Re: [secdir] Secdir early review of draft-ietf-idr-segment-routing-te-policy-18

Ketan Talaulikar <ketant.ietf@gmail.com> Tue, 19 July 2022 16:14 UTC

Return-Path: <ketant.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7FFDC14F719; Tue, 19 Jul 2022 09:14:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPWneOFtYYXY; Tue, 19 Jul 2022 09:14:29 -0700 (PDT)
Received: from mail-vk1-xa30.google.com (mail-vk1-xa30.google.com [IPv6:2607:f8b0:4864:20::a30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 562CAC157901; Tue, 19 Jul 2022 09:14:29 -0700 (PDT)
Received: by mail-vk1-xa30.google.com with SMTP id 7so5769802vkq.0; Tue, 19 Jul 2022 09:14:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NfGM4KqjiwFZw3lecweUvX1xWe/Vp5A/1NIWsa96aoI=; b=MGY0gMuZqLFiZQHiB5UwFZYjrrHCIzPl/CK0KBKnfDQVHpnypoi+Foz7YsTkmS73zp hwjsBmNjj+vZy/lOiIgJAwS9eSBLV67yx5QRrhTjQL7N/6SJoPXNAAQ0YA9yn18nAAtk 1YLf9eqpIGpvTJ8MZ99QyB6XfzBI9MnYS2x5VzmNRlXMJUs15FM1KIbSZfzK6dKRyo2M dU7qiFWWKjrBo76+Igg1zT8l6jalkcvjcj3QBls2ApS568DmDsmldgZL2UXWGZRKEz2j 204O/x+DtvkMOSing6HTbBDHIynR99k4o/NPAJKzq4Dy2+/bd5806G2fkqem4iJ6pQoj EwVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NfGM4KqjiwFZw3lecweUvX1xWe/Vp5A/1NIWsa96aoI=; b=DNjKrVPMi7AX/DS6P3LX734nIOf0OW5Yo4aNja1KM0FJQP8GUpf1Qun2+KX8Ap1Qe0 P2bcSeKjds/3QzAQZxBYIoT0GOE5/bTrdlgFAOsREpb45uFz0un4JHcexSEriIl8N5W8 uMw4sMuZQ5q4zUmtuNt/Wqx/nELf5FASogYXK7e0JVH4bV1+BBsO2qXbJ07Fl8N8klFS LGGIjONoOrI5rNhvCfz93/AyUKo7UCbcWSaorshFNApggFTd+qHhvgtXuCEktnuNAZ17 Rqh5WelCK6IeE1RB4CKtzVdR/QvXJPkCm+0EVa4xdqzVhvfe1kxDcdi7wCXWlMRm495u 42zg==
X-Gm-Message-State: AJIora8ioO5ZiVGY9QoMbHnMCsxO/6FytrT+u6qvupSKEapyWGcI+Jci 6dPYtScHADhmamP5TGqJVR5fUkNS6WUC3xkhoLUerYlg
X-Google-Smtp-Source: AGRyM1torApNG7uM4Vp1OLviM11Boe75QpMADr3y28OQyCT5sMenqlmGCgFXFSYDV9VZM56IKHpnIWr1wDRVk7PcOwY=
X-Received: by 2002:a1f:2cc3:0:b0:375:cfd6:d8e3 with SMTP id s186-20020a1f2cc3000000b00375cfd6d8e3mr1198552vks.33.1658247268458; Tue, 19 Jul 2022 09:14:28 -0700 (PDT)
MIME-Version: 1.0
References: <165815985911.41588.4687011809090979175@ietfa.amsl.com>
In-Reply-To: <165815985911.41588.4687011809090979175@ietfa.amsl.com>
From: Ketan Talaulikar <ketant.ietf@gmail.com>
Date: Tue, 19 Jul 2022 21:44:16 +0530
Message-ID: <CAH6gdPynGzAoeag3K+4SKXrkCoK6fNMgMw4fcjYH_yj2_xvSvQ@mail.gmail.com>
To: Vincent Roca <vincent.roca@inria.fr>
Cc: secdir@ietf.org, draft-ietf-idr-segment-routing-te-policy.all@ietf.org, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000062e54d05e42ac73b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Ni_dstaMMDP1w1qE2qRqkhW2nuQ>
Subject: Re: [secdir] Secdir early review of draft-ietf-idr-segment-routing-te-policy-18
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 16:14:29 -0000

Hi Vincent,

Thanks for your review.

All the sub-TLVs defined in this document are carried inside the Tunnel
Encapsulation Attribute which is defined by RFC9012. It is expected that
the reader is aware of that document and especially Sec 2 of RFC9012 which
specifies the design of the TLVs/sub-TLVs of this attribute. That said, we
will describe and clarify the units for the length field.

We'll post an update with these changes once the submission tool reopens.

Thanks,
Ketan


On Mon, Jul 18, 2022 at 9:27 PM Vincent Roca via Datatracker <
noreply@ietf.org> wrote:

> Reviewer: Vincent Roca
> Review result: Ready
>
> Hello,
>
> I have reviewed this document as part of the security directorate’s ongoing
> effort to review all IETF documents being processed by the IESG. These
> comments were written primarily for the benefit of the security area
> directors. Document editors and WG chairs should treat these comments just
> like any other last call comments.
>
> Summary: Ready
>
> I have no comment regarding the security part. Most issues seem fairly
> classic
> when dealing with BGP peering and the Security Considerations section
> reminds
> it's the responsibility of the network operator to guarranty that traffic
> is
> restricted to trusted domain/nodes. I don't know the domain but it seems
> reasonable.
>
> Otherwise, a minor comment.
> Section 2.4.1: I suggest being a bit more informative when describing Type
> and
> Length fields (this is the first mention of the packet format): >   o
> Type: 12
> >   o  Length: 6.
>
> There's no explanation and no unit.
> As I understand, 12 is a reserved value for a "Preference Sub-TLV", say
> it, and
> Length is 6 bytes long, encompassing the Flags, RESERVED, and Preference
> fields, say that too (at least the 1st time).
>
> Cheers,
>
> Vincent
>
>
>