IETF Logo Mail Archive

Re: [secdir] Secdir last call review of draft-ietf-rift-applicability-14

Antoni Przygienda <prz@juniper.net> Thu, 18 April 2024 19:19 UTC

Return-Path: <prz@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF7A5C14F69F; Thu, 18 Apr 2024 12:19:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.843
X-Spam-Level:
X-Spam-Status: No, score=-4.843 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="YWACJt2G"; dkim=pass (1024-bit key) header.d=juniper.net header.b="dLqpTdQo"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tsoIuBDlvc1w; Thu, 18 Apr 2024 12:19:17 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B92B7C14F6B0; Thu, 18 Apr 2024 12:18:38 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 43IG25RX015651; Thu, 18 Apr 2024 12:18:37 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; s=PPS1017; bh=nbAwzP+xAbiokpZFmzB9DGyoj8wJOnYgAsLQXRRaWg4=; b=Y WACJt2GEDiMQm6l5JKOupa9F95PBgTTipwLi7IFzTmU/VAFUEyrntlU7MqAvSERU CukfpHCMflMwa9ZWIquSflJ9R7AvFqVOZkzGUhT7aD51u+kOTU8Vel0t6nt0zK6P 6v39qEQ/f5rfoAHWyhIhz/Qt17xE7S/kWVPtcKaKRURhk2R0eUNKlRU4OlDyLljq ARTTqIIl8ETXuP9GqfnaaTPKggcAEjDAsfsN4vqVNW4yxkeGrFSi9Nirv80iHV1u TpEYyUGRhLaHUoSjs5gXj0X6NVCi3u7K/imuMtoFA+H79qwN4C3icHEa9B2ZZJgC QxQm13YuQwMs+iz3HdPBA==
Received: from sj2pr03cu001.outbound.protection.outlook.com (mail-westusazlp17010000.outbound.protection.outlook.com [40.93.1.0]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 3xhyw4n0nc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 Apr 2024 12:18:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RpZTuxix32dONh5Tp+tz6xSn+WFka7cxTNvNR22F75Rf8HlJXWhKMKcjtfuxbRm8l56sb0D9fEH3egK7Uq/Ko/Ar8U7ZWODqgwhdSTN1krcvQZ9MQ3wbcWYL0hb+R1vM8eLOckyczEAndrhEkSJzF2mmGEM4NIQfyqETE5eV3o0vPGKJ2qjq2m/hSmfPEyU4IkTd19wX5Jnifk8ABueaxi/UGtXZtSqsVL0Arn300xg5ED3p1j6855aX1z4R6wNTDEkWTG2D5ihpFuHuRrTwBJxrc36Doxy2g9TlWnB1BxUfQiLB1hZW2gHsE/hz7aH/ldQhLsCBs2awiEDHNv4lnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nbAwzP+xAbiokpZFmzB9DGyoj8wJOnYgAsLQXRRaWg4=; b=Q2p5J12WEXUvlBI0eYeIbspC0Ro8t7UApyS0xvxkuoPOHbVnPCZ9Y88szGzyrSmOIzXJpZ726YuoLHY5nSzQVP8eIuENB/UA+rvNH/ZC6it/u0Ca1DqWhwg1Qxf+rv2Vkj2Oyw2MzU7fBSxwJIEO2ZQbUc7RH+tUviqgX96jvO8wETgcxf6faZahAHMWhC7+CPFKQOWc2bfwjS1Tu+kyDx75zxtsR3zcI3cQnHxTsc6iMHz+ZniW/jd7Wj11RB70HeRFxHrLQHhafh04PGM4b68grdZ++t3SqqwnpskTggrkzzWtlVYEU1I+R9N/c3ucFWHSylmETvIgZJ7xMTIfzw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nbAwzP+xAbiokpZFmzB9DGyoj8wJOnYgAsLQXRRaWg4=; b=dLqpTdQogFl98mMSVAuHMJVvZWKK/JhIJlUSgajVWN7r2E3GGHv8BCZcQkeClbB/yhYL/iCqY8NQWGO/+97bAuYywKJXwTAdEeOLgaXNH77Pvn0nre6guFexLDXTUGu5e7oq1UOOrIXEJ29jrvaJti5FHG0Hzq9AK3gmIWHx1aI=
Received: from CO6PR05MB7796.namprd05.prod.outlook.com (2603:10b6:5:340::19) by SA0PR05MB7420.namprd05.prod.outlook.com (2603:10b6:806:b2::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.37; Thu, 18 Apr 2024 19:18:34 +0000
Received: from CO6PR05MB7796.namprd05.prod.outlook.com ([fe80::d2df:81b3:5c62:6a8]) by CO6PR05MB7796.namprd05.prod.outlook.com ([fe80::d2df:81b3:5c62:6a8%6]) with mapi id 15.20.7452.046; Thu, 18 Apr 2024 19:18:34 +0000
From: Antoni Przygienda <prz@juniper.net>
To: Watson Ladd <watsonbladd@gmail.com>
CC: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-rift-applicability.all@ietf.org" <draft-ietf-rift-applicability.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "rift@ietf.org" <rift@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-rift-applicability-14
Thread-Index: AQHakcMCppJT1VXYuE+WCfzO4Kp8HLFuZuEA
Date: Thu, 18 Apr 2024 19:18:34 +0000
Message-ID: <152A3F33-B9D4-4BA9-BC53-852D2745349A@juniper.net>
References: <171346691888.35849.11446635845987775680@ietfa.amsl.com>
In-Reply-To: <171346691888.35849.11446635845987775680@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.4)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO6PR05MB7796:EE_|SA0PR05MB7420:EE_
x-ms-office365-filtering-correlation-id: 689ca687-e9eb-4575-5bcc-08dc5fdc5791
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7c0GlPljshakk4nXfBRtli1fXl/SCl45HAc8vk4rXylhkJvXXsRlzaZl8MV17O4ntZAMLHFhB0oMY3HBQYVTsfULoCHKv4ddLzMpA6S5QyjbDBEG1NxyOIXZP9NYZkbEaF6c27p863mfSReSjmuAIdE/pYJD4eAWuqZ+vUBvwi60/mEy/hK3rBG49hgftSMaee3cXeZU3CeAysQ/i2oDe70mQ27HlRQu0IzguWhXbijeLINArsHeY15k68w2AZ81DVraYmPw+jFsS+WGZ/pyrPbtSC0KSsy/BMaIJPl0i8nV8ArVdd1SpmGMOW1HXCvRZPz30S21Qv3lHAA3rZ7R0ITgM/bjyUAbFzzUTB//2Uf1Z6OZ8PeTT4b3VGrD6neoGSQ+OlNFPPH3SRKgk/1kGR+B5RHhfA32JzFxMELy2pNVyPW2nkxzPeaxOUnEo9ULBtwP0rgfv9VQ44eUbkYLkVwgbq24geKdiu/3rRA+0Tkklf0al7mDI4djxAUDSdrZbHL4f/LN323m2BefMs7ojEfA/lWTwliwic63isjZ91TQebjqSzHyTKw2E4tPwluvgxPBAP6JqqksYcxQBGVzE7xICKO2FLaE+j/uVf2s3kvsOvqt9xX6xieeNFpn2CxWmSrzoNNJe+7DG8cvYzAxSS2O85Wf4oaOXlFPa0tC/NkPOiNgcftQXOfvgCCJh+Z5Qp0/9aToqBFe9hzu3NM1vNdHxl9L7EZyWKZugKXwTnDqXw6rb9za4JM/AYV2xRNyCEZIW3hNps8RrHZIw067EsQcaVV+oBYcjaMJ8oDKFMn5M2yY7tfX1YTY55YTtyNpoYyjvMjdKbBUoqfOLzql+Dmq0+CpA92Npf+DpiyhzxGAt60qum4EZWccRBTg5L8GtKT4rKvexitnEW4cEojlLIik8REmhUr15JIACy/IN3Eb9U/rQ3uBB6lhnFkhXwixEpX1cwG5bIqT8G6wHjBnsIh1EpV40EJjy8LmJd8s48QaU4SqqqKREne2ehAa8Tgwm0CEdbRrHcz0PeQn6G1v9zVoD7snLVpc95yzSN15iCgB48XFECIjMVa4Vwftu9v8pnVz7dZ61K+c8bNwoFmpSPQEXce9oHd3pjhMqFzQGghlem0rDYaHWB9W/0T4UcadClEniUhVxbRg65COClhtpf1yTi2IkZcupDtP1FP1nOASYw7Mdi7Xc/leHfVjvhlHTZDyfu9uvdQb8ZblPiMx597YXhsQ9Id9C3X2maJvcYdNWALwGZTPAUCD+8w3Z6t17D4OWNAuKRAmbFbVy7TWxXrX8bIp0daOvjg6KFH+Lrx88U7QHAnR0i8xbFUWqmgiRw7eI/Tcx/BU8sHOHDcQ8w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR05MB7796.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 3i26LF9AwrqXZwh3Nisjvr8lHG61xImDOk5pEHSmzE+K6BS/APyEwn6FIa2uAAgfIQ8Q1eHp8k2+ezFCIXCVEqfahq19T5qO/8fcvREyXCELsmu8LPWifVse0N6rdhXC6Kq8LLoGdkOeJwsEiOxa4xFfiARnGVgf3IxdgScFRCNR2btXcMvWKJvPSicITYYFRrH35AR1Ai0SDkJgb3PRyRLP/NZiTYhT06QRVkh0isZeVMcGpeFo33vZI7zowmbjJ2diDcItvcz7PLRwoWUwOgDuT8UE+T48KvjaxVM/iwUn/m4T43FkPIBKy6b0wN9VTpkKmdwln7RzzaJN8P0SPMNoAdVlDjttK/NbZBvhX6g5FZg6j/wz9R8WH8dTZ+KJWImTfLRgWeg1bq76WkXhn/KM02jsN7maK/lpyRcxg97CiOB10srxxPLVzkCBwQAAavbWNmAxBAXtu68UFKgblblIcZ8q78beyvoBpOf+u/bPgCdZ+ORlqc4SITpLuZEKcRAl0gpPXtT4kHMmZWZdq4rR47el/1XLTdQfkkQZpw7iDKF2bVm12gWGPNwCAQE7/IQpJq6+guxgip2uoVOOANVTsCT+aQzcG2Bl4gdInFxKrbiXrEmlp8Sjhaa+e5yBVP+lMdol8ObdCPNhp8twT4hygk7lacLmoytoQff0KWcH/F8TgzOajOAWvuJdcmgG7aEzx66XoFluwbjwh6raXDCQhOcaXJvXKMbbtkP9Ir5Q/p6vA7MOKh7RwwzSKrhgqcsV7ZLL+Sdb+wtGq/JDT7Wpp/KKb2pVD2mTosDG+wfQkFRfJvmI8R/vWTqi/SOPsBFRHoKG2xp6nL+PpzTiZ423dWpACSc3zcceO99GmMITnMeJ787suN2QjVyzEBJfBz+CzQBynenu+Q8qgsDIhxcKrnv3hFEyz6tnFgNVdlQ0WsNUPPorEp1ML/jyUp4Qx4l0JljkqNmh23/6Rl3AU/G9/IYRJ2pNGQUYBFSYxUwP8EzNXiuBuJqtbhAZkJck0eHZ+Tq2+GAbB808Ve6cg7+0CD6mpPiICVRIWttEBTbsK+7hrXyaqpM2tCqxQbx4JRYfoneMqZx6hSbH/TJRvLdDOmfEYehKut9RJQbhWDWGmKaHGG1af8nIkn0QMrk2STAmR4zbqvFNm1okZuOZDO5bY6cmjDRsIyYA5hGd3cOAMJFyv/TQKnE51qcfyWQiPvsjaR9j9UY75aoP/W4u92TiOjMEaPXrKJM95VPFnP2dMH8wikSoHjlFj563iF43c5waVytJhF+SSvg4jgWyV1W4NMpxGxl3CKN01ZXb/oTU041EWoUl1iGyn38VRcqZBbBndL5pXPYas4tAMWYMBF9N1u/TaH1y7LxPq0NyrLcRefTVCmXctJ48ksKDoYmAojQTX0pBU8Xr/6NpZT5hWd9C0xbG+hktf9u6jQNR2MkD189zeGgBf0qOJPOZlM+H6NYsl93ETMF3D8o/etfGdh1dCTsNyFRJEiIr5ejwBwS30AbtRWoh9tH81PRQABE6a0eCEkBkCqzNwFr7N9+MtSx7Pp4H2fyIRe9mZpbQI2jrOYn4tj96nprBz/6hDN0f
Content-Type: text/plain; charset="utf-8"
Content-ID: <A625B0DCBB2834408A6904D69C0CE401@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO6PR05MB7796.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 689ca687-e9eb-4575-5bcc-08dc5fdc5791
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2024 19:18:34.6338 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GROYUBuC7erwckCETzDELF5KqWC/513AB5EHLuN9Hnee3zXY14iprkXDIOhW/csR
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR05MB7420
X-Proofpoint-ORIG-GUID: wfDsJhJqcWw0Ap21MwRcJOGlgHEPlmdE
X-Proofpoint-GUID: wfDsJhJqcWw0Ap21MwRcJOGlgHEPlmdE
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-18_17,2024-04-17_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 bulkscore=0 spamscore=0 impostorscore=0 phishscore=0 adultscore=0 mlxlogscore=999 malwarescore=0 clxscore=1011 suspectscore=0 mlxscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2404010003 definitions=main-2404180139
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/hWNrI6-rJ_sm98RxyFMtJtJxXVQ>
Subject: Re: [secdir] Secdir last call review of draft-ietf-rift-applicability-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 19:19:20 -0000

Hmm, surprising comment a bit … 

RIFT draft has a serious security section in 6.9 and a serious security considerations sections in section 9 and IMO it belongs there. AFAIS those section cover extensively security models possible and all kind of threats/consdierations on secure implementations. Of course lots of that could be moved into applicability (should it? Is security “applicability” even and if so, which part of it? Guide how to deploy it securely? ) but I don’t think that’s the intention and I’m bits lost further what “specificity” means here specifically ;-)  e.g.   Key management considerations do not seem particularly specific to rift as a protocol AFAIS  unless what is desired is some RFC reference that describes key management in routing protocols and the pluses/minuses .

I understand the comment on the possible lack of glossary, the document is not an easy read without being familiar with at least the introduction parts of  RIFT document itself and its glossary. It’s hard to find a balance between starting to replicate lots of RIFT text/glossary in this document and not saying enough. IP fabric routing done by RIFT introduces a lot of concepts that are not present in “traditional IP routing” and the familiarity with this novel lens is necessary to process lots of this document. 

— Tony 

> On 18 Apr 2024, at 21:01, Watson Ladd via Datatracker <noreply@ietf.org> wrote:
> 
> [External Email. Be cautious of content]
> 
> 
> Reviewer: Watson Ladd
> Review result: Not Ready
> 
> I have completed the secdir review of draft-ietf-rift-applicability, part of
> the secdir effort to review all documents progressing to this stage in the
> IETF. These comments should be treated like any other in the the last call
> process. The result of the review is not ready.
> 
> I used to think I knew broadly what networking was, then I read this document.
> There's a fair number of terms that are new to me, and some more references
> might help develop understanding. But that's a minor editorial point.
> 
> More concerning is the complete absence of discussion of security, choosing to
> kick that to RIFT. That's despite a section about key management in the
> document, as well as discussion of operational scenarios that have implications
> for the choice of key management technology used. I'd like to see more here:
> it's an opportunity to spell out security considerations applicable to the
> scenarios with more specificity than in the RIFT drafts.
> 
> Sincerely,
> Watson Ladd
> 
>

v2.23.0 | Report a Bug | By Email