Re: [secdir] Secdir last call review of draft-ietf-ospf-xaf-te-07

"Acee Lindem (acee)" <acee@cisco.com> Wed, 21 August 2019 12:07 UTC

Return-Path: <acee@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7811120119; Wed, 21 Aug 2019 05:07:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=LEjLnnEP; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=MqrzTmMU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fydO0VbgkifI; Wed, 21 Aug 2019 05:07:09 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15B101200F8; Wed, 21 Aug 2019 05:07:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1946; q=dns/txt; s=iport; t=1566389229; x=1567598829; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ZTRl+3FOCoyb0pYU6qotISN+bPIBsy7Wf0I+DRBpw7w=; b=LEjLnnEPldEe9JrHofjgQs8EcmDzkubNTmeDEhO53b2kt/rpwCyeiFkW oGwNoTPh2xZuvd40Xn/POW+1W00qxpXesCr3JZRVxhtGuyo5/ywS9JBBN +zBMu1buQiZfIgi1MBir6YYZQ6y0mBuAoozyNy96gCfsTD+V9LYzH/SHk 8=;
IronPort-PHdr: =?us-ascii?q?9a23=3AjdKmmhzhUNZQfpnXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5YRGN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A+GsHbIQKUh?= =?us-ascii?q?YEjcsMmAl1CcWIBGXwLeXhaGoxG8ERHFI=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AIAAAsM11d/40NJK1lGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBUwUBAQEBCwGBRCQsA4FCIAQLKoQfg0cDhFKGKppBgS6BJAN?= =?us-ascii?q?UCQEBAQwBAS0CAQGEPwIXgkUjNAkOAgUBAQQBAQMBBgRthScMhUsCBBIREQw?= =?us-ascii?q?BATcBDwIBCBoCJgICAjAVEAIEAQ0FIoMAgWsDHQECn0ACgTiIYXOBMoJ7AQE?= =?us-ascii?q?FhRgYghYJgQwoAYtoGIF/gTgfgkw+hESDCzKCJo8XnEIJAoIdkESDdRuYRo1?= =?us-ascii?q?bmA4CBAIEBQIOAQEFgVA4gVhwFWUBgkGCQoNyilNygSmLfgEB?=
X-IronPort-AV: E=Sophos;i="5.64,412,1559520000"; d="scan'208";a="398802441"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Aug 2019 12:07:08 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id x7LC78gM027305 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 21 Aug 2019 12:07:08 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 21 Aug 2019 07:07:07 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 21 Aug 2019 08:07:06 -0400
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 21 Aug 2019 07:07:06 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QI1PWfT8o2p/12KgcAFJNGjfNLCmwClS+j/oyXbyjF3S4PX9DnD5Wjj/Z+kDssGNh62HkRsk1RT9ARQpeH5FyQLvJjALjoaNdp7n+wE+3jRYY+NOSq3stmNIq9XPFF7OVsn0tesG9i9gTBwzYurisvhlcdCKEFPOEubqGwGRgnCzUw7DMPckhg3tA5C0BaIgYSbDURp9npujRBjSch9NROmDKf06oulbpwmOIZ2nfJzFvnkthXpWQp9S6OvmAtIEhcxL+4dCFKBLqWHqxRciZRzwNFeS+d3inhyC7VB0+6k5+ZoeQPpru60OXZu2T7PUNSnRhKzdsILG22FPbL1D8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZTRl+3FOCoyb0pYU6qotISN+bPIBsy7Wf0I+DRBpw7w=; b=eK0fT43irQFyHxrkYhmFTUoVnaTqUhl/T2eW9GbUSNuY1NWCd7V3UtjRE7ORszO7VS7D3yQqCEw8pJMJ6jnP1gMIw9u5N2WEfkdQq+6dgCg9GIUXrBYZLkB1DrHUy6PI5G/RKCjuHmbmSpXrP+XmCifDe+A11loM8dyTDFuBqZ7xlvVuUVWJ87JYghW9bc3KIqLUm+Abhej0f5rYcdZmtrAaoS3OKp0z967xMezK/urxfOc61l5Sfi0/GgkJIFec1Zp+eVx7FYAOzi/pJ+LRDs76Yz36/77khSkAjPrnnUdKpV11SI/2EbV4RBwOO8DIrz26BMyWqUle3iIMsIs2Pg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZTRl+3FOCoyb0pYU6qotISN+bPIBsy7Wf0I+DRBpw7w=; b=MqrzTmMUQwlEt9Vq7It8amcMyIxbHywoHOHnlIKmFTxAwaj+cRf5Cpp2WEunbM8VaVQFtytLD//JZv0RfTY7RxkAvEaViouXX7EiDMeqAqmUjgW3rVD9EDcHFn+o/YlozjzgCRnHyrZcrK6vqMQEMcUkBJk/Ak5cEtcEya6QcrQ=
Received: from MN2PR11MB4221.namprd11.prod.outlook.com (52.135.38.14) by MN2PR11MB3568.namprd11.prod.outlook.com (20.178.251.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Wed, 21 Aug 2019 12:07:05 +0000
Received: from MN2PR11MB4221.namprd11.prod.outlook.com ([fe80::859c:f271:3be2:74e0]) by MN2PR11MB4221.namprd11.prod.outlook.com ([fe80::859c:f271:3be2:74e0%3]) with mapi id 15.20.2178.020; Wed, 21 Aug 2019 12:07:05 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "lsr@ietf.org" <lsr@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-ospf-xaf-te.all@ietf.org" <draft-ietf-ospf-xaf-te.all@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-ospf-xaf-te-07
Thread-Index: AQHVWBV9HutM5zDlckOJcOKXimRCFacFPqoA
Date: Wed, 21 Aug 2019 12:07:04 +0000
Message-ID: <0B17F3B3-401E-47CC-AA68-61EAE5DFEF23@cisco.com>
References: <156638772406.25805.16453148781314116651@ietfa.amsl.com>
In-Reply-To: <156638772406.25805.16453148781314116651@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=acee@cisco.com;
x-originating-ip: [2001:420:c0c4:1007::de]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 008c42f8-b7a9-416f-b7e9-08d72630152b
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB3568;
x-ms-traffictypediagnostic: MN2PR11MB3568:
x-microsoft-antispam-prvs: <MN2PR11MB3568FEF9F2FFCF74719D8E2EC2AA0@MN2PR11MB3568.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0136C1DDA4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(396003)(39860400002)(376002)(136003)(199004)(189003)(6506007)(66946007)(66556008)(102836004)(316002)(54906003)(2906002)(11346002)(110136005)(186003)(8936002)(81166006)(81156014)(478600001)(25786009)(8676002)(4326008)(6246003)(53936002)(5660300002)(229853002)(86362001)(14454004)(33656002)(6116002)(6436002)(486006)(6486002)(7736002)(2501003)(46003)(99286004)(6512007)(2616005)(476003)(14444005)(256004)(76176011)(446003)(64756008)(305945005)(66476007)(36756003)(76116006)(66446008)(71200400001)(71190400001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3568; H:MN2PR11MB4221.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: gylG9VjPDLiscdT+lurd8z8NyR7fBZIUyf6CMg2O4F057MToXK9YYO5KkRNkwUF0nqCHaZFXrq6g3najcTe8Vqcg6cTiK34z3p44lkHlxFwrcymDbGeScOuOsamA2fV6yXP7qYqGpD2oMcS+GihACx9ejnJDOUONhypZ1Im3uwIcUWGm+59ff6YNiIw1xMOTqyxlfj7gUrsOnYBjcCYxJ5+t+DNEhJaOtSiXI+ZNd6rW+ZqovQgUUXkK5rw/6ruQ3ruY2yUpIqpthrrHxom1eqJ5GnpcYtFGNvlb1lwvYJCN1wZMTRJ5BXn3vAcZePFu/igW6Uw2qSzjOmh1uORzkYNKYZSD9P85fZoNYtnUbU59ytabwLpctpo7O7ol3pVibgOTxTH4fSNB8Liz+v3SxDA7mpMMJGGrkKCkvJQMOTA=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <1EB9B8948E6D3C4EBB7ED9C96963E3A8@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 008c42f8-b7a9-416f-b7e9-08d72630152b
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2019 12:07:04.9927 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LCuOMfVESEnkuZH7jhtEolw3cwzTv2vrr0VLhYhwDQPRf+S/EId7LxOTeW3CeEGs
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3568
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/donboHWRDmNyypWycew2wG6GC5o>
Subject: Re: [secdir] Secdir last call review of draft-ietf-ospf-xaf-te-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2019 12:07:11 -0000

Hi. Kathleen, 

´╗┐On 8/21/19, 7:42 AM, "Kathleen Moriarty via Datatracker" <noreply@ietf.org>; wrote:

    Reviewer: Kathleen Moriarty
    Review result: Has Nits
    
    I apologize for the very late review.  I see you are already working on Roman's
    discuss, so perhaps this nit could be addressed still.
    
    In the security considerations section, the following text is included:
    
       As such, no new
       security threats are introduced beyond the considerations in OSPFv2
       [RFC2328], OSPFv3 [RFC5340], and [RFC5786].
    
    However, new considerations follow and as such, the above statement isn't
    entirely accurate.  I do agree that no security is provided in these protocols,
    and that is not new, but new information is exposed.  Perhaps saying additional
    considerations follow would be better than saying "no new security threats are
    introduced".

As document shepherd and LSR WG Co-Chair, I disagree. There is no new information exposed. This draft simply enables the TE endpoints from both IPv4 and IPv6 to be advertised in either OSPFv2 or OSPFv3 rather than relegating advertisement of IPv4 TE information to OSPFv2 and IPv6 TE information to OSPFv3. If anything, it improves security by reducing the surface area for attacks to a single protocol rather than both protocols. 

Thanks,
Acee
    
    Thank you,
    Kathleen