Re: Roman Danyliw's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)
Reshad Rahman <reshad@yahoo.com> Mon, 27 March 2023 03:07 UTC
Return-Path: <reshad@yahoo.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94CCCC151B10 for <rtg-bfd@ietfa.amsl.com>; Sun, 26 Mar 2023 20:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RnPM4V-8qgaN for <rtg-bfd@ietfa.amsl.com>; Sun, 26 Mar 2023 20:07:02 -0700 (PDT)
Received: from sonic312-22.consmr.mail.bf2.yahoo.com (sonic312-22.consmr.mail.bf2.yahoo.com [74.6.128.84]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98B9DC151B03 for <rtg-bfd@ietf.org>; Sun, 26 Mar 2023 20:07:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1679886421; bh=FlFWLYFYWiEdoFqiWMULHyI7Ggar6XeMEejKVGv1+hA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=PoLFNnrJGcvZZLolT+ZNztLtdtda6DzwruyS2WJM+mh8+fXbvtOSrVM+n7gyseo8enQ2qW9VWrmoZxGpOejy/HHyJLaYM5y0E1hDFrveW7IqJzyn62NPKD9uo9gIejrSFah0+1I7Y5ADuxxP3SygoqI649oTvo4bdsN8MwJikGVY1YcWLjPh09Ui1i+KPv6ry+GqyoqtC+E5no/8WHoT077LoZGZzGbuCGQPA/o4J+zT7xkDKeFnFWgdychBc7iQy8qTb674FhyE9IczXg55F1b6uTMmLF1nuKuNzC0Fxo94ZXoOlhFeyCW9IYuCkc2n8ZrPa0WgiNGgAYsT3+UsZA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1679886421; bh=0usnwZR9Af1aJ7Vro9cyw/oHUPVUtzVR8rogN4wwzuW=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=WxbGqW8Gjnl/k6sGsX0+Zso4DVJlrquwzJweat7plW2wpbU0f5ZYYrYjHZ4pdp1uTEe+in+/hQLh4IC29U9jUq1iRBszzQIjYsCYv3lgg/wJ7F0sROqYtpvLYrqbi+Kr3UfQama9rgODU4jjGKNZxRyIZ42aeUEoVIlHmcTLYZlktzbX2oILv4ZS9qMo4h00CoaM0aMr0iZmVxInn7X2etxrqPtWiubL1dBEaZPxB5EwQ0kBMpSzgDQUpGaCSz7tYcZlAMp5EscBi6XWJBXKFIiZ2P+mH2jaRjqUiu/hQ8GmEFUvupyAzGWC/en9vIgpNSIypexgkaeqXprKEVigXg==
X-YMail-OSG: tamkRdAVM1l7Gl1E5rqxS_8HIp0BQbf2h8ahZq2yaCFYvJQ7kD2akl2rvYKg1jg aHV8H6jWb7TJQCpS6_45cu3hUZKNAiIj1CwXEZ2_JEBs1T_U6y4LvyeuqDORprlfqhY0ac2xuNRE fP1VdYufNw1o2Q5RzWqMut73rL4IroDJGupE1Xg96n_1GkScY4Vg0D1h7v60bfnbgBSNLxFqE2Bp k9EywwKHiDQ6GhpfRbEwjpnY3mvtyqMpLYH.tFr_ZCvM29F0wEyyz2HsI9xYKMyKNxKoPaaeWnpT 0nq_rklgwAz2fVdLWA4hVWJmi0IfHpTUiXoLsgLc5TRU_c3hkVBD_CaX7vYJcMEucw7xK2TiB9rJ Bu4aHJtfMgwVXtTpACwOjMhbaVhsC6Bgt.mZi.EUrq.IDnJOZ9l113wU4nJ0ANxfGLhFaaCMKd5V ISUOv.H_uHfTfq6eu0ZVAco6MALDz99N24XOFg0SIvAogaTlbTK2e6Hs1GaS1gLw6vl4QHIP58xV 6JTuXT1TPaa90XibmxTa.A19CWwzH0ZFOliA_hptT8nqmY2M3yTzU3Map0axhZX9ErcqAkvzd2aA MnPY0nlUVkjF3dSmgzIFQpmZrbWv3iesDMGqDaWEh54pddiAZhcsjk1uFeLRcWOBU_7u24RT1bEH wb16H0RHt3Ifb_CeKMVDCeZpDSH._ftfTxg1.QDxuss3iMlTHyKDwqbLOp6lN7sRXTsHfQlyT9Ws WHz.iBTHcdan2T1ri4TKE7d6ph7Hlqzu193KGZAVvEFQYGcFUlqOh.tKg4NmaY.3M53AQC3ClVN3 h7pB9AVy.8wZ3wIpRpiDD6nLuBBoAElAqzh4arwhneAhJJLSPytRpL4wyJx3q.XY_Ure6nBDd4PU x56xdXwZwWx2z8TuLkmfsAIljaIQj_Lv4fi4CkHWgrXnPVcs2rqzsvd9jEk3XroovX1BPJH3OOMn 1acZsGzdgm7U1sUqrW3aY8QrXZD3GeUWYxPd7GvrQXhWYTm0R5vP5DpMh6DaWRWTycXfQAuFHqFM p8iSeMIPJLkZHMEy7uLTZvB9G_U.9q3ltPefEkIRrCTA7LDsRymoElacZHBsR_Vdp6TQ41VHwCrR k2Oe90dVUO9ev0m9BOZjIFaz.xRpaS.Yo9twBEcx7Dr5I3FexW4Gv_8zqHe0HZTTTCZJox3uFyhS wOrUtzHFfOEy5kfM0rjZhDCRNBu8Vj3jp_LNd.W_fDC5R4I.g7e3F7REMQBYdr1hrgh3hazIU1I2 TLhExCO82dUM0_kgxzL.Tr1DbHnEDPh3xc9cPmV50aj4v.74vqaA2ZLx_7Csi9IsXe0u4MSZo6.N AypNQUUpBfJ7FJLbKmhhaakh0PmNjSCq._Vpj52zzlA2P7w8_L8InGZgNA6iE90Ak64WPtMZ1t1a bh1oOMQIGizESiNIntmUjuhWh_QXHdQIaLmfRiGjUKu8cakzhfbAIgIIswZ5UDxeDVblATXxoqzC AWrw4tI6vZibOhfmIMJcYcs8ZrjG7VBN00819iW2RXKytckmqjDll3CcAJB.BqSwWHitked3bneq GDyEL3NdxFmpMbH51u8_YwRMuIKw4K4qC2oUjkmQc4btZNafK_gWzhrkC1MAh55bZcKKEdMAm4ck xplYYDo9oCIQ0cdl_6k6CANh0NLx5q5uoxkv9nbENb6A1T7rOnrNgwqbyBfRhr.CJhf4_xrudH1D oIdeFT2u7wJsV3OTEdfIQt4OFSGqEh9_ESPQzk71ndGiN2Gu_PMPQ.MCmt_iXbMIiT53VcPrfjec l_yG49Cx1kxP9ZkIsomDLN3R7elvXxBkRRiajpmMYnKE7pGuhVTvQwDBFYhgTKUJvtF7n4tuOEn7 hvrz7q2OFAUBoRvlHPF9U9zpjO.Ulm7VXNX2Aeuvcnjg56cWDO4vRPjzlvGSN3e2_Uo_1kbdNR8I ScKbvsERC_IepR70rdUSSNcY2huTl2dNrhAE6NxdvQtIVMdE7bDU1ONBTkmuwZRYDZ67Xs9qHw2k nBUJIlOsICjKMqQcMVdrxNDPsoqmmGrWeW3nj7I.0T6E_jPOXww1r3U8hiB.x9s3SBzBOq_9_VMX ELC4uhzTKLzce6S_46j.aNGp8yh.zjHalbbgvSQ2nfnukv8iXrPMAZTw3kDycoqtfRnCXlPPe9SH dK5bWswlbvzWOabUqfAxs.pbp6NubP5.8_jCyYyw_FiH8dmHsL3I_0.Im38dPYmI8JTP4Bdu.yni GjtaW89Bwbf6yHFIlTPRKjzk1uc9obcrzgW1HGXxjdpgP.kVgCSOWx1B.OKmM457IM3CjjRXL7XS 53ly2EI4bFkCSvYCax50g
X-Sonic-MF: <reshad@yahoo.com>
X-Sonic-ID: 2ee9c93e-5873-40dc-a0ea-4cf9dc3a3b2b
Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.bf2.yahoo.com with HTTP; Mon, 27 Mar 2023 03:07:01 +0000
Date: Mon, 27 Mar 2023 03:06:57 +0000
From: Reshad Rahman <reshad@yahoo.com>
Reply-To: Reshad Rahman <reshad@yahoo.com>
To: The IESG <iesg@ietf.org>, Roman Danyliw <rdd@cert.org>
Cc: "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>, "bfd-chairs@ietf.org" <bfd-chairs@ietf.org>, "draft-ietf-bfd-unsolicited@ietf.org" <draft-ietf-bfd-unsolicited@ietf.org>
Message-ID: <64934445.583922.1679886417276@mail.yahoo.com>
In-Reply-To: <167103723541.48477.2301299940281758486@ietfa.amsl.com>
References: <167103723541.48477.2301299940281758486@ietfa.amsl.com>
Subject: Re: Roman Danyliw's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_583921_1063495705.1679886417274"
X-Mailer: WebService/1.1.21284 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/Dmu4d_cD57K5wR6lvyHaRQVXGnY>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2023 03:07:06 -0000
Roman, thank you for the review.
On Wednesday, December 14, 2022, 12:00:39 PM EST, Roman Danyliw via Datatracker <noreply@ietf.org> wrote:
Roman Danyliw has entered the following ballot position for
draft-ietf-bfd-unsolicited-11: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-bfd-unsolicited/
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
** Section 7.1
Limit the feature to specific interfaces, and to single-hop BFD
with "TTL=255" [RFC5082].
Section 2.2 of RFC5082 says “set the TTL on the protocol packets to 255 (the
maximum possible for IP) and then reject any protocol packets that come in from
configured peers that do NOT have an inbound TTL of 255”. Guidance on dropping
the packets based on TTL in RFC5082 appears to be missing here.
<RR> Added reference to RFC5082.
** Section 7.1. The following considerations are inconsistent:
-- “To mitigate such risks, the following measures are mandatory: … Apply
"policy" to allow BFD packets only from certain subnets or hosts.”
Editorially (not discuss but related), why is policy in quotes?
<RR> Quotes have been removed.
Requiring this check conflicts with the less rigorous SHOULD in Section 2: “The
source address of the BFD Control packet SHOULD be validated against expected
routing protocol peer addresses on that interface.”
<RR> That text has been removed from section 2 after considering other feedback.
-- “To mitigate such risks, the following measures are mandatory: … Use BFD
authentication, see [RFC5880]. In some environments, e.g. when using an IXP,
BFD authentication can not be used … If BFD authentication is used, the
Meticulous Keyed SHA1 mechanism SHOULD be used.”
The text first says using BFD authentication is mandatory, but then says it is
not possible in certain environments. Later is states that “if BFD is used”,
but the text already said it was mandatory.
<RR> BFD auth considerations in (new) section 7.2.
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Thank you to Derek Atkins for the SECDIR review.
** Section 7.1 Meticulous Keyed SHA1 is a stated as a SHOULD. Is this
intended to express a preference over MD5? If so, perhaps this needs to be
restated that “SHA1 MUST be used if it is supported.”
<RR> Removed reference to SHA1 as per other feedback. Please see text in 7.2 in rev-13.
** Section 7.2
* data nodes local-multiplier, desired-min-tx-interval, required-
min-rx-interval and min-interval all impact the parameters of the
unsolicited BFD IP single-hop sessions.
Please explicitly state the impact of write options on these parameters
<RR> Added.
Regards,Reshad.
- Roman Danyliw's Discuss on draft-ietf-bfd-unsolic… Roman Danyliw via Datatracker
- Re: Roman Danyliw's Discuss on draft-ietf-bfd-uns… Reshad Rahman