IETF Logo Mail Archive

Re: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)

Reshad Rahman <reshad@yahoo.com> Wed, 19 April 2023 03:36 UTC

Return-Path: <reshad@yahoo.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07978C14CE39 for <rtg-bfd@ietfa.amsl.com>; Tue, 18 Apr 2023 20:36:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ws2OPzW8Ror0 for <rtg-bfd@ietfa.amsl.com>; Tue, 18 Apr 2023 20:36:10 -0700 (PDT)
Received: from sonic322-27.consmr.mail.bf2.yahoo.com (sonic322-27.consmr.mail.bf2.yahoo.com [74.6.132.82]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E9A0C14CE22 for <rtg-bfd@ietf.org>; Tue, 18 Apr 2023 20:36:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1681875368; bh=4RpMHDd8Ev0P62z3zDiWVK7a/byiPXEixRhx42FuaHg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=euv43D7mU1FCal912UbwVwSelXWwJlrbwChFdM8kw/a8lZbr/+XNfESc4M3RfEo5D2LUk549Hwoy60WhBBCD3sKXnwcv2k67LiYAYDqEzVJHqPh/0YKDPOjs/iPGshqrCa5DMmQHz1tvcJ5HiUYUMVfFtRINHJmIslOm9Df56BUXQGNshO2EgSUJd94UoDPDH032Qk5LLEKr6xSfFjKQ+tvtiLWlyrNzhTFOuJ6Hv11XHIoqglyTU0I640egzWfSEWysgxCayxT3PXdgd7isaH855d7dnETKLvJAwQNjEGW0cv+r4kx9vQE+6iae+pq6h7glaZxptKQv6HE/mSKqKg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1681875368; bh=nPfiEFYRyGe+3ybBRDRklRNoVdz1YfjLO7VZz/6OCk0=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=OAn34Yds8fM6pfbQ4UK0rLuusZ3lGOMUdkFLzS8J7chy/SYGOojtZ7JMqFCj2X/oYhHqX13UFEk0xsLNxzTNPEWKIFA+goq5bfMr2RUroo/3dWFgAkgSPRF3EpmH8V2YU5+xNQF6fUWfyXu/KfFngJWUkWFsGICuabKhoPJTivuPyOzSAKl0HxOt75TxTmyJ+61gHzsUlewHOYjDhOoq/IXijs0NsRmm0nNIJeH8mOSrB8NyYCXuqoimWnGQggQ3ye0GIlNs4OMzII2NcsTpbFBvOpwKNBl77dw0f7qVNuK2yoQUJ4++rTM7R07P4t71B4NdKJ4Nvp4GhYr5njc6AA==
X-YMail-OSG: vy9PsrgVM1mVFRkmU3WWKj0LGrB.MLtsUZdUgQQhPMQvcK0tY0LqJ06G0Sf8AnX UMJDBUXyya4AFfnU34OvWlHZTDWu3Zmm.XW8U.0WJLJFhtcnLC2sjyyJlaj7cqn2iP3_4v2rAqyo WftvhPVID5j4zZjHuGII3EWLJsFr4HSepWopFh7O7xDOrE6p4GWoXnL3n4Qo7rSYrJUYdrWDgPDK dds0KfhI11CAN6OqWY7Krgx6iPrXUqLdhb4XSX0zswHkFqxyu9WKA8QOxPjpAIz1T2mpRdgi2U7Z nTE67ffLtuLy8xk4JMchLPYrA.f3aWZrjZQ1pudBZasJmoB8oLltfTp_K7eOsYBa6C4NPCLAW3IT _3VF0_IQhLIQXn0nfL5XFjP.L5nCSy9ZBmkQNvI6aGTTQn18FAGAbt7YJ5rwV5oJuDuthnR8c6Kh LNEAvjMx8RkO15OS3b4PwqrWUwSlst7QRoXcOcBW_wnZd0Y5SYZXqaIlqKa3zvpo5fsI2FS58jqY rwBwwB3jtq_2AgvyD2d9vki2uKu5nwqqc_VubMlzar9J.tRkG.vS8eDe8fdyj2v1ocAiCbbYZSfV .eSmKAyn9zgMv3TOF7c4XLM15LBplj.j_xAo9srms7IOFMc8zREl3huj3nWdra65fUnxH0SvQ8_m Tc8thlmCY4DUtuXEJBV2hxVzyWHVePsxPwk7ELqZi8dFeNSUa2kz9MQ3pi.f6O1du7jeP_rjulF7 _yKGw2mq78YfjcZ51qfPnVlqAskj4SHyBwEskA9nkIPhFY7ZipLFgx_L8nG6bkXU4J0kWgmhgTAD WNDq4D3MVZIzqHtezPD1d_80Mnmkccj0gkbxaYsmzoy6264xEjpwKTN4_XoTB.MdqafCrt9DqF0K iOmJK36QTwnPRI2r12GSTPbDzfJfQhahrVTHZduuQ2.O_WX4KSZyIh85Y4XmNFyK2pVEEK4Xz6jD ULsmN38_rR5AkbiyU_Di5hbgphIt4PN3E1K8INkR9.RlfPNBPIZWfSuidAO6qKEIFFgUx6CT18Nu mL1bZ5DGuIKmhqDNDNE1JrP0ppKqToxf8bpdJFDqs9RloWL9Rl7vaTocAqbWKHu9yecYmXpUKVjL dvCFbjJ3mEAaQX2SFG22eBbOqQtyBsk_.gNu1TUYA7cukOSgotmuumXUwOdAkW7s6Oi3QfUGZnct 01gRhQLPkO6T.IStCarTPbZDZfh_wd1DJ189ZL5eIqVvUk9b1rpA2.T9NkvUoelvU.p57Gatg9AX OPnvWja7634QZP5aOJHM7b3l1UG_bA6drYIt3htetWmgo8nFdiSsn207KbRa1fVxVTEb83_jT71c 9w4HXa9rDSVdv2iyxs5t.5hdtluEhlsnOgbOl3J2HVG3NCfZFFDEpsGP38UulCaui7asSn9Oou_T Rcn04FH4qVrBsSY54FymayvrmL_bQm0eU80rOrsR8erl.tWjg8QMeVnPm6PhTA4WuVeCLlm7vfCV ZvfNJDSdnvqH5tbszW8OI66ZTNsIAflB6pqNVa.KYmJ_Id1qlUEE0ZkHfsfkjHOjpx838Lna6KIc bz2XMPdbb_qAr8VDzP8_9Yhomxx7Mvv1BQ4mGCkRMRRDnG8VE6jTUFAMhdkTu4_5C7zefqSVB9gi eqDus.qwEcZlb0_hxuPlM88YQhGw5MHsNOVT3ZK8Sh4yB.l1CHg3bosCTuE8yVmHJxDkWN98B6ii 9VRGOA8uOT3npo5rOCtHouav45ItgP9c4CWLl_.lOWZdsTDomahXotGNSGQWnSxCBMLfs.tEbIzd tT2vbWZ7zHuDcioRQ7y8viQK6FD2U61pAelcH.2hfS8NOH2PLkeSQB380it_U158WLWXiJXJTG.F 417X9PIkvLegL7GlfhwkqJ6gIKQt2XFgzXBdxKyGzuF2fk_mn0MUuundbQRsjhFze6fOLhSY7.Od mrav9Ww4T7jiK3sWP1p_qKZCQDKvYEPDh4ehXe6iE232LCc6hAOGje6LhogV8CuNgimVi98ugVFM UozZXKBhvZWz1mdZWGRXfXNLK3npXZyxVlqkPccpwJkWSDwelBgirCBS8IxM1hdk75KSVZsE66lk iY3CdhnTcDAtn5nSKy4zD2NHjlbJG7RtZvBWPFIeKCnD81uxfHcYEQA8wcyvbqwNHs9pC_lXgjT. .SC8YcWiaSW.NRddSkUNZOPqNLJ_M7M32YELAP9uHs5svp97HQ9_Jc3YpKm6o5wNFr0XjRRpcEiq CbhSwQX0mOFMC4iOef4ioPX6_zKN4eiBpC5oDgelc9fWGu8NYyn_fcdYOtLQd2Z0XeuQ1i1ZmyUf vEJgNmVw1bDOGKjZske7n
X-Sonic-MF: <reshad@yahoo.com>
X-Sonic-ID: fdf66c8e-e865-46d1-9a27-440af14efc37
Received: from sonic.gate.mail.ne1.yahoo.com by sonic322.consmr.mail.bf2.yahoo.com with HTTP; Wed, 19 Apr 2023 03:36:08 +0000
Date: Wed, 19 Apr 2023 03:36:02 +0000
From: Reshad Rahman <reshad@yahoo.com>
Reply-To: Reshad Rahman <reshad@yahoo.com>
To: John Scudder <jgs@juniper.net>, Jeffrey Haas <jhaas@pfrc.org>, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-bfd-unsolicited@ietf.org" <draft-ietf-bfd-unsolicited@ietf.org>, "bfd-chairs@ietf.org" <bfd-chairs@ietf.org>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
Message-ID: <214568370.2910744.1681875362980@mail.yahoo.com>
In-Reply-To: <2084797491.2899010.1681869852497@mail.yahoo.com>
References: <167104636614.47387.14544637650303450586@ietfa.amsl.com> <20221215223922.GD23286@pfrc.org> <437097223.585815.1679885856359@mail.yahoo.com> <AM6PR07MB39920946F22521797E66B2B29F9C9@AM6PR07MB3992.eurprd07.prod.outlook.com> <20230418155721.GA20798@pfrc.org> <CCD4BF6D-58FA-4C64-A263-FAD2F48EE442@juniper.net> <VI1PR07MB3999048E7D61648A7152B1A29F9D9@VI1PR07MB3999.eurprd07.prod.outlook.com> <2084797491.2899010.1681869852497@mail.yahoo.com>
Subject: Re: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_2910743_1585457873.1681875362977"
X-Mailer: WebService/1.1.21365 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/WFSibPharASmnwX2RUML5Z__i3M>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2023 03:36:14 -0000

 Updated text is in rev-14.
Regards,Reshad.   
   - URL:            https://www.ietf.org/archive/id/draft-ietf-bfd-unsolicited-14.txt   
Status:         https://datatracker.ietf.org/doc/draft-ietf-bfd-unsolicited/   
Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-bfd-unsolicited   
Diff:           Diff: draft-ietf-bfd-unsolicited-13.txt - draft-ietf-bfd-unsolicited-14.txt   
   
   
   
   


    On Tuesday, April 18, 2023, 10:04:21 PM EDT, Reshad Rahman <reshad@yahoo.com> wrote:  
 
  Thanks John and Zahed. I'm also good with the new text, will include it in the next rev.
    On Tuesday, April 18, 2023, 05:22:29 PM EDT, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com> wrote:  
 
 Thanks for the text suggestion. It is better now. Someone might of course ask what the business relation is, but I think I understand it better in this context.//ZahedFrom: John Scudder <jgs@juniper.net>
Sent: Tuesday, April 18, 2023 6:15 PM
To: Jeffrey Haas <jhaas@pfrc.org>; Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
Cc: Reshad Rahman <reshad@yahoo.com>; The IESG <iesg@ietf.org>; draft-ietf-bfd-unsolicited@ietf.org <draft-ietf-bfd-unsolicited@ietf.org>; bfd-chairs@ietf.org <bfd-chairs@ietf.org>; rtg-bfd@ietf.org <rtg-bfd@ietf.org>
Subject: Re: Zaheduzzaman Sarker's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT) Top-posting to avoid the nest of dueling quoting conventions :-( and since there’s only one residual point to settle.

I believe the draft text in question is:

OLD:
   *  Deploy the feature only in certain "trustworthy" environment,
      e.g., at an IXP, or between a provider and its customers.

Based on the conversation so far, let me throw out a suggestion for discussion.

NEW:
   *  Deploy the feature only in an environment that does not 
      offer anonymous participation. Examples include an IXP, 
      where the IXP operator will have a business relationship with 
      all IXP participants, or between a provider and its customers. 

Zahed, would that work for you?

Authors, any problems with that?

Thanks,

—John

> On Apr 18, 2023, at 11:57 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:
> 
> Zahed,
> 
> Oddly enough, it appears that mail from ietf.org delivered one of the two
> copies of mail from you in a corrupted form.  This message replies to the
> missing piece of your question:
> 
> On Tue, Apr 18, 2023 at 12:44:13PM +0000, Zaheduzzaman Sarker wrote:
>>> The environment must be under reasonable operational control to satisfy the
>>> scaling of the impacted system.  What words would you prefer to have there
>>> instead?  How would those words change if you want to permit this feature to
>>> be utilized when the operational environment spans multiple entities, such
>>> as at an exchange point (IXP)?
>> 
>> Calling it something else would not resolve the issue until that “something else” is we defined or described. I have no issue with calling it trustworthy when it is described well to that we can understand it, like you attribute it as – “The environment must be under reasonable operational control to satisfy the scaling of the impacted system”. I suggest we put some descriptive text to explain what is makes the environment trustworthy.
> 
> I don't believe that it will be possible to tersely state such a thing,
> partially because BFD is simply one element in a deep stack of such
> considerations.  As an example, unsecured ARP may be utilized in an IXP
> environment.  You can do far more damage by spoofing ARP than you can in
> BFD.  Same for discovery components like LLDP.
> 
> If you're looking for a particular term of art for such a trustworthy
> environment where multiple potentially semi-trustworthy parties are
> involved, we'll likely need to have such a thing supplied by current
> security practitioners.
> 
>> From a general networking standpoint, some properties of such an environment
> seem obvious:
> - The network element that can be attacked is expected to be attacked by a
>  device one IP hop away. (See GTSM considerations in the draft.)
> - Attackers must either be directly connected to the network element or on
>  shared media with the network element, thus limiting the set of attackers.
> - Layer 2 control mechanisms such as 802.1X may limit the viability of
>  attackers to known parties.
> 
> In such circumstances, attackers in many circumstances are indistinguisable
> from misconfigured or misbehaving parties.  When things go wrong, the IXP
> operator will simply chase it down.  It's not like this would be the first
> such malfunction.
> 
> Active attackers who are breaking into your racks just to mess with you
> imply security issues far beyond the scope of this protocol extension.
> 
> -- Jeff
>

v2.23.0 | Report a Bug | By Email