Re: [RTG-DIR] Rtgdir telechat review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04
"Borchert, Oliver (Fed)" <oliver.borchert@nist.gov> Thu, 11 April 2019 21:16 UTC
Return-Path: <oliver.borchert@nist.gov>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 523C11200C3; Thu, 11 Apr 2019 14:16:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JTo5FFIbVZT; Thu, 11 Apr 2019 14:16:38 -0700 (PDT)
Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840107.outbound.protection.outlook.com [40.107.84.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5749120047; Thu, 11 Apr 2019 14:16:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NEVUTYc57Izui08IcMXciS0NiO9nJG0MKGZ6xlBsd94=; b=HqWVNgeTs2fE8kDikVFY7J4kCh1Dy9TGt/Fo7ENSZSNKkXXyWSX3pWQhaFtsDbVayeOc8fk7ANXSf/n8o2AlPCLvSQ6jsmzWHWwsk3iaNHYVv52cm/sdYjs141rjxJZ4dU3sSsxLnITGr122/J9izoxdoD897mmyvAR3sP4tw28=
Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Thu, 11 Apr 2019 21:16:35 +0000
Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1771.021; Thu, 11 Apr 2019 21:16:35 +0000
From: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
To: Carlos Pignataro <cpignata@cisco.com>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>
CC: "sidrops@ietf.org" <sidrops@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis.all@ietf.org" <draft-ietf-sidrops-bgpsec-algs-rfc8208-bis.all@ietf.org>
Thread-Topic: Rtgdir telechat review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04
Thread-Index: AQHU5Aq8UAmlfJbAlUyDGzfunZHNJKY3jhHw
Date: Thu, 11 Apr 2019 21:16:35 +0000
Message-ID: <SN6PR09MB31674C565BB1F36200F1AFA6982F0@SN6PR09MB3167.namprd09.prod.outlook.com>
References: <155362877270.7408.1659232059641306508@ietfa.amsl.com>
In-Reply-To: <155362877270.7408.1659232059641306508@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov;
x-originating-ip: [129.6.140.119]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1a4f6f2b-819d-48a3-a47f-08d6bec2fa52
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3167;
x-ms-traffictypediagnostic: SN6PR09MB3167:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <SN6PR09MB31672E324C52BB6385B9435C982F0@SN6PR09MB3167.namprd09.prod.outlook.com>
x-forefront-prvs: 00046D390F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(376002)(346002)(136003)(39860400002)(199004)(189003)(13464003)(76094002)(53546011)(486006)(186003)(68736007)(2501003)(97736004)(256004)(6246003)(476003)(6506007)(3846002)(446003)(26005)(102836004)(7696005)(14444005)(11346002)(316002)(14454004)(7736002)(8676002)(53936002)(76176011)(99286004)(9686003)(6116002)(71200400001)(305945005)(8936002)(71190400001)(105586002)(74316002)(6436002)(106356001)(478600001)(52536014)(86362001)(110136005)(4326008)(81156014)(81166006)(54906003)(5660300002)(229853002)(55016002)(33656002)(45080400002)(66066001)(2906002)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3167; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: H6l1zSLjITnqwz/cJub/EH/8VxsXK5vGy8XEjQzvWmLCVMR5WA3lIdm6UFzmg9m7wgM6ni9NauuQf6Z04/Nwgcp9qLzPOnJyfn00VG3ng4PejCTsOUiewSXbhTWUFMa/8J59IteC/evMt+dAIj97psqmTBaOZUpwWjW6+cMIojl0PFo9DyI4vSIkZF82AztRaIS4N39Gz1TP1UujoMnrfsJKDQlAMoxs0OheNmuqioda0jGIeCfDOWpMZ2btFoD8i7e60UoiyGJF9W5eSYq/sd6HkwJKrnn1K4K4cVpqiENVjDi3q5+drPBDWxPKljz6hA0MdtxCYZo3foBOrgfJN0Z0j5Cysd6fiVe/j/6CojyVIsnoy5LiUsl5LcfO1r/9ks+LXNILboifMlI9WTf93KKi6NEPwurXykt593jRugs=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 1a4f6f2b-819d-48a3-a47f-08d6bec2fa52
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 21:16:35.0855 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3167
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/ETyu0gy-24PHM_zenp4VdYsb1P0>
Subject: Re: [RTG-DIR] Rtgdir telechat review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 21:16:40 -0000
Carlos, I fixed the NextHop IPv6 address to use a private use IP. It was an easy fix which does not affect the signatures. I followed your advise to split the Special-Use ID into a range for Experimental-ID and Documentation-ID. The topic of obsolete vs update is still open and I wait for IESG guidance. If wanted/requested, I can upload a version 05 of the document with the modifications I outlined in the previous emails already. Oliver -----Original Message----- From: Carlos Pignataro via Datatracker <noreply@ietf.org> Sent: Tuesday, March 26, 2019 3:33 PM To: rtg-dir@ietf.org Cc: sidrops@ietf.org; ietf@ietf.org; draft-ietf-sidrops-bgpsec-algs-rfc8208-bis.all@ietf.org Subject: Rtgdir telechat review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 Importance: High Reviewer: Carlos Pignataro Review result: Has Issues Hello, I have been selected as the Routing Directorate reviewer for this draft. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please see https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftrac.tools.ietf.org%2Farea%2Frtg%2Ftrac%2Fwiki%2FRtgDir&data=02%7C01%7Coliver.borchert%40nist.gov%7C4350e5e2db9141602a4008d6b221dd15%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636892255859405648&sdata=0G9DxFL9CJzsYDQXEo%2Feo2IoThB%2Fmnay%2BjoIf2zQslw%3D&reserved=0 Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft. Document: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 Reviewer: Carlos Pignataro Intended Status: Proposed Standard Summary: This document specifies the algorithms and parameters for BGPsec (Border Gateway Protocol Security). Comments: This is a clear, comprehensive, and well written document. It states it updates (if approved) RFC 8208, and I particularly appreciate Section 1.2, "Changes from RFC 8208", in explicitly showing how. However, it is unclear to me if the right relationship is to "update" or to "obsolete" RFC 8208. Should this document be approved and published, would RFC 8208 still be active and relevant, only updated, or re-written? Minor Issues: 1. Introduction This document updates [RFC7935] to add support for a) a different algorithm for BGPsec certificate requests, which are issued only by BGPsec speakers; b) a different Subject Public Key Info format for CMP: Does this document update RFC7935 or RFC8208 on these issues? Meaning, if it really updates RFC7935, then it would obsolete RFC 8208. If it does not obsolete RFC 8208, then it would update RFC 8208 and RFC 7935, perhaps? CMP: I believe the right metadata would be: Updates: 7935 Obsoletes: 8208 CMP: Also, an editorial: this is a very thick paragraph to parse containing an enumerated list embedded in it. Should clarity be improved if turned into an actual list? (a), (b), etc. Appendix A contains example BGPsec UPDATE messages as well as the private keys used to generate the messages and the certificates necessary to validate the signatures. CMP: Maybe overkill, but might be useful to explicitly say that the Appendix is non-normative. Just a thought for your consideration. 2.1. Algorithm ID Types o Special-Use Algorithm ID Special-Use algorithm IDs span from 0xFA (250) to 0xFE (254). To allow documentation and experimentation to accurately describe CMP: I was wondering if it is appropriate to use a common block for both documentation (paper) and experimentation (wire in labs). CMP: In this, I note that RFC 4727 says: " It is not appropriate to use addresses in the documentation prefix [RFC3849] for experimentation." CMP: So, while I have no strong position (I think), it might be useful to consider separating these two semantics with different allocations. 8. References CMP: Lastly, I am sure ADs are checking downrefs and the such. Also Nits: Found possible IPv6 address '2001:0010:0000:0000:0000:0000:c633:6464' in position 783 in the paragraph; this doesn't match RFC 3849's suggested 2001:DB8::/32 address range or RFC 4193's Unique Local Address range FC00::/7. CMP: I hope these are useful. Thank you, Carlos Pignataro.
- [RTG-DIR] Rtgdir telechat review of draft-ietf-si… Carlos Pignataro via Datatracker
- Re: [RTG-DIR] Rtgdir telechat review of draft-iet… Borchert, Oliver (Fed)
- Re: [RTG-DIR] Rtgdir telechat review of draft-iet… Carlos Pignataro (cpignata)