwjr7wE.UtujoWvr.MFwERggCW3fHSxTcgvdx_KFm3Cd_2xAm_hwQU6EC8nfawzUgs tBQGGSoi1_zkRwHlAQSetFtADy5xSy316PWA5vD3JmW4CsjUpvKBkNREWA0uPdk9IMBw.uNr.ltC u_dVle.1JDyqDKw--
X-Sonic-MF: <reshad@yahoo.com>
X-Sonic-ID: ee7395a9-5a1c-458f-ba9f-0d0c07379ea7
Received: from sonic.gate.mail.ne1.yahoo.com by sonic319.consmr.mail.bf2.yahoo.com with HTTP; Wed, 19 Apr 2023 02:04:14 +0000
Date: Wed, 19 Apr 2023 02:04:12 +0000
From: Reshad Rahman <reshad@yahoo.com>
Reply-To: Reshad Rahman <reshad@yahoo.com>
To: John Scudder <jgs@juniper.net>, Jeffrey Haas <jhaas@pfrc.org>, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-bfd-unsolicited@ietf.org" <draft-ietf-bfd-unsolicited@ietf.org>, "bfd-chairs@ietf.org" <bfd-chairs@ietf.org>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
Message-ID: <2084797491.2899010.1681869852497@mail.yahoo.com>
In-Reply-To: <VI1PR07MB3999048E7D61648A7152B1A29F9D9@VI1PR07MB3999.eurprd07.prod.outlook.com>
References: <167104636614.47387.14544637650303450586@ietfa.amsl.com> <20221215223922.GD23286@pfrc.org> <437097223.585815.1679885856359@mail.yahoo.com> <AM6PR07MB39920946F22521797E66B2B29F9C9@AM6PR07MB3992.eurprd07.prod.outlook.com> <20230418155721.GA20798@pfrc.org> <CCD4BF6D-58FA-4C64-A263-FAD2F48EE442@juniper.net> <VI1PR07MB3999048E7D61648A7152B1A29F9D9@VI1PR07MB3999.eurprd07.prod.outlook.com>
Subject: Re: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_2899009_846753983.1681869852495"
X-Mailer: WebService/1.1.21365 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/2UnKfYD0F_ABTu-AYEEcscwwQCA>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2023 02:04:20 -0000
Thanks John and Zahed. I'm also good with the new text, will include it in the next rev.
On Tuesday, April 18, 2023, 05:22:29 PM EDT, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com> wrote:
Thanks for the text suggestion. It is better now. Someone might of course ask what the business relation is, but I think I understand it better in this context.//ZahedFrom: John Scudder <jgs@juniper.net>
Sent: Tuesday, April 18, 2023 6:15 PM
To: Jeffrey Haas <jhaas@pfrc.org>; Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
Cc: Reshad Rahman <reshad@yahoo.com>; The IESG <iesg@ietf.org>; draft-ietf-bfd-unsolicited@ietf.org <draft-ietf-bfd-unsolicited@ietf.org>; bfd-chairs@ietf.org <bfd-chairs@ietf.org>; rtg-bfd@ietf.org <rtg-bfd@ietf.org>
Subject: Re: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT) Top-posting to avoid the nest of dueling quoting conventions :-( and since there’s only one residual point to settle.
I believe the draft text in question is:
OLD:
* Deploy the feature only in certain "trustworthy" environment,
e.g., at an IXP, or between a provider and its customers.
Based on the conversation so far, let me throw out a suggestion for discussion.
NEW:
* Deploy the feature only in an environment that does not
offer anonymous participation. Examples include an IXP,
where the IXP operator will have a business relationship with
all IXP participants, or between a provider and its customers.
Zahed, would that work for you?
Authors, any problems with that?
Thanks,
—John
> On Apr 18, 2023, at 11:57 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:
>
> Zahed,
>
> Oddly enough, it appears that mail from ietf.org delivered one of the two
> copies of mail from you in a corrupted form. This message replies to the
> missing piece of your question:
>
> On Tue, Apr 18, 2023 at 12:44:13PM +0000, Zaheduzzaman Sarker wrote:
>>> The environment must be under reasonable operational control to satisfy the
>>> scaling of the impacted system. What words would you prefer to have there
>>> instead? How would those words change if you want to permit this feature to
>>> be utilized when the operational environment spans multiple entities, such
>>> as at an exchange point (IXP)?
>>
>> Calling it something else would not resolve the issue until that “something else” is we defined or described. I have no issue with calling it trustworthy when it is described well to that we can understand it, like you attribute it as – “The environment must be under reasonable operational control to satisfy the scaling of the impacted system”. I suggest we put some descriptive text to explain what is makes the environment trustworthy.
>
> I don't believe that it will be possible to tersely state such a thing,
> partially because BFD is simply one element in a deep stack of such
> considerations. As an example, unsecured ARP may be utilized in an IXP
> environment. You can do far more damage by spoofing ARP than you can in
> BFD. Same for discovery components like LLDP.
>
> If you're looking for a particular term of art for such a trustworthy
> environment where multiple potentially semi-trustworthy parties are
> involved, we'll likely need to have such a thing supplied by current
> security practitioners.
>
>> From a general networking standpoint, some properties of such an environment
> seem obvious:
> - The network element that can be attacked is expected to be attacked by a
> device one IP hop away. (See GTSM considerations in the draft.)
> - Attackers must either be directly connected to the network element or on
> shared media with the network element, thus limiting the set of attackers.
> - Layer 2 control mechanisms such as 802.1X may limit the viability of
> attackers to known parties.
>
> In such circumstances, attackers in many circumstances are indistinguisable
> from misconfigured or misbehaving parties. When things go wrong, the IXP
> operator will simply chase it down. It's not like this would be the first
> such malfunction.
>
> Active attackers who are breaking into your racks just to mess with you
> imply security issues far beyond the scope of this protocol extension.
>
> -- Jeff
>
- Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-u… Zaheduzzaman Sarker via Datatracker
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… Jeffrey Haas
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… Reshad Rahman
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… Zaheduzzaman Sarker
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… Jeffrey Haas
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… Zaheduzzaman Sarker
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… Jeffrey Haas
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… John Scudder
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… Zaheduzzaman Sarker
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… Reshad Rahman
- Re: Zaheduzzaman Sarker's Discuss on draft-ietf-b… Reshad Rahman