Re: [secdir] secdir review of draft-ietf-mboned-deprecate-interdomain-asm-05
Leonard Giuliano <lenny@juniper.net> Tue, 17 December 2019 17:14 UTC
Return-Path: <lenny@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5391C120B85; Tue, 17 Dec 2019 09:14:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=JfICdOmp; dkim=pass (1024-bit key) header.d=juniper.net header.b=jx/7L8iM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 498fwMQdGap5; Tue, 17 Dec 2019 09:14:57 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B93DB120B80; Tue, 17 Dec 2019 09:14:57 -0800 (PST)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBHH8cAw020207; Tue, 17 Dec 2019 09:14:44 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=date : from : to : cc : subject : in-reply-to : message-id : references : mime-version : content-type; s=PPS1017; bh=WgK76I74TWx6tAih2/zC9m2PV+jq5bEmEnHtVlv+OtE=; b=JfICdOmp3aurEx6QO0blgeGl4EQzPb4GTaHOhv0ogmKJ8LMOHFCDz6Pflm9KnhBd1Ml5 C2MQ9LlFO55OGwA5q6WrUMx3CDltk+bQeNc4sjh8infsx34xhdn+oc1A/jnkuX1G4xqh YWeuw993AhvTmPlQej+pZ698lrjmFSHJBPkTtf6qzkvT0vYX/3fTa8BfOP1PKe6dOU0J BxS6e+C87ZKErx9TEEEj7qBjyxbTXUH3ncg1pX1WHBEcFAPyfZNkIvwjalT5aYrrG5UN X4rnGDc1S8zQHCwk3yvTerniJYqGwb1D4ohsnL5Gj+x+nF2uTgab0W9rVCpXeDeOZjXE uA==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2168.outbound.protection.outlook.com [104.47.55.168]) by mx0a-00273201.pphosted.com with ESMTP id 2wy1u4r63r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 Dec 2019 09:14:44 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VGWGpmgjiOvrv03ExMfdP81f9JDOOYPFa0dzLoBy6q4G9Ha2XG/+kzbxQiZi5kiUgtUKdyIDNHtekjv2MMVMYZa1bAmFi24+XDdwT06eGjFrEG0aCnscdP/bJclEPKLk57vurvHPwhN176Jh9MPfx7Ryl8TKdIwS+x+wD/AsxUOb3RQO6GTdo7mre2N4awXZwLxIgflnZx2OrKNqpl4HDLmyaEPa+4iAxx1Y/gpcK9xZEu21bd+9jew1VQopFaMl3eRbsI3LR/X+U4QI7TYYpRPqvmaHiqRaHmdH4BtQsf/84YsmR/beaZViOh4OCOFgv1TRbo3hdugdizLa9RYxig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WgK76I74TWx6tAih2/zC9m2PV+jq5bEmEnHtVlv+OtE=; b=Wc1odn0kszb7c3TW9xpvuPzf5JfSnwdYriScG/+qTKPiSo2RLV9wNn3ettkq5dPiMa3lVV32It4iNiKPbv/9oepK6j2bhioSdiQxM/NHZ0XCJc6LEQfuQSHNi9w6Jv6NkBvORRVf8GtSWAL5eJZN/TCjOjjgSOimYnzgMCxl2GeLh7qrbDigcWXfhSuyvCOEVCmWrRpoeYbXcFHLvdUXqKDI/z9T9Ic+axxPNCgTBP/xc9iyxzQszjDGlhp659O4aOHwlPFvfH7S+Dn6PmpglhS7eYl9+NYajiyork+rpiO0/yy90wdbIQhZLCLUD02f5Diu5ZXRK5BQ8y+i+OYPQA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.242.12) smtp.rcpttodomain=t-systems.se smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WgK76I74TWx6tAih2/zC9m2PV+jq5bEmEnHtVlv+OtE=; b=jx/7L8iMjhyCwibpnh+ORCSNgraixXy5aPIFeVzzoFe+NohqcwcCtbSGdwsmY16z7KXO4CkzIFlod4a+YI1PGPON96AiWFvOjqXiAb2ZjhVNiqASpjKZywvocPE1Ga2pvV9RBX0w6eWqeiaiaRBnRCsSCJQf+rwUg+udXChaqS4=
Received: from BN3PR05CA0034.namprd05.prod.outlook.com (2603:10b6:400::44) by MWHPR05MB3150.namprd05.prod.outlook.com (2603:10b6:300:b3::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.11; Tue, 17 Dec 2019 17:14:41 +0000
Received: from CO1NAM05FT005.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::206) by BN3PR05CA0034.outlook.office365.com (2603:10b6:400::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.9 via Frontend Transport; Tue, 17 Dec 2019 17:14:40 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.242.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.242.12) by CO1NAM05FT005.mail.protection.outlook.com (10.152.96.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2559.8 via Frontend Transport; Tue, 17 Dec 2019 17:14:40 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 17 Dec 2019 09:14:38 -0800
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 17 Dec 2019 09:14:37 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Tue, 17 Dec 2019 09:14:37 -0800
Received: from contrail-ubm-wing.svec1.juniper.net ([10.163.18.88]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id xBHHEYN7019805; Tue, 17 Dec 2019 09:14:34 -0800 (envelope-from lenny@juniper.net)
Received: by contrail-ubm-wing.svec1.juniper.net (Postfix, from userid 1709) id 239AE1236F2; Tue, 17 Dec 2019 09:14:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by contrail-ubm-wing.svec1.juniper.net (Postfix) with ESMTP id 1610A120AFE; Tue, 17 Dec 2019 09:14:34 -0800 (PST)
Date: Tue, 17 Dec 2019 09:14:33 -0800
From: Leonard Giuliano <lenny@juniper.net>
X-X-Sender: lenny@contrail-ubm-wing.svec1.juniper.net
To: David Mandelberg <david@mandelberg.org>
CC: secdir@ietf.org, iesg@ietf.org, draft-ietf-mboned-deprecate-interdomain-asm.all@ietf.org, mikael.abrahamsson@t-systems.se, tim.chown@jisc.ac.uk, tte+ietf@cs.fau.de, gjshep@gmail.com, ibagdona@gmail.com, warren@kumari.net, Colin Doyle <cdoyle@juniper.net>
In-Reply-To: <58b3d90c-185d-b285-865f-d02e23dd22ae@mandelberg.org>
Message-ID: <alpine.DEB.2.02.1912170904260.17774@contrail-ubm-wing.svec1.juniper.net>
References: <58b3d90c-185d-b285-865f-d02e23dd22ae@mandelberg.org>
User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.242.12; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(39860400002)(346002)(136003)(396003)(199004)(189003)(8676002)(54906003)(6266002)(107886003)(2906002)(336012)(426003)(6916009)(81156014)(5660300002)(81166006)(7416002)(86362001)(186003)(356004)(8936002)(70586007)(478600001)(76130400001)(316002)(4326008)(26005)(26826003)(70206006)(7126003); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR05MB3150; H:P-EXFEND-EQX-01.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0aaec9c1-2e8c-42f4-7a8d-08d7831499f1
X-MS-TrafficTypeDiagnostic: MWHPR05MB3150:
X-Microsoft-Antispam-PRVS: <MWHPR05MB315053C91EFEB994DF4333D8A4500@MWHPR05MB3150.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-Forefront-PRVS: 02543CD7CD
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ErRPqcx4e1s0nEgJjGadHGg1PDey9NXVuR6eAtB8GKQXFWbY1Wnkj8VEHg/glRnXQWMqQNEkKBoCv1/bd1ubrQCSpYagMVfBLpWbsSsiDVoHFmYfuWbll2apYt91BCHljHpBqXB7A12OJgBhOeTm3AXWSItQ237kBeQj/MgVwfGeAFrwp31KTexbbDppCsm4jJmBgLzdKuyyFoiAtBhqeMjQZAY+xn13VQ7cD/9vd5dPpoAcS6a/tCqMFOjc1KTk/SckE4zcUfIgok161jeamSWaLT9S/WylYpfl5BGGh4Koqc1V6UhWR8DEIqqH9tas3gukeGU4m9oxW+wSbfrLBYdgqH0/45ds4v8n312c3MZ50/6RqytxUjITnfOj8hj0GSA1st8EK3lrkb73AWfjla75glpBq0Yc6EKO3oVVv+6zCCwf89rE6OYiRly1g7hp
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Dec 2019 17:14:40.0527 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0aaec9c1-2e8c-42f4-7a8d-08d7831499f1
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.242.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB3150
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-17_03:2019-12-17,2019-12-17 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 adultscore=0 clxscore=1011 mlxscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 suspectscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912170135
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/SHTTM3LLqvXm2psExuxm-lZZ1JU>
Subject: Re: [secdir] secdir review of draft-ietf-mboned-deprecate-interdomain-asm-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Dec 2019 17:14:59 -0000
David, Thank you for your review. BCP38 is not really relevant for multicast, as RPF is baked into the cake when it comes to multicast. If anything, BCP38 can be thought of as making unicast behave the way multicast has always operated, as multicast forwarding is inherently based on the source address. Please let me know if this answers your question, or if I'm missing anything. Thanks, Lenny On Sun, 15 Dec 2019, David Mandelberg wrote: | I have reviewed this document as part of the security directorate's | ongoing effort to review all IETF documents being processed by the | IESG. These comments were written primarily for the benefit of the | security area directors. Document editors and WG chairs should treat | these comments just like any other last call comments. | | The summary of the review is Ready with issues. | | Section 3.2.3 talks about using source addresses for security. Doesn't that | security rely on adoption of BCP38? (Or does the multicast destination address | make BCP38 irrelevant here?) |
- [secdir] secdir review of draft-ietf-mboned-depre… David Mandelberg
- Re: [secdir] secdir review of draft-ietf-mboned-d… Leonard Giuliano
- Re: [secdir] secdir review of draft-ietf-mboned-d… David Mandelberg