IETF Logo Mail Archive

Re: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)

Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com> Tue, 18 April 2023 21:22 UTC

Return-Path: <zaheduzzaman.sarker@ericsson.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F04AC151544; Tue, 18 Apr 2023 14:22:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T59-Xhn7CRTA; Tue, 18 Apr 2023 14:22:32 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0609.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::609]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69576C14CE25; Tue, 18 Apr 2023 14:22:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fnltD99BGtx1IhIoReK38V146T4M7uLSUP4bEz5yCZeO5MetPHkqHc/FaIeN0N6FexWjH9xd/3c2N47CnP0DPaKZZEeDpZjOFmrRj3WrT3z7Pz/cKBAQMOhidVk/b7sAAb6//GtCf46Ta4hbXZo/+7zlEB5w01qucT3By4lA0ZtF0qefXS/ZZ1rqDcinn5KaxcIcBzMbFvKfr3HXTO72XBMv053U5dxqDQF+MQfcqnTCaYahM7jOWsRguMRW2x+O9VwkDjsVYXWAHQjMHRzaleWP/ww4YTK0S/gpsoJY0+r5KgCmKmj+Q4sWMIRYFQvz6fBF1xgYAzY87szBrIacKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7ubO5qqPGOBRqhUo+sE+/6vQKrCu26nyaJiwrnEapv0=; b=Pm/W9TLdBoxkSN8ZczQw/qDPXK3utiIxepMNqS6oBz0COYe5gbEJ9pD2je9/NoNqp95HTBA2ksoytRSUiqHrKGuyobkWaIRsUF5SlaZwiRT/hy0moUctRtWt4MOt19l6Xv3phFxya9GK96pUWtfquRyT4tA31BMcyeZCJcTYgAsEjR2MkPsS4PNp3aZluVvtqpEOVMFgF+Ot2BVQkbeLax4t44kT2EkJwAcuCrPW6M6eftFX4DVEJ/IoQnPm9q13nek0kejKkitUY9KzQSBbxUQdEc/2U/N40UQog/91D9glMl1wxvyvLQMnQBJQqdz5XJ5aMB9xLv7lopPxy86tsw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7ubO5qqPGOBRqhUo+sE+/6vQKrCu26nyaJiwrnEapv0=; b=DsVzDD2jSZU7ukL+8bSbTbTEWFcm3+jcjAiSPxqOSRQa521I4P22lWfa5tUG3f1XTjMPPTxx3yCixCESWT8J2fRgKoXFIKUXF3YPXWYa69j7kxGTLqkSJQW0kpUeeIb3oJa1LIOLMaKrRnjsAK+fSghgjdSOI4bNBkX7WX+c904=
Received: from VI1PR07MB3999.eurprd07.prod.outlook.com (2603:10a6:803:3a::11) by AM9PR07MB7299.eurprd07.prod.outlook.com (2603:10a6:20b:2c6::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.45; Tue, 18 Apr 2023 21:22:27 +0000
Received: from VI1PR07MB3999.eurprd07.prod.outlook.com ([fe80::693:e28f:ba79:d3b9]) by VI1PR07MB3999.eurprd07.prod.outlook.com ([fe80::693:e28f:ba79:d3b9%6]) with mapi id 15.20.6298.045; Tue, 18 Apr 2023 21:22:27 +0000
From: Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
To: John Scudder <jgs@juniper.net>, Jeffrey Haas <jhaas@pfrc.org>
CC: Reshad Rahman <reshad@yahoo.com>, The IESG <iesg@ietf.org>, "draft-ietf-bfd-unsolicited@ietf.org" <draft-ietf-bfd-unsolicited@ietf.org>, "bfd-chairs@ietf.org" <bfd-chairs@ietf.org>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
Subject: Re: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)
Thread-Topic: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)
Thread-Index: AQHZD/LgHjwCsddgrEeFKxM76+9Ioa5vjEEAgJ8DnQCAIaOBmoAByaaAgAAFGoCAAFR5UQ==
Date: Tue, 18 Apr 2023 21:22:27 +0000
Message-ID: <VI1PR07MB3999048E7D61648A7152B1A29F9D9@VI1PR07MB3999.eurprd07.prod.outlook.com>
References: <167104636614.47387.14544637650303450586@ietfa.amsl.com> <20221215223922.GD23286@pfrc.org> <437097223.585815.1679885856359@mail.yahoo.com> <AM6PR07MB39920946F22521797E66B2B29F9C9@AM6PR07MB3992.eurprd07.prod.outlook.com> <20230418155721.GA20798@pfrc.org> <CCD4BF6D-58FA-4C64-A263-FAD2F48EE442@juniper.net>
In-Reply-To: <CCD4BF6D-58FA-4C64-A263-FAD2F48EE442@juniper.net>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: VI1PR07MB3999:EE_|AM9PR07MB7299:EE_
x-ms-office365-filtering-correlation-id: 651fcee4-449f-4a5d-74f8-08db4053028c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NVL0YlkK43bqbup0RM8V3obRP77oGKm6LMbe8S/T/zjNffQN2QxkTALzKSLSRDyHWpZWUky4Z/Bdsi2LMJLibaVW9KUPZmrGoJZQJjCyuegW2doSBGADeXNIcV6vXuwer47nEHadaL/tVyDD20b1BoV00C41sz4AIa0FVarQLpCYYrXzKGv1y9TAS+WTbiBBylBDjOnvc3/SDh8U68Jthmb4ATePUFnU98+MviYSU8/TnvzREU7xEOiK3EE6NBc/HE4mLz5CdK7/Ug24+zWWzN83TMZM6g++1ooCE04lLAIedC7Jy4BEnKdRSWAWwsPBWinHc6AJ4m3DQ69lWxBeGSVKjYFgwL3C9O88GouGsjyCFGQk2brI5YB6wUoAMrd2NjfMTGviBgnwDvx4Fq0FeXFEigLpvtpfRdngsLWAKI39xF5cneCDVEzeiI21BqEfO1TME4vOFVS9erIET1qYG0sqdFV92RvfbmGVd076sxsE5yzd37KKZthlde/zceoaBuyQTfk9B4VoNzU/iYGOEwIy85lIaR12QdW2JErq+sUxjtupOxWFKOm+fsyYO+wJzrfg0631y5X0l++k6r1uUl1yGWRzNdyoUs54XwZtWU55Z5H8Zze68SJMh3pMUPLX
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB3999.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(39860400002)(396003)(376002)(346002)(366004)(451199021)(64756008)(66446008)(66556008)(76116006)(66899021)(2906002)(66946007)(66476007)(4326008)(86362001)(52536014)(44832011)(5660300002)(7696005)(8936002)(41300700001)(55016003)(316002)(91956017)(110136005)(478600001)(33656002)(54906003)(82960400001)(53546011)(122000001)(26005)(6506007)(186003)(83380400001)(38070700005)(9686003)(8676002)(38100700002)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2E6ntvzcjZzmtYX+acTYS4XiS5LvmyfAKgt5x69LScI33NHnfOML6EkvRnF779HE9N6lYBTGiv6S5ir8O9ySjr318btQ30vjCeYsO/vsicRAw7EaFT0MKiqGp4tbInaNG1QvVC+jOvL+S6NzAIp5jgPROavlXT8HvZ+KeKPAI0HYCbyUbTglY/fRXdRepASI0CUazG5bQB2z5wIb1dWfnZ5YQ20P2xMz2z0yg1pYuBn5LAfD5WWS8eynsbN3qTVdiyEpp9/3TltXmeJPIHeLeGCGiOJ7hfxyoUGh8cFDiVxn60EHR5fRcuXU7QAsLqEoDH8PzbKK+znnHDngn53jMj3dTwMt6Ow4fieJVUhbtNSHNC93Fojs8q5S+RxfxdqcFkyx1Q3DjU4mPrbQvJUKOiLQUxUWBx51Mg6bx2I4CuUOLHfjpFjEzCxN9N87DycEJUTQApONbHPQeUtzoG0muRSh7xX98cLSa60xDzrqvhII3aQhvrfWcLt6wzsxSMXtcsV8j0MLUcf2bXfAU1QDa58RlwckcOzBuI+o9ktGR5aivKw0e9WAv3jR2rcB/6CzTO2fpdLjZiF4D4L7yTqe9mwrYGjXFv36xMiG7BoCMgXDoh9O9/syvfY3BBIUhU4f2Sf1rNbtFTubT2hVmCW2mPpjgG/jA3menEfAjRc/391SGMR+0sm13KrwlLDr+xkaAeQlXcx7VjpNDIT/hMpE4ZjBwp1qgfAp/lYcmijN1Y5fozglbXt7PgAymQXNajWcPU55L9HJjVf4elia+lpKXHXbtdR97YOU8GTm7ehdsYvIKCHOZ/Xilo/H0ezBc3oAVvtuPVjpBBczCmt47fNJ13ilPsEI6bn1dVnlrzPog79T86cblatZqQnXnnAt+OceylC5dGfFaI6LxPW4DXrVGi0F6l1ETuKIMcRDXSXgIDDPY+WZ4OPfTT+Jnzydh5R3CKq3CcS10Om1eweYT0TM/7bf37hJFdy7qeqrz++jyEWVU3MtHBhgKUvtXXS16eFU1Lojh6EXPuMx0MnbA3vqb4RmjZInWsNt2tPJLwv8ZnJ36v0+MsrVLrm9iRtsUp2y2z0lhgOZaaOl7XBWepHZIuLngMRjQEI7bVuAz2gYK7JOgf/hIBN/5MJrMjHBbk0L0B68msJLJi52ABpxqrRXkxTvyNxhyNRuph7ZPjXReh0x3wj3QNadoiqkAHJywLwq2cmr3fhGkVjei67ImiKN8plP0PhxQjqCmibwxtFYzQUzYW3f+Y/CTibfQVSe5tTGUsF/JY2zwkS5g5iBY5RCSyuOuU3/2udNm65aFe51/euoR49bxZvsp8UVWR89u5HHojsNuIKDUpELpe+N8vfBoRuvEQtKRs8IpWSXWxDnfoBjl2f9D6BnlIAY5KCSBVTzjCSgZ9HpK4b0OJFiSBMpnKzJ1ELCGTbJaAjRBeOqQA8nPcXMnfNBfkUVeql+OAC+Mw9Oia+HwgyVrurr8B24udPyx0qwlfhLECqDf7cP2/jR1OWdS3VAkG4Iy2ZiLD/nv8CN2/no6CbNNgvYWp3ohOqDVPqSu80i5+6V0M86tBGf9RzwQC4ixv3qXCV72iMKmgjvHXOqn3KJAo6VJC1yDGxNGoIE/3ns2oFg3PMzlIR3JjwKvUJSwX//Z/N+cnw0
Content-Type: multipart/alternative; boundary="_000_VI1PR07MB3999048E7D61648A7152B1A29F9D9VI1PR07MB3999eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB3999.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 651fcee4-449f-4a5d-74f8-08db4053028c
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2023 21:22:27.1880 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: u52NrVtvuZ/IcHZAAzec0VcXUMMXbupyI/2/hpXUunE15kXdQkvWJVC+9NGqsiWdpFLjfvTJk3trx4trml5M1iLjgC1IbBg/u4qrS4pL2HBwc7SI3SN9zLh+4krK4f3E
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR07MB7299
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/PkwOIa8rn9pUOWiyP4URKuPEgBA>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2023 21:22:36 -0000

Thanks for the text suggestion. It is better now. Someone might of course ask what the business relation is, but I think I understand it better in this context.
//Zahed
________________________________
From: John Scudder <jgs@juniper.net>
Sent: Tuesday, April 18, 2023 6:15 PM
To: Jeffrey Haas <jhaas@pfrc.org>; Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
Cc: Reshad Rahman <reshad@yahoo.com>; The IESG <iesg@ietf.org>; draft-ietf-bfd-unsolicited@ietf.org <draft-ietf-bfd-unsolicited@ietf.org>; bfd-chairs@ietf.org <bfd-chairs@ietf.org>; rtg-bfd@ietf.org <rtg-bfd@ietf.org>
Subject: Re: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)

Top-posting to avoid the nest of dueling quoting conventions :-( and since there’s only one residual point to settle.

I believe the draft text in question is:

OLD:
   *  Deploy the feature only in certain "trustworthy" environment,
      e.g., at an IXP, or between a provider and its customers.

Based on the conversation so far, let me throw out a suggestion for discussion.

NEW:
   *  Deploy the feature only in an environment that does not
      offer anonymous participation. Examples include an IXP,
      where the IXP operator will have a business relationship with
      all IXP participants, or between a provider and its customers.

Zahed, would that work for you?

Authors, any problems with that?

Thanks,

—John

> On Apr 18, 2023, at 11:57 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:
>
> Zahed,
>
> Oddly enough, it appears that mail from ietf.org delivered one of the two
> copies of mail from you in a corrupted form.  This message replies to the
> missing piece of your question:
>
> On Tue, Apr 18, 2023 at 12:44:13PM +0000, Zaheduzzaman Sarker wrote:
>>> The environment must be under reasonable operational control to satisfy the
>>> scaling of the impacted system.  What words would you prefer to have there
>>> instead?  How would those words change if you want to permit this feature to
>>> be utilized when the operational environment spans multiple entities, such
>>> as at an exchange point (IXP)?
>>
>> Calling it something else would not resolve the issue until that “something else” is we defined or described. I have no issue with calling it trustworthy when it is described well to that we can understand it, like you attribute it as – “The environment must be under reasonable operational control to satisfy the scaling of the impacted system”. I suggest we put some descriptive text to explain what is makes the environment trustworthy.
>
> I don't believe that it will be possible to tersely state such a thing,
> partially because BFD is simply one element in a deep stack of such
> considerations.  As an example, unsecured ARP may be utilized in an IXP
> environment.  You can do far more damage by spoofing ARP than you can in
> BFD.  Same for discovery components like LLDP.
>
> If you're looking for a particular term of art for such a trustworthy
> environment where multiple potentially semi-trustworthy parties are
> involved, we'll likely need to have such a thing supplied by current
> security practitioners.
>
>> From a general networking standpoint, some properties of such an environment
> seem obvious:
> - The network element that can be attacked is expected to be attacked by a
>  device one IP hop away. (See GTSM considerations in the draft.)
> - Attackers must either be directly connected to the network element or on
>  shared media with the network element, thus limiting the set of attackers.
> - Layer 2 control mechanisms such as 802.1X may limit the viability of
>  attackers to known parties.
>
> In such circumstances, attackers in many circumstances are indistinguisable
> from misconfigured or misbehaving parties.  When things go wrong, the IXP
> operator will simply chase it down.  It's not like this would be the first
> such malfunction.
>
> Active attackers who are breaking into your racks just to mess with you
> imply security issues far beyond the scope of this protocol extension.
>
> -- Jeff
>

v2.23.0 | Report a Bug | By Email