Re: [secdir] review of draft-ietf-grow-large-communities-usage-06

Job Snijders <job@instituut.net> Fri, 21 April 2017 08:05 UTC

Return-Path: <job@instituut.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 282FF129A90 for <secdir@ietfa.amsl.com>; Fri, 21 Apr 2017 01:05:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=instituut-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7coihJULatk for <secdir@ietfa.amsl.com>; Fri, 21 Apr 2017 01:05:56 -0700 (PDT)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 970B3129A9E for <secdir@ietf.org>; Fri, 21 Apr 2017 01:05:55 -0700 (PDT)
Received: by mail-wm0-x22d.google.com with SMTP id w64so9799519wma.0 for <secdir@ietf.org>; Fri, 21 Apr 2017 01:05:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=instituut-net.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=rEj/ZaAdlvTFy9r3RxeSfk+UYH+qn8Q5QzEDK+YtDFU=; b=j9SL2rB1/7ZSHrjYQzarhJeY5cK5YXrsKOLH8Ls9jOVmmBGanftym/K8tUdIzGU9cl LX007Nk3IXe8+d11r7CxeGrGBhiaE4HUwir1vN81DWJF3Iuhsxr2ohbE/I5e0eP7mxIA MPJGheWrPGWqVqLcvRcFKZQU5NRwliG5Tuq9bkrRbHZ4whrcMzQKK2SHrckrGKaD7HL2 b1YfIidKmIigH/1O6/ZxKticDv9Gzlm9YiicuUZA6Taj2QFUcwvnf8pJKmLsqZs32km8 kz3zs6erfY1efqHFsdfwpfM4kT6vJ6zLvglyuACm7QIazyr1BgNODZ+6m71tCFASnpPR UR8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=rEj/ZaAdlvTFy9r3RxeSfk+UYH+qn8Q5QzEDK+YtDFU=; b=ocLYdyc7YhWB0ROOEiXIqeuRNkOANkpg3ZShatw1C928IsghLFt3psDrbCBYCRr8UR i9C1Qrjc8AK49OwIgotaIO+nPpKQMSXvhXE2PwTtSv1F/cDui5TYY9gIrH+IF+KQgAle 5sRvPWg2/BYaYwEBvxZpIqY1jYIHQtlx+iSy/POkD6I0WnTgAHStDy4ipeIVUeUFu/ah tJPdALADUOewmdJWDja6hxcIgOXeuwW6iw83+LQXh8Jadmy6uXX9juj955ZXHEiG9fgR CmSNMT1eMZK0Eio7RJuptd3ahBHg4jGZAoNCe4+nFV3ib4tprKRwLRHC4Zqlhl1pc/T7 MjpA==
X-Gm-Message-State: AN3rC/5ptTpoJU/wrvKhZuEgYz0pq7ltCfI+Je18An6QUSkG6tLT8NpZ unJubLewTm6LlQ==
X-Received: by 10.28.74.18 with SMTP id x18mr6934780wma.64.1492761953961; Fri, 21 Apr 2017 01:05:53 -0700 (PDT)
Received: from localhost ([2001:67c:208c:10:60e6:77e2:3793:28ea]) by smtp.gmail.com with ESMTPSA id w186sm1026804wme.26.2017.04.21.01.05.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Apr 2017 01:05:52 -0700 (PDT)
Date: Fri, 21 Apr 2017 10:05:50 +0200
From: Job Snijders <job@instituut.net>
To: Klaas Wierenga <klaas@wierenga.net>
Cc: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-grow-large-communities-usage.all@ietf.org
Message-ID: <20170421080550.tv4eb5hs4uzac2c3@Vurt.local>
References: <etPan.58f9bb72.55a43bc4.35d@wierenga.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <etPan.58f9bb72.55a43bc4.35d@wierenga.net>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: NeoMutt/20170306 (1.8.0)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/T4xX2o_TrMIRVQ1Z2u25wGvxR0U>
Subject: Re: [secdir] review of draft-ietf-grow-large-communities-usage-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 08:05:59 -0000

On Fri, Apr 21, 2017 at 09:57:38AM +0200, Klaas Wierenga wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments. 
> 
> This document presents examples of how operators may use BGP large
> communities to support some typical use-cases.
> 
> In general the document is well written and I have no major issues,
> and I consider it: ready with nits (see below)
> 
> My one nit is that even though I think that the statement in the security considerations "Operators should note the recommendations in Section 11(https://tools.ietf.org/html/draft-ietf-grow-large-communities-usage-06#section-11) of BGP
> Operations and Security
> [RFC7454(https://tools.ietf.org/html/rfc7454)]” is largely true, it
> would be useful if the authors would expand a little on that, not
> being an expert in this field, I am wondering if the use-cases you
> describe in one way or the other influence the RFC7454 considerations.

In -07 - following the GenART review we expanded the security section,
does that address your nit?

https://tools.ietf.org/rfcdiff?url2=draft-ietf-grow-large-communities-usage-07.txt

Kind regards,

Job