IETF Logo Mail Archive

Re: [secdir] [sfc] Secdir last call review of draft-ietf-sfc-oam-framework

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Tue, 28 April 2020 09:45 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18CEF3A11F7; Tue, 28 Apr 2020 02:45:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=EYCm/IjF; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=AELZzjjU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3WpUiYfXkBL; Tue, 28 Apr 2020 02:45:23 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5298A3A11FA; Tue, 28 Apr 2020 02:45:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9192; q=dns/txt; s=iport; t=1588067123; x=1589276723; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=jvo4psHgDPjfegOxvsEwuYpQOroRuqCXxxccWKxReiU=; b=EYCm/IjFOZpxICYaR4dO3F+L4XQO7c8GECeI6jbuNVSQlQFTPE9Jkipb e16hGfLlc3WbbtP3ZYYzlDgFP7dQXdjMv1VbhyQ9GJWeY+xFRjR3gU/Uz 6n6IPerZdJDw1eloHJ3fXGBJD9iiYdimqA5IhyOsXFBjiDnWwJRsTxy6T Q=;
IronPort-PHdr: 9a23:gRQQ8B/h6Z+OZP9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+7ZRCN7vR2h1iPVoLeuLpIiOvT5qbnX2FIoZOMq2sLf5EEURgZwd4XkAotDI/gawX7IffmYjZ8EJFEU1lorHq6KkNSXs35Yg6arni79zVHHBL5OEJ8Lfj0HYiHicOx2qiy9pTfbh8OiiC6ZOZ5LQ69qkPascxFjA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ArAABR+qde/5pdJa1mGgEBAQEBAQEBAQMBAQEBEQEBAQICAQEBATyBNgIBAQEBCwGBU1EFbFgvKgqEFYNGA40vJZgvgUKBEANUCwEBAQwBARgLCgIEAQGERAIXghEkNwYOAgMBAQsBAQUBAQECAQUEbYUqByUMhXEBAQEBAgEBARAREQwBASsBCwEEBwQCAQYCEQQBAQECAiYCAgIlCxUICAEBBA4FGweDBAGCSwMOIAEOlwyQZwKBOYgsNXaBMoMAAQEFhTYYgg4DBoEOKgGCYoJDgg+CPIEggSwagUE/gREnDBCBT34+gmcBAYEmCgELBwEoMQKCWDKCLY4rgxCJCpdhCoJFmAAdgluIV4wlgSqDepFQmzACBAIEBQIOAQEFgWgjZnBwFTsqAYI+UBgNj16BVgwXg0+FFIVCdDUCBgEHAQEDCXyLW4E1ATBfAQE
X-IronPort-AV: E=Sophos;i="5.73,327,1583193600"; d="scan'208";a="754042196"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Apr 2020 09:45:16 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 03S9j4DP009256 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 28 Apr 2020 09:45:15 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 28 Apr 2020 04:45:03 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 28 Apr 2020 05:45:02 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 28 Apr 2020 04:45:02 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xg1zbzgxsvjwp7GhOM+1sQcPCcERdX/mZz6OlFxrLdHowWcc261YW99yF3nWMm+k9GH3oEeYdxQwmxHbdhrSAQNTxQuMHiFAIVGhgHFA2XD6g0EIF83umSF1hM965DXljre08vj8+dJk4BlsM+q7j/5c81duJLzoDeZ2RAA+hJUsmNudVlMy6NhtM/RhlvCmrmTVJO+rgS5C/Kb8F1lVK84M/vgLYuOG1A3QlJViStafcGK0FrAlqfsn8qwiI/bnoHaj9fwY1TQj3A0i4DMxfWyCjy7MMNfMcO+rfA8+qJs71kQ+zOO/0x5p8H3H8AgtktRUkB0v0Bxxsel0A6Tk5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jvo4psHgDPjfegOxvsEwuYpQOroRuqCXxxccWKxReiU=; b=iofmzZMVeRgRF0UVSrnhBNvGSCPGDh5/D5nXKNYMZliYGt1c4E//Io+sx7C3g/dipG+zNRP84FgxqA5gop4BO0CUHhChKU/VUBG1WWHCUskW+wC9T+/OVouIAYXbXjFMP6yYsdEShFGvZd1+B/ypr8NJOqbi/echESNEvtKNgNf36fYiAxDXdIyPQn9u108QhUdJf1uXv9ZGnbkln4KK71dqBnCjeH2UPkpoN9ghCrB4/LU/krBwV5kEW5lAU3hNifpSSf/chJF7XU6JjbXGyA8J9WYupGi8YDE0YSyWc42Afs3E/8y3S4zBDlbqZ2SQ3LOyh/MjgVRVXYlKZktnMw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jvo4psHgDPjfegOxvsEwuYpQOroRuqCXxxccWKxReiU=; b=AELZzjjUW7p5dG/PgkQvhvSm9FkByWF9ZHxNEp/+DobNb4/WdN3HUkhKLzZFMlvf+nDSY+7madWuzusZYIT+37jlL9SZDR5NSLDOQEwXKmbi+HQx0VhInc5s0ccliRyYqz5fbg17QhMks9Z0y3I4HK06YJugf85KxQOeoE+bjMQ=
Received: from BN8PR11MB3635.namprd11.prod.outlook.com (2603:10b6:408:86::20) by BN8PR11MB3617.namprd11.prod.outlook.com (2603:10b6:408:82::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.22; Tue, 28 Apr 2020 09:45:01 +0000
Received: from BN8PR11MB3635.namprd11.prod.outlook.com ([fe80::9981:86d4:ca20:ff96]) by BN8PR11MB3635.namprd11.prod.outlook.com ([fe80::9981:86d4:ca20:ff96%7]) with mapi id 15.20.2937.023; Tue, 28 Apr 2020 09:45:01 +0000
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>
CC: "Nagendra Kumar Nainar (naikumar)" <naikumar@cisco.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-sfc-oam-framework@ietf.org" <draft-ietf-sfc-oam-framework@ietf.org>
Thread-Topic: [sfc] Secdir last call review of draft-ietf-sfc-oam-framework
Thread-Index: AdYW4VRPPDX1YR3aSqa2kbIsbH1DggD1H5cAADlwdwAAQWMSAAAfHIaAAAkHEqc=
Date: Tue, 28 Apr 2020 09:45:01 +0000
Message-ID: <18633362-D237-41A0-8EAB-8B2D604CA677@cisco.com>
References: <CY4PR1601MB12541726BC79551C2A2EBBF0EAD40@CY4PR1601MB1254.namprd16.prod.outlook.com> <AEE6AFB3-6EE8-495F-992B-6314CBD2B6F6@cisco.com> <CY4PR1601MB1254E6CD2D9C4558EAFF21F5EAAE0@CY4PR1601MB1254.namprd16.prod.outlook.com> <760DA3B5-3B10-4786-8EC9-B107BFEBAC28@cisco.com>, <CY4PR1601MB1254CADC9C21C9A205CFDF33EAAC0@CY4PR1601MB1254.namprd16.prod.outlook.com>
In-Reply-To: <CY4PR1601MB1254CADC9C21C9A205CFDF33EAAC0@CY4PR1601MB1254.namprd16.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [108.203.7.63]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c60f7856-5d7a-486f-a8ff-08d7eb58d281
x-ms-traffictypediagnostic: BN8PR11MB3617:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BN8PR11MB3617B5242309EE02080AE918C7AC0@BN8PR11MB3617.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0387D64A71
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN8PR11MB3635.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(346002)(396003)(136003)(366004)(39860400002)(5660300002)(66946007)(64756008)(66556008)(66476007)(66446008)(6486002)(186003)(76116006)(6512007)(6916009)(316002)(4326008)(54906003)(6506007)(478600001)(966005)(53546011)(2906002)(2616005)(26005)(33656002)(81156014)(8676002)(86362001)(8936002)(71200400001)(91956017)(36756003); DIR:OUT; SFP:1101;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TTyHJQqswu8LEzZqRv+4ZTL4Uuim5K88gUASXaEgWen7EhtBenWmH872TU5NcFRmtDIpU90h8XRAjhm1l1nHRPOMq02UHaAXEcwGVeSYicAlcXJ3Tbjkk092SH7ZArtK8vtiZr4/eT54hWPNO2O7cFLqs6Fi+rKTFicDrYH4CiQ2seVuS4h3FJGydwIXURtfCkRKzNL5FIqtiDy7IDu6QF3I6aw7cNPmY6+ez6qtsFAJlNsIkYU7SahTMSQCqTiqQPvWS1LuYpbrUf5+3CfZRDD0+sa1i2+F5eeEJUarOAX50R+bN9NGUUd5D4nwrHJaRKyoYcDo0ZWnX+hbs7DIPNFBdIbkEfRQfvX7BbkCruW4Ga4PmVH3KUtBTwd4fI79fstDGeWY2N1ThxpWbAkTrnsP+9hkTWk/CzUlbwXLfJuiidPiMxBWEDuljjuc9xd89Qr7XysPWwxcnrGfX6wiJaDD3yAyO2e8WJQGM7RIWt2vNosFCtHD3mGNRZ3jKeKbzZpsISUshejtBdpipeSpgA==
x-ms-exchange-antispam-messagedata: 9sajuI1tUQLIXeN5Knl7dTSerGc/5afOPsQ4gbZpa9x2+ZwM0znZdIuruM3xCfFyjNfC9+DhGYg9HRPHX8zLo0NvRHETi1cYFVQkMB3htYiIAuasB+q1s2DAnKAdLYSPpuE3lfSPnJ/o+V0/JlcmRI4TRfkFqStMRcvnONon6i3JCHxy8vvxJYXJup0/V6zhyOZPf65hslaZA9SKDKLoULKkICfjW8EvKQYeSwqy3KO0HNxdwg9bhlfI55KcSMQy+sQQIqYlrZWcGE1piOqbgQ0e/9k+GvDGohrfWnSKegDPvthJtEh8M6IUN4xrtbPdY1NJOdvIvQTw1F1+EDSaX4sEm0GHwY0D1xnsgkOI14tvLrzwEtXYMPhlN2cBIHENpICFiliS4boBpx2Vip9UeZPJHnFhioluCFXI1WrXCJDOLJRlgekxHkIacElMfHhbjY6L8VR9t5+3fLKHhYw6/xv+LADqL1nbO8L6z/hYQCTxomDJh7O4rJBsFzNxVmQIinHZSzYuGUxNRidDMxA+V+B8CorDHnVtB8Xz/Yhns4FJL0ByJATjKg0AECCAvl0mgnTBhjhPciF2GkZjA1xp1a+4Htx0HIA2zfkoLK70PHF2gXfziOY86vGp8inkC3qqveh5Dk10lW0cm97U0tdsli3HvdbT1Mc93+m7lQ8blYSAjHRZHdrbynYitxq0dKxmQa+TcWVK6AUMc4LGl0TxF6brvJirrhTZ4WwWJzUULpBFEbUxInYxL16TCZ1jwkQ7PfADFcI5uwo6Fc7eIL4/4JT5tDo3OQ54x9+GgOwq8jU=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c60f7856-5d7a-486f-a8ff-08d7eb58d281
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2020 09:45:01.6977 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vAwzX1G9T5Id9qiQ0+eoBrZTTlrcUnvL1xBS2DRdvt1JJYsJltn2uJKmYZPCt7Z3h9ioiGNpnvQzesZuFAJcaA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3617
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/BRhdIuHOuuMEQ5OwRF5mntH776M>
Subject: Re: [secdir] [sfc] Secdir last call review of draft-ietf-sfc-oam-framework
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 09:45:32 -0000

Agreed. Thanks Tiru. 

Sent from my iPad

> On Apr 28, 2020, at 1:26 AM, Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@mcafee.com> wrote:
> 
> Hi Nagendra,
> 
> You may want to update the following line:
> 
> OLD:
> To address the above concerns, SFC and SF OAM should provide mechanisms for: 
> NEW:
> To address the above concerns, SFC and SF OAM should provide mechanisms for preventing:
> 
> Rest of the changes look good.
> 
> Cheers,
> -Tiru
> 
>> -----Original Message-----
>> From: Nagendra Kumar Nainar (naikumar) <naikumar@cisco.com>
>> Sent: Monday, April 27, 2020 8:06 PM
>> To: Konda, Tirumaleswar Reddy
>> <TirumaleswarReddy_Konda@McAfee.com>; Carlos Pignataro (cpignata)
>> <cpignata@cisco.com>
>> Cc: secdir@ietf.org; draft-ietf-sfc-oam-framework@ietf.org
>> Subject: Re: [sfc] Secdir last call review of draft-ietf-sfc-oam-framework
>> 
>> CAUTION: External email. Do not click links or open attachments unless you
>> recognize the sender and know the content is safe.
>> 
>> Hi Tirumaleswar,
>> 
>> Hope you are doing good.
>> 
>> Thank you for the review and the comments/suggestions. Please find the
>> diff attached that incorporates the comments.
>> 
>> We will submit the new version with the changes. Let us know if you have
>> any further comments.
>> 
>> Thanks,
>> Nagendra
>> 
>> On 4/26/20, 3:24 AM, "sfc on behalf of Konda, Tirumaleswar Reddy" <sfc-
>> bounces@ietf.org on behalf of TirumaleswarReddy_Konda@McAfee.com>
>> wrote:
>> 
>>    Hi Carlos,
>> 
>>    Please see inline
>> 
>>> -----Original Message-----
>>> From: Carlos Pignataro (cpignata) <cpignata@cisco.com>
>>> Sent: Saturday, April 25, 2020 9:29 AM
>>> To: Konda, Tirumaleswar Reddy
>> <TirumaleswarReddy_Konda@McAfee.com>
>>> Cc: secdir@ietf.org; sfc@ietf.org; draft-ietf-sfc-ioam-nsh.all@ietf.org
>>> Subject: Re: [sfc] Secdir last call review of draft-ietf-sfc-oam-framework
>>> 
>>> CAUTION: External email. Do not click links or open attachments unless
>> you
>>> recognize the sender and know the content is safe.
>>> 
>>> Hi, Tiru,
>>> 
>>> Many thanks for the review, and great to hear from you!
>>> 
>>> I hope all is well — Please see inline.
>> 
>>    Thanks, I’m fine, and I hope all is well with you too.
>> 
>>> 
>>>> 2020/04/20 午前3:28、Konda, Tirumaleswar Reddy
>>> <TirumaleswarReddy_Konda@McAfee.com>のメール:
>>>> 
>>>> Reviewer: Tirumaleswar Reddy
>>>> Review result: Ready with issues
>>>> 
>>>> 
>>>> I reviewed this document as part of the security directorate's ongoing
>>>> effort to review all IETF documents entering the IESG..  These
>> comments
>>> are directed at the security area director(s).  Document editors and WG
>>> chairs should treat these comments like any other last call comments.
>>>> 
>>>> This document provides a reference framework for OAM for SFC.
>>>> 
>>>> Comments:
>>>> 
>>>> 1. The document in Section 8 discusses various attacks (including both
>>>> security and privacy) but does not discuss any protection mechanisms
>>> other than proposing rate-limiting.  It is suggesting drafts proposing the
>> OAM
>>> solution should address the attacks but I don’t see any security
>> mechanisms
>>> discussed in draft-ietf-sfc-ioam-nsh to address the attacks.
>>>> 
>>> 
>>> Since the document already clarifies that it does not define solutions, it
>>> cannot define security consideration for those solutions, beyond saying
>> that
>>> those solutions ought to address security considerations in those areas.
>> Any
>>> security measures must be included and explained in the respective
>> solution
>>> document. I believe this comment requires potentially action on draft-
>> ietf-
>>> sfc-ioam-nsh but not on this draft.
>> 
>>    Yup. I see three solutions from SFC WG a) sfc-ioam-nsh b) ietf-sfc-proof-
>> of-transit (Experimental) c) penno-sfc-trace (Expired). sfc-ioam-nsh is the
>> only current standards track specification and it should address these attacks.
>> 
>>> 
>>> That said you are right regarding the specifics of the rate-liming
>>> recommendation. See the next answer for text.
>>> 
>>> Also, in re-reading Section 8, seems like this:
>>> 
>>>   To address the above concerns, SFC and SF OAM may provide
>> mechanism
>>>   for:
>>> 
>>> 
>>> Should say
>>> 
>>>   To address the above concerns, SFC and SF OAM should provide
>>> mechanisms
>>>   for preventing:
>> 
>>    Yes.
>> 
>>> 
>>> 
>>> 
>>>> 2. More discussion is required on the internal attacks.
>>>> (a) How are attack packets bypassing SFC detected and blocked ?
>>>> (b) How is sensitive information protected from eavesdroppers ?
>>>> (c) How is DoS/DDoS attack of misusing the OAM channel is mitigated ?
>>>> (d) Rate-limiting blocks both good and bad OAM probes and is a weak
>>> mitigation strategy. Anomaly detection (e.g., deep learning techinques)
>> and
>>> identifying the attacker look like a better strategy.
>>>> 
>>> 
>>> 
>>> This is a good point. How about.
>>> 
>>> OLD:
>>> 
>>>   The documents proposing the OAM solution for SF component should
>>>   consider rate-limiting the OAM probes at a frequency guided by the
>>>   implementation choice.  Rate-limiting may be applied at the SFF or
>>>   the SF . The OAM initiator may not receive a response for the probes
>>>   that are rate-limited resulting in false negatives and the
>>>   implementation should be aware of this.
>>> 
>>> 
>>> NEW:
>>> 
>>> 
>>>   The documents proposing the OAM solution for SF component should
>>>   consider rate-limiting the OAM probes at a frequency guided by the
>>>   implementation choice.  Rate-limiting may be applied at the SFF or
>>>   the SF.  The OAM initiator may not receive a response for the probes
>>>   that are rate-limited resulting in false negatives and the
>>>   implementation should be aware of this. To mitigate any attacks that
>>>   Leverage OAM packets, future documents proposing OAM solutions
>>>   should describe the use of any techniques to detect
>>>   and mitigate anomalies and various security  attacks.
>> 
>>    Works for me.
>> 
>>    Cheers,
>>    -Tiru
>> 
>>> 
>>> 
>>> Would that work?
>>> 
>>> Please feel free to suggest textual improvements or changes.
>>> 
>>> Thanks,
>>> 
>>> Carlos.
>>> 
>>>> Cheers,
>>>> -Tiru
>>>> _______________________________________________
>>>> sfc mailing list
>>>> sfc@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/sfc
>> 
>>    _______________________________________________
>>    sfc mailing list
>>    sfc@ietf.org
>>    https://www.ietf.org/mailman/listinfo/sfc
>> 
>

v2.23.0 | Report a Bug | By Email