Re: [secdir] secdir review of draft-ietf-ospf-node-admin-tag-05
"Acee Lindem (acee)" <acee@cisco.com> Wed, 14 October 2015 12:11 UTC
Return-Path: <acee@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 305561A1B4B; Wed, 14 Oct 2015 05:11:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IdZd2Pjm1ruT; Wed, 14 Oct 2015 05:11:15 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3609B1A1B19; Wed, 14 Oct 2015 05:11:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3606; q=dns/txt; s=iport; t=1444824676; x=1446034276; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Mc+xs0s1EPu82D3jIffADOxfaUMqTBAt2I3czgMiUVE=; b=AL75tOOcUVqzeE+uzX/9u9Wxx5i2QliOKpHbyIrfcG8CWNoDaNL4t/dY tSZwzuruzBzsX585ViXUhPrqnz9g8XWrxp5zG25D6v0o3GhF106MX1C0c vH6h7HYTkDw0F0yRMgLzLvWoLPurDYxhCcxRhrj3b7TU8c1zJ6JI9ihxU U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BgAgAURh5W/5pdJa1eDoMYgUIGvX0BDYFagxOCCn8CHIEgOBQBAQEBAQEBgQqEJwEBBCMRRRACAQgYAgImAgICMBUQAgQOBYguryOTPwEBAQEBAQEBAQEBAQEBAQEBAQEBAReBIopShFozB4JpgUUBBJYVAY0anAkBHwEBQoIRHYEWPnGFaYEGAQEB
X-IronPort-AV: E=Sophos;i="5.17,681,1437436800"; d="scan'208";a="41317759"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Oct 2015 12:11:15 +0000
Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id t9ECBESS005626 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 14 Oct 2015 12:11:14 GMT
Received: from xch-rcd-015.cisco.com (173.37.102.25) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 14 Oct 2015 07:11:00 -0500
Received: from xch-rcd-015.cisco.com ([173.37.102.25]) by XCH-RCD-015.cisco.com ([173.37.102.25]) with mapi id 15.00.1104.000; Wed, 14 Oct 2015 07:11:00 -0500
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Thread-Topic: secdir review of draft-ietf-ospf-node-admin-tag-05
Thread-Index: AQHRAtRkZED+3D3sTk6f1e8MGzkzuJ5lMHaAgATWidGAABZXAIAARf4A//++TICAANxhgA==
Date: Wed, 14 Oct 2015 12:11:00 +0000
Message-ID: <D243BD35.351B8%acee@cisco.com>
References: <alpine.GSO.1.10.1510091159450.26829@multics.mit.edu> <D23ED021.34690%acee@cisco.com> <BY1PR0501MB1381A8D06B804AE4508F371AD5320@BY1PR0501MB1381.namprd05.prod.outlook.com> <alpine.GSO.1.10.1510131547130.26829@multics.mit.edu> <D242FF5D.34EA7%acee@cisco.com> <alpine.GSO.1.10.1510131856050.26829@multics.mit.edu> <D2430569.34EFD%acee@cisco.com>
In-Reply-To: <D2430569.34EFD%acee@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.152.199]
Content-Type: text/plain; charset="utf-8"
Content-ID: <E0791B81C4602745AAB0D05E5F2E340A@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/TbPgg7rFkXQ-QCaSwc0b3KS5hGs>
Cc: "draft-ietf-ospf-node-admin-tag.all@ietf.org" <draft-ietf-ospf-node-admin-tag.all@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, Shraddha Hegde <shraddha@juniper.net>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-ospf-node-admin-tag-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2015 12:11:17 -0000
Hi Ben, On 10/13/15, 7:02 PM, "Acee Lindem (acee)" <acee@cisco.com> wrote: > > >On 10/13/15, 6:57 PM, "Benjamin Kaduk" <kaduk@MIT.EDU> wrote: > >>On Tue, 13 Oct 2015, Acee Lindem (acee) wrote: >> >>> >>> On 10/13/15, 6:27 PM, "Benjamin Kaduk" <kaduk@MIT.EDU> wrote: >>> >>> >On Sun, 11 Oct 2015, Shraddha Hegde wrote: >>> > >>> >> >(easily) be unset. Would force-expiring an LSA be enough to reset >>>the >>> >> >tag, or something else? >>> >> >>> >> Yes - this is standard for any OSPF LSA. However, since the OSPF RI >>>LSA >>> >> may include other TLVs or even other tags, a tag could also be >>>withdrawn >>> >> by reoriginating the RI LSA without the TLV or with a TLV that >>>doesn’t >>> >> include the withdrawn tag. >>> > >>> >I may still be confused, but I did not interpret the text in that way. >>> >That is, the text about "all instances of the RI LSA originated by >>>that >>> >node". (Which I changed to "instances of RI LSAs" in my grammar >>>edits, >>> >possibly incorrectly if I'm still confused.) I was interpreting the >>>word >>> >"instances" to include historical ones over time, so that even if an >>>RI >>> >LSA carrying a particular admin tag was replaced by a different RI LSA >>> >for the same advertising router, the old one would still be an >>>instance of >>> >that RI LSA. Going back to RFC 2328, I'm not sure what exactly I had >>>in >>> >mind in terms of ages and scopes and sequence numbers that would cause >>> >this >>> >situation, but I somehow had it in my mind that there could be >>>multiple RI >>> >LSAs active at the same time that apply to a given node, such as if >>>the >>> >admin just added a new RI LSA containing only the admin tag to augment >>>the >>> >existing RI LSAs being sent. Is that possible? >>> >>> In OSPF, a more-recent version or instance of an LSA will always >>>supersede >>> all previous instances of the same LSA. >> >>Thanks for clarifying. So, this is a non-issue, and the only question is >>whether the text could/should be changed to improve clarity. > >Let me think about this since it is a generic OSPF RI ambiguity and it >will affect multiple documents. In a WebEx right now though… The key point here is that an OSPF router only maintains the most-recent instance of an LSA in its Link-State Database. So, there shouldn’t be any ambiguity. Perhaps, the text could be changed to “all RI LSA instances in the Link-State Database (LSDB) advertised by the corresponding OSPF router.” Thanks, Acee > >Thanks, >Acee > > > >> >>-Ben >
- [secdir] secdir review of draft-ietf-ospf-node-ad… Benjamin Kaduk
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Acee Lindem (acee)
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Acee Lindem (acee)
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Benjamin Kaduk
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Benjamin Kaduk
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Acee Lindem (acee)
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Benjamin Kaduk
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Acee Lindem (acee)
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Acee Lindem (acee)
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Benjamin Kaduk
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Benjamin Kaduk
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Acee Lindem (acee)
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Acee Lindem (acee)
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Shraddha Hegde
- Re: [secdir] secdir review of draft-ietf-ospf-nod… bruno.decraene
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Shraddha Hegde
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Shraddha Hegde
- Re: [secdir] secdir review of draft-ietf-ospf-nod… bruno.decraene
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Shraddha Hegde
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Shraddha Hegde
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Shraddha Hegde
- Re: [secdir] secdir review of draft-ietf-ospf-nod… Shraddha Hegde