Re: [secdir] review of draft-ietf-grow-large-communities-usage-06

Job Snijders <> Fri, 21 April 2017 08:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 282FF129A90 for <>; Fri, 21 Apr 2017 01:05:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id s7coihJULatk for <>; Fri, 21 Apr 2017 01:05:56 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 970B3129A9E for <>; Fri, 21 Apr 2017 01:05:55 -0700 (PDT)
Received: by with SMTP id w64so9799519wma.0 for <>; Fri, 21 Apr 2017 01:05:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=rEj/ZaAdlvTFy9r3RxeSfk+UYH+qn8Q5QzEDK+YtDFU=; b=j9SL2rB1/7ZSHrjYQzarhJeY5cK5YXrsKOLH8Ls9jOVmmBGanftym/K8tUdIzGU9cl LX007Nk3IXe8+d11r7CxeGrGBhiaE4HUwir1vN81DWJF3Iuhsxr2ohbE/I5e0eP7mxIA MPJGheWrPGWqVqLcvRcFKZQU5NRwliG5Tuq9bkrRbHZ4whrcMzQKK2SHrckrGKaD7HL2 b1YfIidKmIigH/1O6/ZxKticDv9Gzlm9YiicuUZA6Taj2QFUcwvnf8pJKmLsqZs32km8 kz3zs6erfY1efqHFsdfwpfM4kT6vJ6zLvglyuACm7QIazyr1BgNODZ+6m71tCFASnpPR UR8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=rEj/ZaAdlvTFy9r3RxeSfk+UYH+qn8Q5QzEDK+YtDFU=; b=ocLYdyc7YhWB0ROOEiXIqeuRNkOANkpg3ZShatw1C928IsghLFt3psDrbCBYCRr8UR i9C1Qrjc8AK49OwIgotaIO+nPpKQMSXvhXE2PwTtSv1F/cDui5TYY9gIrH+IF+KQgAle 5sRvPWg2/BYaYwEBvxZpIqY1jYIHQtlx+iSy/POkD6I0WnTgAHStDy4ipeIVUeUFu/ah tJPdALADUOewmdJWDja6hxcIgOXeuwW6iw83+LQXh8Jadmy6uXX9juj955ZXHEiG9fgR CmSNMT1eMZK0Eio7RJuptd3ahBHg4jGZAoNCe4+nFV3ib4tprKRwLRHC4Zqlhl1pc/T7 MjpA==
X-Gm-Message-State: AN3rC/5ptTpoJU/wrvKhZuEgYz0pq7ltCfI+Je18An6QUSkG6tLT8NpZ unJubLewTm6LlQ==
X-Received: by with SMTP id x18mr6934780wma.64.1492761953961; Fri, 21 Apr 2017 01:05:53 -0700 (PDT)
Received: from localhost ([2001:67c:208c:10:60e6:77e2:3793:28ea]) by with ESMTPSA id w186sm1026804wme.26.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Apr 2017 01:05:52 -0700 (PDT)
Date: Fri, 21 Apr 2017 10:05:50 +0200
From: Job Snijders <>
To: Klaas Wierenga <>
Cc: The IESG <>,,
Message-ID: <20170421080550.tv4eb5hs4uzac2c3@Vurt.local>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: NeoMutt/20170306 (1.8.0)
Archived-At: <>
Subject: Re: [secdir] review of draft-ietf-grow-large-communities-usage-06
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 21 Apr 2017 08:05:59 -0000

On Fri, Apr 21, 2017 at 09:57:38AM +0200, Klaas Wierenga wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments. 
> This document presents examples of how operators may use BGP large
> communities to support some typical use-cases.
> In general the document is well written and I have no major issues,
> and I consider it: ready with nits (see below)
> My one nit is that even though I think that the statement in the security considerations "Operators should note the recommendations in Section 11( of BGP
> Operations and Security
> [RFC7454(]” is largely true, it
> would be useful if the authors would expand a little on that, not
> being an expert in this field, I am wondering if the use-cases you
> describe in one way or the other influence the RFC7454 considerations.

In -07 - following the GenART review we expanded the security section,
does that address your nit?

Kind regards,